Security Customer Support Site

INSTRUCTIONS FOR THE INFORMATION SECURITY CHANGE TOOL

 

The change request tool is intended to serve as the primary tool for processing normal change requests related to an information security connection.

 

Specify the order delivery time, according to which the request is fulfilled. The requests are fulfilled according to the selected delivery time. 'Next business day' means that the request is fulfilled by 4:00 pm on the next business day. 'Timed' means that the change can be made at a desired point in time, however no sooner than after at least two weekdays. 'Express' means that the request is fulfilled within two hours of being submitted. '8h (24/7)' means that the request is fulfilled within eight hours from being submitted. * marked fields are mandatory fields

 

Figure: Specifying the delivery time

 

The requester’s details are specified in the ‘Name’, ‘Email’ and ‘Phone’ fileds, and they are received automatically from the user details. These details can be changed, if information on the change is to be delivered to another person than the requester.

 

Figure: Specifying the requester's details

 

The connection to which the change is to be made is specified in the 'Connection’ menu. The service to which the change is to be made is selected in the ‘Target of the change’ menu. The ‘Target of the change’ menu shows only the services specified for the information security connection in question.  All change targets of the connection are not shown with all delivery methods, e.g. a LAN-TO-LAN VPN order is not available as an express order. There are separate instructions for the change targets. In the ‘Change type’ menu it is specified whether the request relates to an addition, change or deletion. The firewall rules can be seen if ‘Rule base’ is selected.

 

Figure: Specifying the connection, the target of the change, and the change type

 

In the 'Change details’ field, the change requested is specified. The obligatory information required in order for the request to be fulfilled is requested in the ‘Change details’ field. The obligatory information on the target of the change is pre-filled in the ‘Change details’ field. Filling in this information ensures that the request can be fulfilled. If information is missing from the ‘Change details’ field, our specialist has to take actions to look for it. If the order is defective, we cannot guarantee that the delivery takes place within the estimated delivery time.

 

Figure: Specifying the change

 

After the change has been specified, it is possible to add changes to the request by clicking "Add change". The request can be submitted by clicking “Send request”. Under “Add”, select “Save request” or “Cancel request”. Under “Add”, it is also possible to cancel a request that has already been sent, if the processing of the request has not yet been started by selecting “Return request”.  Attachments can be added to the request by clicking “Add attachments”.

 

 

Figure: Adding changes, sending the request, adding attachments, and specifying other functions

 

When the request has been fulfilled, the user specified in the request receives an acknowledgement to this end by email. Telia can return the request if more information is required and Telia has been unable to reach the requester by phone. A notification is also sent to the requester’s email on a returned request.

 

Different change targets can be found in the table, and if you select a target, you can see a more detailed general description of the service, the issues to be specified and the order instructions.

 

Change targets

1 Firewall rule change. 5

2 Object change. 7

3 Network address translation (NAT) 10

4 LAN-to-LAN VPN.. 12

5 Routing/Antispoofing change. 14

6 Web filtering. 16

7 Application and bandwidth control 20

8 Antivirus service. 24

9 Botnet protection. 29

10 Intrusion prevention. 34

11 User awareness. 36

12 Advanced Threat Protection. 37

13 Access right request 42

14 Expert work. 42

15 Standby. 43

16 Reporting and logs. 43

17 Other configuration change. 43

 

 

 

 

1 FIREWALL RULE CHANGE

 

Firewall rules filter traffic between two data communications networks, for example the company’s LAN or subscriber line and the Internet, as specified in the firewall rules.

With firewall rule changes, you can request new rules, changes to the existing rules and their deletion.

 

1.1 Rule request

 

In the following, you will find a picture of a firewall rule base and descriptions of the settings to be ordered by a firewall rule request.

 

Figure: Firewall rule.

 

Specifying the rule number (No.)

The rule number specifies the point in the rule base where the rule is read. The firewall checks the rule base against the connection details in sequential order and stops when it finds a match. For this reason, the rule numbers are important.

 

Specifying the rule name

Give a name to the rule. The name will remain unchanged in the rule base. The name can include up to 30 characters.

 

Specifying the source

Specify the source address or addresses used. The source address can be an individual IP address, an IP network address, an object group including several IP addresses, IP networks or groups, and users or user groups or devices or device groups obtained from a user directory.

 

Specifying the destination

Specify the destination address to be used. It can be an individual IP address, an IP network address, machine, machine group or an object group including several IP addresses, networks, machine, machine group or groups.

