20
©
SOLIDA SYSTEMS INTERNATIONAL 2017
Testing that the new entry is blacklisted can be done by entering the domain in a web browser
and confirming that an event is generated for the domain.
7.3 Blacklisting IP Addresses
IP addresses can be entered into an IP address blacklist in a similar way a domain name is
blacklisted. To add an IP address to the user blacklist, press the button labeled “+ Add IP
Address”. Enter the IP address, IPv4 or IPv6. Select the desired action and severity level and
press the “Save” button. The new IP address will be added to the user blacklist.
7.4 Whitelisting IP Addresses
It is possible to add an IP address to a whitelist. If this is done, the security engine will ignore all
packets containing this IP address.
NOTE!
NEVER whitelist an IP address for a Domain Name Server (DNS server). Doing so will
cause the blacklist engine to skip checking DNS lookup packets. Checking DNS queries against
the blacklists is an essential part of the scanning process. Bypassing this will allow malicious
packets to flow freely in and out of the appliance without being noticed or blocked.
Whitelisting of IP addresses should only be done in very specific situations. Solida Systems
strongly suggests never whitelisting any IP addresses. The unwanted side effect might be that
the LAN side is left unprotected or only performs a limited amount of protection.
7.5 Uploading a Blacklist File
The window titled “My Domain Name Blacklist Entries” contains a button called
Upload File
.
This button allows for uploading user created lists to the blacklist engine. Currently it is only
possible to upload a file containing a VoIP style telephone number, which is being used for the
VoIP caller-blocking feature. Please refer to the appendix in this document for further
information about VoIP caller blocking.