Got it

Method for Firewalls and Security Sandboxes to Defend Against GlobeImposter 3.0

Latest reply: Mar 14, 2019 02:39:09 757 1 1 0

Hello everyone,

Today, I'd like to share with you the method for firewalls and security sandboxes to defend against globeImposter 3.0

1. Method for Firewalls and Security Sandboxes to Defend Against GlobeImposter 3.0

1.1 Use a USG series firewall to block ports.

Block ports 445, 3389, 135, and 139 on the firewall. The following uses port 445 as an example:

1.1.1 Log in to the firewall, choose Object > Service > Service, and click Add to create a service.152010flpo9co8kh9iog8k.png

1.1.2 Name the service and set the destination port to 445. Configure other ports in the same way.152010hih3qcmmbhqyyhqy.png

1.1.3 Choose Policy > Security Policy > Security Policy and click Add Security Policy to create a security policy.3

1.1.4 Reference the created service in the policy and set the action to Deny.

152011bmkdi1wk0z2khd0q.png

1.1.5 Enable the security policy and move it to the top of the policy list.

152011zmna4a4p3ozo6nn1.jpg

1.1.6 Save the policy configuration. Otherwise, the configuration may be lost after the firewall restarts.

6

 

1.2 Use a USG series firewall for content security protection.

1.2.1 Update the IPS and antivirus signature databases to the latest versions (20190306 or later versions).

(1) Online update: If the firewall is connected to Huawei security center (sec.huawei.com), update the signature databases online. Choose System> Update Center and click Update Immediately.

152012j4r6o4zlpq7aqoh0.png

 

(2) Local update: If the firewall is not connected to Huawei security center (sec.huawei.com), update the signature databases locally.

 

(a) Log in to Huawei security center and download the IPS and antivirus signature databases based on the firewall model and version.

152012npjxpupp4jv1bbl0.png

(b) On the firewall, choose System > Update Center, click Update Locally, and import the corresponding signature databases.

152012ec78v0nim7dagin8.png

1.2.2 Reference the IPS and antivirus functions in the security policy.

Choose Policy> Security Policy and reference the default antivirus and intrusion prevention profiles in the corresponding rule.

152012mygke8dslymdd4me.png


1.2.3 Submit and save the policy configuration. The defense functions take effect.11

 

1.3 Use a sandbox to collaborate with the USG series firewall for content security protection.

1.3.1 Sandbox configuration

(1) Template download

Download the OS template from https://support.huawei.com/enterprisesoftware/SoftwareVersionActionNew!showVDetailNew?idAbsPath=fixnode01|7919710|9856724|21782134|21450977|21264217&pid=21264217&vrcid=22893894&lang=en.152013jlc8cl6wra88sb0w.png

 

(2) Template import

Import a sandbox VM template using commands.

Run the FTP command to import the template. For example, store the template in /data/win_cn_64.zip.

Run the cd $SEC_HOME/engineering/kvm/windows/script command.

Run the ./install_template.sh /data/win_cn_64.zip command.

Import a sandbox VM template on the web UI.

Prerequisites: The OS template has been uploaded to the required FTP/SFTP server.

Connect to the file server. After the template is downloaded, import the template. If the download fails or the downloaded file is not the required one, you can delete the template, and then download and import the template again.

The import process and result are displayed in the Import Result list.

152013bw1dy6kllkzzshe1.png

 

(3) Template configuration

Prerequisites: The OS template has been imported to the detection node.

The maximum number of configured OS templates varies according to host models (4 for FireHunter6100, 12 for FireHunter6200, and 30 for FireHunter6300). In the cluster scenario, configure templates for each host.

 152014auviu5g3xgsdsxzi.png

(4) Signature database update

Log in to Huawei security center (sec.huawei.com) and download the signature database for manual update.14152014ikm7izkx7n8nzsof.png152015hdepdidahtkaugtt.png43

 

(5) Template application

152015lummqnlgggfwgmgg.png

1.3.2 Configure interworking between the sandbox and firewall.

(1) Log in to the sandbox and configure it.

152015cc3z3c6sj5m5y6hz.png

152016wqecy3nmkk1cyk35.png

(2) Log in to the firewall and configure it.

152016ntvc557zkt7kcot5.png152016lhfyd5f4w2pyydw2.png152017gbxbadgzaxz2x3df.png

Note: If only sandbox interworking is required, configure and apply only the APT defense profile.

152017jjh3i91e100zbshb.png152017jj3wfjkatj3am56k.png152018k75w088mm97unkw7.png152018r816bbe86f38wr18.png152017or1s8kdl26h8wdl7.png

This is what I want to share with you today, thank you!

 

 


  • x
  • convention:

Scott_Qing
Created Mar 14, 2019 02:39:09 Helpful(0) Helpful(0)

I did this last year,
View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.