 

Specifying the service

The TCP/UDP port(s), service(s) and group(s) to be used are specified in the service.

 

Specifying the action

The following options are available when the action is specified:  

·       Accept, i.e. accept the traffic.

·       Reject, i.e. reject the traffic. This differs from Drop in that the firewall informs the party attempting to establish a connection about the disconnection.

·       Drop, i.e. drop traffic.

 

Specifying the rule log

Specify whether the rule in question is to be tracked.

 

Specifying the time of validity of the rule (Time)

Specify when the rule is valid. If the time is not specified, the rule is always valid. Here you can specify, for example, that the rule is valid only on weekdays. The available options are:

When the rule is activated or when the rule expires.  E.g. activated 31-1-2015-08:00 and expires 31-12-2015-16:00.

The validity of the rule is restricted to a certain period of time or certain weekdays or certain days of the month. E.g. the rule is valid 08:00-16:00 Monday-Friday.

 

Specifying a comment

The comment is a free text attached to a rule.  

 

Requesting a rule and sending it to implementation

When you have made the specifications, select ‘Send request’ or, to add new changes, select ‘Add change’. When all the necessary specifications have been made, press ‘Send request’, and the request is submitted to Telia for implementation.

 

Example of a rule request

 

Rule number: 1

Rule name: Internet traffic

Source address: Intra_1.1.1.0m0

Destination address: Any

Service: http, https

Action: Accept

Log: No

Comment: Internet traffic of the organization

 

1.2 Rule change request

 

Specify the rule to be changed and the change to be made. A rule change request should include the name of the rule or at least the number of the rule to be changed.

 

Example of a change request

 

Rule number: 1

Rule name: Internet traffic

Change to be made: Add the network Intra_1.1.2.0m0 to the source addresses.

 

1.3 Rule deletion request

 

Specify the rule to be deleted. A rule deletion request should include the name of the rule to be deleted or at least the rule number.

 

Example of a deletion request

 

Rule to be deleted: Number: 1

Name of the rule to be deleted: Internet traffic

 

Return change targets table

 

2 OBJECT CHANGE

 

Objects are used when the rule base of an information security device is specified. The object can be an address, network, user, group, user group, service or service group.

 

With a firewall object change, you can order new objects, changes to existing objects and their deletion.

 

Each new object must be given a name containing up to 50 characters. The name should preferably disclose the type, context and content of the object. In addition, further information on each new object can be provided in the Comment field. The comment can contain up to 80 characters.

 

The objects that can be modified are described below:

 

Host

A host object contains a single IP address. The address (IP address, e.g. 192.168.1.1) or 2001:db8:85a3::8a2e:370:7334 for IPv6.

 

Figure: Host object

 

Network

A network object includes an entire network with masks. Address (IP address, e.g. 192.168.1.0 or 2001:db8:85a3::8a2e:370:7334 for IPv6). Mask (network mask, e.g. 255.255.255.0 or 120 for IPv6).

 

Figure: Network object

 

IP Range

An IP range object includes a range of IP addresses, e.g.192.168.1.1 – 192.168.1.10 or 2001:db8:85a3::8a2e:370:7334 – 2001:db8:85a3::8a2e:370:7340 for IPv6.

Figure: IP range object

 

Service

A service object includes the protocol and the port. Protocol, e.g.TCP/IP, UDP, http. Port, e.g. tcp888.

 

Figure: Service object

 

Object and service group

An object and service group includes a number of other objects. Thus, an object group may contain hosts, networks, IP ranges and object groups. An object group can only include objects of the same IP version.

E.g. a group including IP addresses, Intra_verkot, includes the objects yritys_10.10.10.10 and yritys_10.10.20.0m0.

 

Figure: Group object

 

A service group can include services and service groups.  E.g. A group including service groups, Intra_Palvelimen_portit, includes the ports tcp 400–402 and tcp 8001.

 

Figure: Service group object

 

2.1 Object request

 

Specifying the object type

Specify whether a host, user, network, service or group object is concerned.

 

Specifying the object name

Give a name to the object. The name can contain up to 50 characters.

 

Specifying the object content

Specify what the object includes (IP addresses, networks, etc.).

 

Specifying the object comment

Enter a comment on the object, if necessary.

