Planning to deploy 2000 agents on desktops. My questions is what is the best way to add rules to a group so that i can modify them as I fine tune the application.
Here is what i think, please let me know if i am wrong. The computers would be part of desktop policy(inbuilt). If i need to fine tune a rule, i will copy that rule within the policy and give it a higher priority(deny or allow) so that it overrides the original rule), is this the right way?
Also, do i need any more default policy in addition to the default desktop policy. How about a Test policy where i can put custom made rules, any ideas?
you should deploy the agents with rule modules you think which matches your security policy. Firewall/Desktop/NetworkShield or whatever. Put them in your own Policy, so its easier to add or remove rule modules later. I prefer making my own rule module too and just use the available rules and of course my own.
But the most important part is to implement them in test mode. (try it on a handful systems) In test mode its easy to see what exceptions you have to make. for example svchost.exe talking to a domaincontroller, needs three exceptions in the network shield rule in my environment. Those exceptions are quiet easy to make with the wizard. just look at the events and the client triggerd "alerts".
The wizard also can generate new application classes if theres an application it don't know yet.
After the fine tuning you can remove the test mode.
Maybe its useful to activate a learning mode afterwards.
I am trying to use the wizard to quite some applications on our systems that are noisy like the svchost, please could you tell me more how you use the wizard to tell the system to ignore messages generated by some trusted files.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...