User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherOMNIACCESS SAFEGUARD CONTROLLER

361

362

363

364

365

366

367

368

369

370

OmniAccess SafeGuard OS Administration Guide

367

Chapter 10: Detecting and Isolating Malware Security Threats

In the following example, a rule or filter called “worm1” is created. The source endpoint

for worm1 is IP address 192.168.0.2 with any destination over TCP port 1275. When a

match is found, the rule drops the packet. The filter has a precedence of 500.

(SafeGuardOS) (policy-malware) #filter worm1 from host 192.168.0.2 to any TCP

1275 action deny 500

(SafeGuardOS) (policy-malware) #

In the next example, filterfix1 allows any endpoint to access Microsoft’s update page:

(SafeGuardOS) (policy-malware) #filter filterfix1 from any to domain

windowsupdate.microsoft.com TCP 1275 permit

(SafeGuardOS) (policy-malware) #

Attaching the Policy to the User Roles

Attach the malware remediation policy to the various user roles that are defined in the

system. Use the malware-policy command in user-role submode, with the following

syntax:

malware-policy name

In following example, we attach the malware policy to the two default roles

“unauthenticated” and “authenticated”.

(SafeGuardOS) (config) # user-role unauthenticated

(SafeGuardOS) (user-role) # malware-policy Allow-to-Remediation-Server

(SafeGuardOS) (user-role) # exit

(SafeGuardOS) (config) # user-role authenticated

(SafeGuardOS) (user-role) # malware-policy Allow-to-Remediation-Server

(SafeGuardOS) (user-role) #

Configuring for Domain Name Service (DNS) Server Support (optional)

If specifying a domain name as the destination on a filter, SafeGuard OS offers some

additional customization to support DNS, as follows:

■ Configuring DNS Server IP Addresses

■ Configuring a Refresh Rate

precedence

number

Each policy filter has an associated precedence

which sorts the filters with in the policy. The

precedences have a valid range of 1(highest)

to 65535 (lowest). If a precedence number is not

supplied, the system assigns a precedence. For

an overview to precedence numbers and auto-

precedence, see Displaying Policy

Configurations on page 327.

Syntax Description name A name that identifies the policy.