 

Object request and sending it to implementation

When you have made the specifications, select ‘Send request’ or, to add new changes, select ‘Add change’. When all the necessary specifications have been made, press ‘Send request’, and the request is submitted to Telia for implementation.

 

Example of a request for a new object

 

Specifying the object type: Host object;

Specifying the object name: Intra_1.1.1.1

Specifying the object content: 1.1.1.1

Specifying the object comment: Intranet server

 

2.2 Object change request

 

Specify which object is to be changed (name) and the change to be made.

 

Example of an object change request

 

Name of the object to be changed: Intra_1.1.1.1

New name to be entered for the object: Intra_1.1.1.3

New content to be entered for the object: 1.1.1.3

New comment to be entered for the object: to remain unchanged

 

2.3 Object deletion request

 

Specify the object to be deleted (name). NB: The object in question will then be deleted from the information security connection and, if it is used as the only object in the rule, it will be replaced by the object 'Any’.

 

Example of an object deletion request

 

Name of the object to be deleted:  Intra_1.1.1.1

 

Return change targets table

 

3 NETWORK ADDRESS TRANSLATION (NAT)

 

NAT (network address translation) rules specify which addresses or services are to be translated into which addresses or services. The rules are similar to those used in a standard rule base to specify the traffic to be allowed or blocked.

 

The original source and destination address and service must be specified. If the traffic meets these criteria, the changes specified in the following fields will be carried out, i.e. it determines whether the used source or destination address or service is translated or not.

 

A NAT request can be used to order new network address translations, changes to them or their deletion.

 

3.1 Network address translation rule request

 

In the following, you will find a picture of a NAT rule and descriptions of the settings ordered with a NAT request.

 

Figure: NAT rule

 

Specifying the rule number (No.)

The rule number defines the point in the rule base where the rule is read. The information security device checks the rule base against the connection details in sequential order and stops when it finds a match. For this reason, the rule numbers are important.

 

Specifying the original packet source

Specify the original source address used. It can be an individual IP address, an IP network, or an object group including several IP addresses, IP networks or groups.

 

Specifying the original packet destination

Specify the original destination address used. It can be an individual IP address, an IP network or an object group including several IP addresses, networks or groups.

 

Specifying the original packet service

The TCP/UDP port, service or group to be used are specified in the service.

 

Specifying the translated packet source

Specify the translated source address. It can be an individual IP address, an IP network, or an object group including several IP addresses, IP networks or groups.

 

Specifying the translated packet destination

Specify the translated destination address. It can be an individual IP address, an IP network or an object group including several IP addresses, networks or groups.

 

Specifying the translated packet service

Specify the translated TCP/UDP port or service.

 

Specifying a Comment

The comment is a free text attached to a rule.  

 

Saving a rule and sending a request for implementation

When you have made the specifications, select ‘Send request’ or, to add new changes, select ‘Add change’. When all the necessary specifications have been made, press ‘Send request’, and the request is submitted to Telia for implementation.

 

Example of a rule request, translation of single network address

 

Rule number: 1

Original source address: Yritys_10.10.10.10

Original destination address: Any

Original service: Any

Translated source address: Yritys_172.2.1.1

Translated destination address: Any

Translated service: Any

Comment: Translation of the address of the intranet server

 

Example of a rule request, translation of several network addresses to a single address (Hide-nat)

 

Rule number: 1

Original source address: Yritys_10.10.10.0m0

Original destination address: Any

Original service: Any

Translated source address: Yritys_172.2.1.1

Translated destination address: Any

Translated service: Any

Comment: Intranet address translation.

 

3.2 Network address translation rule change request

 

Specify the rule to be changed and the change to be made.

 

Example of a change request

 

Rule number: 1

Change to be made: Replace the original source address by the network Yritys_10.10.11.0m0

 

3.3 Network address translation rule deletion request

 

Specify the NAT rule to be deleted.

 

Example of a deletion request

 

Rule to be deleted: Number: 1

Original source address: Yritys_10.10.10.10

Original destination address: Any

Original service: Any

Translated source address: Yritys_172.2.1.1

Translated destination address: Any

Translated service: Any

Comment: Translation of the address of the intranet server

 

Return change targets table

 

4 LAN-TO-LAN VPN

 

The VPN functionality allows strongly encrypted IPSec VPN connections to be set up between the customer’s offices or the customer’s partners.

