Alto MONITOR Bedienungsanleitung PDF herunterladen (Seite 18)

162 Panorama Administrator’s Guide

Use Case: Respond to an Incident Using Panorama Monitor Network Activity

 Forestall DDoS attacks by enhancing your DOS profile to configure random early drop or to drop SYN

cookies for TCP floods. Consider placing limits on ICMP and UDP traffic. Evaluate the options available

to you based on the trends and patterns you noticed in your logs, and implement the changes using Panorama

templates.

Create a dynamic block list (

Objects > Dynamic Block Lists), to block specific IP addresses that you have

uncovered from several intelligence sources: analysis of your own threat logs, DDOS attacks from specific

IP addresses, or a third-party IP block list.

The list must be a text file that is located on a web server. Using device groups on Panorama, push the object

to the managed firewalls so that the firewalls can access the web server and import the list at a defined

frequency. After creating a dynamic block list object, define a security policy that uses the address object in

the source and destination fields to block traffic from or to the IP address, range, or subnet defined. This

approach allows you to block intruders until you resolve the issue and make larger policy changes to secure

your network.

 Determine whether to create shared policies or device group policies to block specific applications that

caused the infection (web-browsing, SMTP, FTP), make more stringent URL filtering policies, or restrict

some applications/actions (for example, file downloads to specific user groups).

 On Panorama, you can also switch to the device context and configure the firewall for botnet reports that

identify potential botnet-infected hosts on the network.

1 2 ... 13 14 15 16 17 18

Keine Kommentare

Alto MONITOR Bedienungsanleitung Seite 18