Network security advanced training - May

網絡攻擊通常會用到Scanner進行漏洞探測,所以必須開啟漏洞防掃描功能 (Scanner Blocker)

AF Waf APP Firewall 中，可手動添加配置https(443) 識別ssl traffic,進行防禦

在開啟Application Hiding的情況下開啟bypass功能,仍能見到返回錯誤碼4xx,5xx的網頁被替換.

[Privilege]—[URL access]中 針對特定的url allow之後,任然會受其他WAF policy控制.

針對internal Server Scenario template 中建議選擇” Server Protection” 和 ” Brute-Force attack” 兩個選項

針對Internet Access Scenario: template 中建議選擇” Endpoint Protection” 和 ” Malware” 兩個選項

客戶使用web業務為http 9999 port ,能自動識別

客戶使用web業務為http 8081 port ,能自動識別

為了block http 業務的SQL injection ,必須要開啟SSL Decryption

Firewall要檢查XXE attack,無須開啟XML 解析(XML Parse)也能識別攻擊行為

File upload restriction 功能中,list 裡面的是允許upload 的文件類型

客戶Http Web Server通過Loadbalance 設備進行負載均衡,Firewall部署位置在SNAT後,需要配置Logging Options 中的Header Field.

If you need a POC license, need export profile(device information) to sangfor post-sale team

The entire network behaviour management realizes accurate asset identification through the analysis of protocol traffic such as tcp/dhcp/arp/http.

If License Expires, access control policy functions cannot be edited or configured, and the existing configurations cannot take effect

Ingress client audit license is free in version 13.0.15

Endpoints can be controlled with more granular policies based on endpoint types.

Virtual IAM such as vmware vIAM and HCI vIAM not support upgrade to IAG13.0.15

IAM 12.0.44 not support upgrade to this version.

IAG13.0.15 can forward logs and report to Cyber command