Configuring Network Access Policy to control access to SSL-enabled websites and Non-web applications.

Similar documents
The webinar will begin shortly

Data Security: Fight Insider Threats & Protect Your Sensitive Data

IBM QRadar Security Intelligence April 2013

Introduction to PCI DSS

Security Intelligence

Addressing Security for Hybrid Cloud

IBM Security Systems Support

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

The Current State of Cyber Security

Let s talk about assets in QRadar

Under the Hood of the IBM Threat Protection System

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada

Introducing IBM s Advanced Threat Protection Platform

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

Protecting against cyber threats and security breaches

IBM Security. Managed Security Services. SOC Poland / GSOC. Damian Staroscic Security Operations Center (SOC) Manager.

Application Security from IBM Karl Snider, Market Segment Manager March 2012

Security strategies to stay off the Børsen front page

and Security in the Era of Cloud

IBM WebSphere Application Server Communications Enabled Applications

IBM Security Intelligence Strategy

Securing the Cloud infrastructure with IBM Dynamic Cloud Security

IBM Tivoli Network Manager 3.8

IBM Security QRadar Vulnerability Manager Version User Guide IBM

IBM Security QRadar Vulnerability Manager Version User Guide

Mobile Security. Luther Knight Mobility Management Technical Specialist, Europe IOT IBM Security April 28, 2015.

IBM SECURITY QRADAR INCIDENT FORENSICS

WORKING WITH WINDOWS FIREWALL IN WINDOWS 7

LOAD BALANCING 2X APPLICATIONSERVER XG SECURE CLIENT GATEWAYS THROUGH MICROSOFT NETWORK LOAD BALANCING

Business Process Management IBM Business Process Manager V7.5

Rational Asset Manager 7.2 Editions and Licensing

Single Sign-on (SSO) technologies for the Domino Web Server

IBM Security. Alle Risiken im Blick und bessere Compliance Kumulierte und intelligente Security Alerts mit QRadar Security Intelligence

QRadar SIEM 7.2 Windows Event Collection Overview

IBM Advanced Threat Protection Solution

Memory-to-memory session replication

Web servers and WebSphere Portal

IBM Security QRadar Risk Manager

Configuring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0

IBM Security SiteProtector System Migration Utility Guide

Web Security Firewall Setup. Administrator Guide

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

Integrating Juniper Netscreen (ScreenOS)

Best Practices with IBM Cognos Framework Manager & the SAP Business Warehouse Agnes Chau Cognos SAP Solution Specialist

Strengthen security with intelligent identity and access management

Biznet GIO Cloud Connecting VM via Windows Remote Desktop

IBM Security QRadar QFlow Collector appliances for security intelligence

Agent Configuration Guide

Technical Note. Configuring Outlook Web Access with Secure WebMail Proxy for eprism

Cisco Collaboration with Microsoft Interoperability

IBM Security IBM Corporation IBM Corporation

MultiSite Manager. Setup Guide

Strong Authentication for Microsoft TS Web / RD Web

BlackBerry Web Desktop Manager. Version: 5.0 Service Pack: 4. User Guide

Configuring Security for FTP Traffic

Lab Configuring Access Policies and DMZ Settings

Requirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module

Integrated SSL Scanning

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Internet Information Services (IIS)

Symantec Database Security and Audit 3100 Series Appliance. Getting Started Guide

IBM Security QRadar Risk Manager

NetBak Replicator 4.0 User Manual Version 1.0

Deploying NetScaler Gateway in ICA Proxy Mode

Installation Guide for Windows May 2016

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

Version 0.1 June Xerox WorkCentre 7120 Fax over Internet Protocol (FoIP)

QRadar SIEM 7.2 Flows Overview

Securing Outlook Web Access (OWA) 2013 with NetScaler AppFirewall

Virtual Contact Center

Remote Firewall Deployment

SafeNet Authentication Service

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008

MultiSite Manager. Setup Guide

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

IBM Security QRadar SIEM Version MR1. Vulnerability Assessment Configuration Guide

IBM Security SiteProtector System Configuring Firewalls for SiteProtector Traffic

Strong Authentication for Microsoft SharePoint

Intel Active Management Technology with System Defense Feature Quick Start Guide

IBM Security X-Force Threat Intelligence

2X SecureRemoteDesktop. Version 1.1

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Outlook Web Access 1.06

Pipeliner CRM Phaenomena Guide Sales Target Tracking Pipelinersales Inc.