 

With a VPN change request, you can order new VPN connections or changes to existing VPN connections or their removal.  If the firewall supports IPv6 addresses, you can also specify a new IPv6 VPN. Different IP versions cannot be mixed in a VPN, but all addresses and objects must be of the same IP version. To allow the VPN connection to be implemented, a VPN change request must include the following information:

·       General VPN details, such as the requested delivery time and the details of the other party. LAN-to-LAN change request information will be send to other party technical contact person by email

·       VPN parameters

·       Internal and external IP addresses, i.e. the networks that operate on the VPN connection and the traffic of which is encrypted

·       Further details concerning the order, such as the services/ports to be activated for the connection.

 

4.1 LAN-to-LAN VPN connection request

 

Specifying the general details

Specify the details of the other party of the VPN connection in the general details. This information is needed when the VPN connection is specified. The necessary details include the following:

 

·      Company name (if external company)

·      Technical contact person who makes the configuration at the other end

·      E-mail address of the technical contact person

·      Mobile phone number of the technical contact person (a pre-shared secret password is sent to this number).

 

Specifying the VPN parameters

·       Name of the VPN connection:

·       STARTING POINT OF VPN CONNECTION (enter the default interface here):

·       END POINT OF VPN CONNECTION:

·       Mode. The options are Main and Aggressive. ‘Main’ refers to normal negotiation complying with the IPSEC standard in the setting up of the connection, while ‘Aggressive’ overrides certain phases to speed up the negotiation.

·       Phase1 Diffie-Hellman group. This protocol protects the PKI key exchange.

·       Phase1 Encryption Algorithm. Phase 1 encryption algorithm for encrypting a phase 2 negotiation.

·       Phase1 Hash Algorithm. Phase 1 Hash Algorithm (uses a secure hash) secures phase 2 negotiation integrity.

·       Phase1 Lifetime seconds. The duration of phase 1 in seconds. Phase 1 is renegotiated (automatically) after the time is up.

·       Phase2 Perfect Forward Secrecy. Improves data security in case someone finds out the PKI key of the VPN connection by means of wiretapping.

·       Phase2 Lifetime seconds. The duration of phase 2 in seconds. Phase 2 is renegotiated (automatically) after the time is up.

·       Phase2 ESP/AH. ESP (Encapsulated Security Payload) encrypts the package. AH (Authentication Header) only checks the integrity of the package.

·       Phase2 Encryption Algorithm. Phase 2 encryption algorithm for traffic encryption.

·       Phase2 Authentication Algorithm. Phase 2 Hash Algorithm (uses a secure hash) secures phase 2 traffic integrity.

 

NB: The VPN parameters between the VPN devices must be perfect matches, and all devices do not necessarily support all the options offered by the tool.

 

Specifying internal addresses

Specify those internal IP addresses with their network masks that will operate on the requested VPN connection.

The internal addresses specify which networks participate in the VPN connection. You can specify several networks. Firewall rules can be used for specifying in more detail the IP addresses that are allowed to operate within the VPN connection, and thus host definitions are not recommended.

 

Specifying external addresses

Specify those IP addresses with their network masks that will operate on the requested VPN connection from the other party’s VPN device.

 

Specifying further information

Specify further information related to the request. It is recommended to also enter the VPN-connection-related openings, i.e. the protocols allowed for the connection. If necessary, the rules can also be ordered separately with a firewall change request.

 

Sending a request for implementation

When you have made the specifications, select ‘Send request’ or, to add new changes, select ‘Add change’. When all the necessary specifications have been made, press ‘Send request’, and the request is submitted to Telia for implementation.

 

Example of a VPN change request

 

Contact details of the other party of the VPN connection

Company name: Company Ltd

Name of the technical contact person: Ted Tester

E-mail address of the technical contact person: ted.tester@company.fi

Mobile phone number of the technical contact person: 0401234567

 

Specifying the parameters of the VPN connection

Name of the VPN connection: VPN-to-Partner

Starting point of VPN connection: 192.168.1.1

End point of VPN connection: 192.168.2.1

Mode (default main): main  

Phase1 Diffie-Hellman group (default group2): group2

Phase1 Encryption Algorithm (default aes256): aes256 

Phase1 Hash Algorithm (default sha-1): sha1

Phase1 Lifetime seconds (default 28000): 28000

Phase2 Perfect Forward Secrecy (default no-pfs): no-pfs

Phase2 Lifetime seconds (default 3600): 3600

Phase2 ESP/AH (default esp): esp

Phase2 Encryption Algorithm (default aes256): aes256

Phase2 Authentication Algorithm (default sha-1): sha1

 

Networks allowed on the VPN connection

Internal addresses: 10.10.10.0m0

External addresses: 20.20.20.0m0

 

Further details on the request: VPN-connection-related rules for the firewall at which all traffic is to be allowed

 

4.2 VPN connection change request

 

Specify the VPN connection to be changed and the change to be made.

