Scribd Logo
Upload

Welcome to Scribd!

  • 31 views

    Scenario: Fine Tuning and Outbound Protection: Description

    Uploaded by

    Abdias Vazquez Martinez
    This lab focuses on fine-tuning rate-based blocking thresholds and enabling outbound protection on a Pravail APS device. The key steps are: 1. Use profile capture to monitor traffic and tune rate-based blocking countermeasures for things like bits per second, packets per second, request limits, and URL limits. 2. Configure ATLAS threat categories for inbound and outbound protection. 3. Enable the outbound threat filter and set its protection level and mode. 4. Review the profile capture data and auto-tune the thresholds. 5. Monitor the summary page for any blocked threats according to ATLAS categories inbound or outbound.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Scenario: Fine Tuning and Outbound Protection: Description

    Uploaded by

    Abdias Vazquez Martinez
    31 views4 pages
    This lab focuses on fine-tuning rate-based blocking thresholds and enabling outbound protection on a Pravail APS device. The key steps are: 1. Use profile capture to monitor traffic and tune rate-based blocking countermeasures for things like bits per second, packets per second, request limits, and URL limits. 2. Configure ATLAS threat categories for inbound and outbound protection. 3. Enable the outbound threat filter and set its protection level and mode. 4. Review the profile capture data and auto-tune the thresholds. 5. Monitor the summary page for any blocked threats according to ATLAS categories inbound or outbound.

    Original Description:

    lab6 arbor

    Original Title

    54_APS_Lab6

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This lab focuses on fine-tuning rate-based blocking thresholds and enabling outbound protection on a Pravail APS device. The key steps are: 1. Use profile capture to monitor traffic and tune rate-based blocking countermeasures for things like bits per second, packets per second, request limits, and URL limits. 2. Configure ATLAS threat categories for inbound and outbound protection. 3. Enable the outbound threat filter and set its protection level and mode. 4. Review the profile capture data and auto-tune the thresholds. 5. Monitor the summary page for any blocked threats according to ATLAS categories inbound or outbound.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    31 views4 pages

    Scenario: Fine Tuning and Outbound Protection: Description

    Uploaded by

    Abdias Vazquez Martinez
    This lab focuses on fine-tuning rate-based blocking thresholds and enabling outbound protection on a Pravail APS device. The key steps are: 1. Use profile capture to monitor traffic and tune rate-based blocking countermeasures for things like bits per second, packets per second, request limits, and URL limits. 2. Configure ATLAS threat categories for inbound and outbound protection. 3. Enable the outbound threat filter and set its protection level and mode. 4. Review the profile capture data and auto-tune the thresholds. 5. Monitor the summary page for any blocked threats according to ATLAS categories inbound or outbound.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 4

     

    Lab 6
    Scenario: fine tuning and outbound protection

    Overview

    Description
    In this lab we will finish prevention tuning of Pravail APS and enable
    outbound protection. These actions are typically performed before the
    device is deployed in production mode when there is no active DDoS attack.

    Objectives
    After completing this lab, you will be able to do the following:
    • Use Profile Capture to tune rate-based blocking countermeasures;
    • Configure and monitor Outbound Threat Filter;
    • Use ATLAS Threat Categories in Pravail APS

    Equipment/Tools
    The following equipment is required to complete this lab:
    • web browser
    When accessing training labs, you will be prompted for Training Portal
    Authentication. Use following credentials:
    • Login: student54
    • Password: 43xXBAJD89

    Estimated Completion Time


    • The estimated completion time for this lab is 30 minutes.

    L6-1
    Student 54
    Fine tuning and outbound protection
    Lab 6

    Enabling profile capture

    1. Navigate to Protect -> Server Type Configuration, select Web Server


    type

    2. Configure high threshold such as 999999999 on current protection level


    for following settings:

    • Rate-based blocking bits per second threshold

    • Rate-based blocking packets per second threshold

    • HTTP Request Limit

    • HTTP URL Limit

    • ICMP Flood detection maximum bps

    • ICMP Flood detection maximum pps

    • UDP Flood detection maximum bps

    • UDP Flood detection maximum pps

    • Fragment Detection maximum bps

    • Fragment Detection maximum pps

    3. Make sure that all preventions mentioned above are enabled and save
    configuration

    4. In Options drop-down at the top of the page choose Profile Capture

    5. Start profile capture

    ATLAS Threat Categories and Outbound Threat Filter


    While profile capture is ongoing, let’s enable ATLAS threat categories and
    configure outbound threat filter.
    First, let’s enable ATLAS threat categories for inbound protection

    1. Navigate to Protect -> Server Type Configuration

    2. For Generic Server enable Threat Categories on all protection levels

    3. Select Web Server from Standard Server Types drop down

    4. For Web Server enable Threat Categories on all protection levels


    L6-2 Student 54 Pravail APS 5.6
    Lab 6 Fine tuning and outbound protection

    5. Save your configuration

    Now, let’s enable ATLAS threat categories for outbound protection

    1. Navigate to Protect -> Outbound Threat Filter


    2. Click on gear icon to configure settings
    3. Enable ATLAS Intelligence Feed Threat Categories for all protection
    levels
    4. Change Protection Level of Outbound Threat Filter to Low, so it does
    not depend on global protection level
    5. Change Protection Mode to Active
    6. Save configuration

    Using profile capture for tuning

    At this point, some data should be available for network profile capture.
    Let’s finish tuning of countermeasures and after that check if there are any
    hit of ATLAS threat categories for inbound or outbound direction

    1. Navigate to Protect -> Server Type Configuration, select Web Server


    type

    2. Click through all available profile icons to see relevant histograms. Use
    “Auto” button to configure the protection according to observed traffic
    profile. Make sure that following thresholds are configured to at
    least following values:

    • Rate based blocking bits per second: 1000000

    • Rate based blocking packets per second: 1000

    • HTTP Request Limit: 20

    • HTPT URL Limit: 10

    3. Save your configuration.

    Monitoring offenders of ATLAS threat categories

    1. Navigate to Summary page. See if there are any hits on Inbound or


    Outbound Blocked Threats for ATLAS threat categories.

    2. From context menu of any category select Learn More item. Study
    category description.

    Student 54 L6-3
    Fine tuning and outbound protection
    Lab 6

    3. To see IP addresses that generated offending packets, select Blocked


    Hosts item from context menu

    4. Finally, navigate to Protect->Outbound Threat Filter to see total


    amount of traffic blocked in outbound direction

    This completes the lab exercise.

    L6-4 Student 54 Pravail APS 5.6

    You might also like