NAS 224 Remote Access Manual Configuration

Lab Configuring Access Policies and DMZ Settings

IBM Tivoli Network Manager IP Edition V3.8

Encryption. Administrator Guide

Example - Barracuda Network Access Client Configuration

Packet Capture Users Guide

Continuous integration using Rational Team Concert

IBM Software Hadoop Fundamentals

ERserver. iseries. Networking TCP/IP Setup

App-ID. PALO ALTO NETWORKS: App-ID Technology Brief

uh6 efolder BDR Guide for Veeam Page 1 of 36

AvePoint SearchAll for Microsoft Dynamics CRM

Transcription:

Configuring Network Access Policy to control access to SSL-enabled websites and Non-web applications. Madhusudhanan Ravichandran and Sangram Palande L2 Technical Engineer IBM Security Systems February 01, 2016

Session Agenda Use Case 1. Configuring a domain certificate category in a Network Access Policy to control access to SSL-enabled websites. 2. Configuring XGS to control Non-web applications access over the network. 2

What is a NAP rule? 3

What is an Application object? Controls the types of applications and websites that can communicate across your network. Using four different types of application objects, you can control how desktop applications communicate across your network, or control access to certain types of web sites and web-based applications. What is a Domain certificate category? A domain certificate category is where we access a certain domain certificate while accessing the HTTP/HTTPS urls which is issued by the host where in our X-force has classified certain Domain certificate categories which are available in common. For Example: When a user tried to access a banking website we will access certain domain certificates issued by the banks in order to have a secure transaction. What is a Domain Certificate list? A Domain Certificate List can be used in a Network Access Policy to allow or deny access to a list of specific domains independent of a Domain Certificate Category. 4

Configuring a domain certificate category in a Network Access Policy to control access to SSL-enabled websites This use case describes how to configure a Network Access Policy to control the user s access to a specific Domain Certificate Category. In this example, XGS blocks the user s access to web storage sites using a Domain Certificate Category. Note: A Domain Certificate List can be used in a Network Access Policy to allow or deny access to a list of specific domains independent of a Domain Certificate Category. 5

Accessing the Network Access Policy Configuring a Network Access rule 6

On the Response tab, add the Event Log object to Added Objects. On the Source tab, add Any to Added Objects and leave the others in Available Objects. On the Destination tab, add Any to Added Objects and leave the others in Available Objects. 7

On the Application tab, Click New and select Domain Certificate Categories. 8

In the Add Domain Category window, specify the Name for the object. 9

On the Domain Categories tab, click the Filter parameters: Match : All Rules Column : Available Domain Certificate button and create a filter using the following Condition : Contains Value : Banking 10

The Filter returns a list of Domain Categories with web storage content. Add Banking - All to the Added Domain Certificates list. Click Save Configuration. 11

12

Deploying policy 13

Web Page blocked message when trying to access the bank website 14

View Network Access Events 15

Session Agenda Use Case 2. Configuring XGS to control Non-Web applications access over the network 16

In this session we are covering below points. What are Non-Web Applications? How to control Non-Web application access over the network? How to monitor Non-Web application access using XGS 17

What are Non-Web Applications? Non-Web applications are Installed on user workstation or enabled using an executible file. Cannot be accessed using web browser. Some non-web applications use predefined ports to send traffic over the network. These applications can be blocked using specfic TCP/UDP ports by network device. Example: Microsoft Remote Desktop(3389), Telnet(23), SSH(22) Peer-to-peer (P2P) applications, instant messaging applications, and social networking applications use randomly assigned dynamic ports. These applications need to be blocked using application signature on the Network device. Example: Skype, bittorrent, Jabber. 18

Skype Desktop Application 19

Create New Network Access Policy Click the New button to open the Add Network Access Rule window. 20

Configuring a Network Access rule On the General Configuration tab, enter 1 in the Order field. Select the Enable check box. Set the Action to Reject. 21

On the Response tab, add the Event Log object to Added Objects. 22

On the Source tab, add Any to Added Objects and leave the others in Available Objects. 23

On the Destination tab, add Any to Added Objects and leave the others in Available Objects. 24

On the Application tab, Click New and select Non-Web Application. 25

*Note: XGS provides a limited number of application categories, including commonly used applications that you might want to reject or to allow access to your network. 26

In the Add Non-web Application Object window search for key work 'skype', specify the Name and select the Skype VOIP, Instant Messaging check box. 27

On the Restriction tab, select Any for the Protocol and click Save Configuration. * Note: This tab can be used to select any specific port to be blocked by the user. 28

Add the newly created Non-web Application object 'Skype' to Added Objects 29

On the Inspection tab, add the Default IPS object to Added Objects. 30

On the Schedule tab, leave Added Objects empty. Click Save Configuration. 31

Deploying Policy Click on Deploy to apply the configuration changes. 32

Updated network Updated Network Access Policy View 33

View Network Access Events 34

Skype Blocked using Network Access policy 35

References 1. http://www-01.ibm.com/support/docview.wss?uid=swg21700929 2. https://www-1.ibm.com/support/knowledgecenter/sshlhv_5.3.2/ com.ibm.alps.doc/tasks/alps_configuring_network_protection_policy_rules.htm 3. https://www-1.ibm.com/support/knowledgecenter/sshlhv_5.3.2/ com.ibm.alps.doc/tasks/alps_configuring_nonweb_application_objects.htm? lang=en 36

Questions?

Subscribe to our Channel https://www.youtube.com/user/ibm SecuritySupport

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. THANK YOU www.ibm.com/security Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information