 

Example of a change request

 

Name of the VPN connection: VPN-to-Partner

Change to be made: Adding the network 10.10.20.0m0 as the internal address.

 

4.3 VPN connection deletion request

 

Specify the VPN connection to be deleted.

 

Example of a deletion request

 

Delete the following VPN connection.

 

Name of the VPN connection: VPN-to-Partner

 

Return change targets table

 

5 ROUTING/ANTISPOOFING CHANGE

 

Dynamic routing (BGP) is used for the security device routing at the network interfaces of the internal network. The routing information is thus received at the security device, but a so-called antispoofing feature is activated on the device to check that there are only known networks at the network interfaces of the security device. For this reason, the networks advertised at the network interfaces of the internal network must always be added to the configuration of the security device.

With a routing/antispoofing change request, you can order new internal networks to be added to the security device, changes to the existing ones or their deletion.

 

5.1 Routing request

 

Specifying the IP version

Specify the used IP version.

 

Specifying the IP address and mask

Specify the IP network address and mask of the internal network.

 

Specifying the network interface to be routed

Specify the network interface of the internal network where the network is advertised.

 

Sending a request for implementation

When you have made the specifications, select ‘Send request’ or, to add new changes, select ‘Add change’. When all the necessary specifications have been made, press ‘Send request’, and the request is submitted to Telia for implementation.

 

Example of a routing/antispoofing request

 

The network address and mask to be routed: 10.10.10.0m0

Network interface of the route: eth1

 

5.2 Routing change request

 

Specify the route to be changed and the change to be made.

 

Example of a change request

 

The network address and mask to be routed: 10.10.10.0m0

Network interface of the route: eth1

Change to be made: Change the network interface of the route to eth2.

 

5.3 Routing deletion request

 

Specify the route to be deleted.

 

Example of a deletion request

 

Delete the following routing:

The network address and mask to be routed: 10.10.10.0m0

Network interface of the route: eth1

 

Return change targets table

 

6 WEB FILTERING

 

With a web filtering request, you can order new rules and user messages to the web content filtering service, changes to them and their deletion.

 

In web content filtering, the URL (Uniform Resource Locator) of a downloaded Internet page is compared with a database where web pages are pre-categorized into certain page categories. This functionality allows users to be informed in real time of web traffic restrictions, the risks of the Internet, and the information security policy of the organization.

 

Changes can be made to the scanned networks or users, destination addresses, category, functionality, user message, tracking, validity of the rule, and frequency band restriction.

 

6.1 Web filtering rule request

 

In the following, you will find a picture of the default rule for web filtering, which is activated when the service is introduced, and descriptions of the settings that are ordered with a web content filtering request.

 

Figure: Web content filtering rule.

 

Specifying the rule number (No.)

The rule number defines the point in the rule base of web filtering where the rule is read.

 

Specifying the rule name

Give a name to the rule. The name will remain unchanged in the rule base. The name can include up to 30 characters.

 

Specifying the source field

Specify the source address to be used. It can be an individual IP address, an IP network, a user / user group or an object group including several IP addresses, IP networks, users or groups.

 

Specifying the destination field

Specify the destination address used. It can be an individual IP address, an IP network or an object group including several IP addresses, networks or groups.

 

Specifying the web content filtering category (Applications/Site)

Specify the category used. To view the categories, select AppWiki in the GUI client. The categories are shown in the Tags field (NB: some of the categories scan only applications, not URLs).

 

 

Figure: The AppWiki view and the categories

 

Specifying the action (Action)

The following options are available when the action is specified:  

·       Block the traffic: A user can be notified of traffic blocking by means of a user message. The user message specifying here.

·       Allow the traffic: The frequency band of the traffic to be allowed can also be limited (Limit).

·       Inform: This means that the traffic is allowed, but the user is informed of the terms and conditions of use. The user message is specified separately. If necessary, it is possible to specify how often the user message is shown to the user (once a day, once a week, once a month; the shortest interval available is once an hour). The frequency band of the traffic can also be limited (Limit).

·       Ask: This means that the traffic is allowed, but the user is informed of the terms and conditions of use and requested to confirm the opening of the connection. The user message is specified separately. If necessary, it is possible to specify how often the user message is shown to the user (once a day, once a week, once a month; the shortest interval available is once an hour). The frequency band of the traffic can also be limited (Limit).

 

Specifying the tracking of the rule

Specify whether the rule in question is to be tracked.

 

Specifying the time of validity of the rule (Time)

Specify when the rule is valid. If the time is not specified, the rule is always valid. Here you can specify, for example, that the rule is valid only on weekdays. The available options are:

When the rule is activated or when the rule expires.  E.g. activated 31-1-2015-08:00 and expires 31-12-2015-16:00.

The validity of the rule is restricted to a certain period of time or certain weekdays or certain days of the month. E.g. the rule is valid 08:00–16:00 Monday–Friday.

 

Specifying a Comment

The comment is a free text attached to a rule.

 

Sending a request for implementation

When you have made the specifications, select ‘Send request’ or, to add new changes, select ‘Add change’. When all the necessary definitions have been made, press ‘Send request’, and the request is submitted to Telia for implementation.

 

Example of a rule request

 

Rule number: 1

Rule name: Prohibited web pages

Source address: Any

Destination address: Any

Categories: Alcohol, weapons

Action: Block, User message: Blocked message

Log: Yes

Comment: Prohibited web pages

 

6.2 Web filtering rule change request

 

Specify the rule to be changed and the change to be made.

 

Example of a change request

 

Rule number: 1

Rule name: Prohibited web pages

Source address: Any

Destination address: Any

Categories: Alcohol, weapons

Action: Block, User message: Blocked message

Log: Yes

Comment: Prohibited web pages

Change to be made: Change the source network to intra_10.10.10.0m0

 

6.3 Web filtering rule deletion request

 

Specify the rule to be deleted.

 

Example of a deletion request

 

Number of the rule to be deleted: 1

Rule name: Prohibited web pages

 

6.4 Web filtering user message request

 

In the following, you will find a picture of a web filtering user message (Block) and how it is shown in the browser, and also descriptions of the settings that can be made in the fields.

 

 

Figure: Specifying a user message.

 

Message type (Block/Inform/Ask)

The message can be a block, inform or ask message. A block message is sent, if the the traffic is not allowed. An inform message is sent to inform the user, who then selects either OK or Cancel. An ask message requests the user to confirm whether he or she approves the terms and conditions of use.

 

Message name

Give a name to the message.

 

Message comment

Specify a comment for the message. The comment is not shown in the user message.

 

User message main view

Specify the main view (main heading) to be shown on the top of the user message.

 

User message logo

Specify the logo to be shown in the user messages. Attach the logo to the request as an attachment file.

 

User message header

Specify a header for the user message information field.

 

User message information

Specify the contents of the user message.

 

Example of a user message request

 

Message type: Block

Message name: Blocked message

Message comment: Web content filtering Blocked message

User message main view: Web control

 

User message logo: Attached to the request

User message header: Web site blocked

User message information: Access to “web-site” is blocked according to the organization security policy.  For more information, please contact your helpdesk.

 

6.5 Web filtering user message change request

 

Specify the user message to be changed and the change to be made.

 

Example of a change request

 

Message name: Blocked message

Message comment: Web content filtering Blocked message

User message main view: Web control

User message logo: Attached to the request

User message header: Web site blocked

User message information: Access to “web-site” is blocked according to the organization security policy.  For more information, please contact your helpdesk.

Change to be made: Change the user message logo. The logo is in the file attached to the request.

 

6.6 Web filtering user message deletion request

 

Specify the user message to be deleted.

 

Example of a deletion request

 

Name of the message to be deleted: Blocked message

 

Return change targets table

 

7 APPLICATION AND BANDWIDTH CONTROL

 

With an application and bandwidth control request, you can order new rules and user messages to the application and bandwidth control service, changes to the existing ones and their deletion.

 

This functionality allows network use to be identified, allowed, prevented or limited application-specifically. Typical services to be identified are social media applications, video services and file sharing services. The technology identifies thousands of different applications and their sub-applications. This functionality allows users to be informed in real time of application use limitations, the risks of the Internet, and the information security policy of the organization.

 

Changes can be made to the scanned networks or users, destination addresses, applications, functionality, user message, tracking, validity of the rule, and frequency band restriction.

 

7.1 Application and bandwidth control rule request

 

In the following, you will find a picture of the default rule for application and bandwidth control, which is activated when the service is introduced, and descriptions of the settings ordered with an application and bandwidth control request.

 

Figure: Application and bandwidth control rule

 

Specifying the rule number (No.)

The rule number defines the point in the application and bandwidth control rule base where the rule is read.

 

Specifying the rule name

Give a name to the rule. The name will remain unchanged in the rule base. The name can include up to 30 characters.

 

Specifying the source

Specify the source address to be used. It can be an individual IP address, an IP network, a user / user group or an object group including several IP addresses, IP networks, users or groups.

 

Specifying the destination

Specify the destination address used. It can be an individual IP address, an IP network or an object group including several IP addresses, networks or groups.

 

Specifying the application category or application (Applications/Sites)

Specify the application or category used. You can view the applications, categories and risk classification by selecting AppWiki in the GUI client. To view all applications, select “Include Social Network Widgets”.

 

Figure: AppWiki display with “linkedin” as the search criterion

 

Specifying the action

The action is specified using one of the following options:

·       Block the traffic: A user can be notified of traffic blocking by means of a user message. The user message specifying here.

·       Allow the traffic: The frequency band of allowed traffic can also be limited (Limit).

·       Inform: This means that the traffic is allowed, but the user is informed of the terms and conditions of use. The user message is specified separately. If necessary, it is possible to specify how often the user message is shown to the user (once a day, once a week, once a month; the shortest interval available is once an hour). The frequency band of the traffic can also be limited (Limit).

·       Ask: This means that the traffic is allowed, but the user is informed of the terms and conditions of use and requested to confirm the opening of the connection. The user message is specified separately. If necessary, it is possible to specify how often the message is shown to the user (once a day, once a week, once a month; the shortest interval available is once an hour). The frequency band of the traffic can also be limited (Limit).

 

Specifying tracking of the rule

Specify whether the rule in question is to be tracked.

 

Specifying the time of validity of the rule (Time)

Specify when the rule is valid. If the time is not specified, the rule is always valid. Here you can specify, for example, that the rule is valid only on weekdays. The available options are:

When the rule is activated or when the rule expires.  E.g. activated 31-1-2015-08:00 and expires 31-12-2015-16:00.

The validity of the rule is limited to a certain period of time or certain weekdays or certain days of the month. E.g. the rule is valid 08:00-16:00 Monday-Friday.

 

Specifying a Comment

The comment is a free text attached to a rule.  

 

Saving a rule and sending a request for implementation

When you have made the specifications, select ‘Send request’ or, to add new changes, select ‘Add change’. When all the necessary definitions have been made, press ‘Send request’, and the request is submitted to Telia for implementation.

 

Example of a rule request

 

Rule number: 1

Rule name: Forbidden applications

Source address: Any

Destination address: Any

Categories: Critical risk, P2P file sharing

Action: Block, User message: Blocked message

Log: Yes

Comment: Forbidden applications

 

7.2 Application and bandwidth control rule change request

 

Specify the rule to be changed and the change to be made.

 

Example of a change request

 

Rule number: 1

Rule name: Forbidden applications

Source address: Any

Destination address: Any

Categories: Critical risk, P2P file sharing

Action: Block, User message: Blocked message

Log: Yes

Comment: Forbidden applications

Change to be made: Change the source network to intra_10.10.10.0m0

 

7.3 Application and bandwidth control rule deletion request

 

Specify the rule to be deleted.

 

Example of a deletion request

 

Number of the rule to be deleted: 1

Rule name: Forbidden applications

 

7.4 Application and bandwidth control user message request

 

In the following, you will find a picture of the user message (Block) of application and bandwidth controö and how it is shown in the browser, and also descriptions of the settings that can be made in the fields.

 

 

Figure: User message

 

Message type (Block/Ask/Inform)

The message can be a block, inform or ask message. A block message is sent, if the traffic is not allowed. An inform message is sent to inform the user, who then selects either OK or Cancel. An ask message requests the user to confirm whether he or she approves the terms and conditions of use.

 

Message name

Give a name to the message.

 

Message comment

Specify a comment for the message. The comment is not shown in the user message.

 

User message main view

Specify the main view (main heading) to be shown on top of the user message.

 

User message logo

Specify the logo to be shown in the user messages. Attach the logo to the request as an attachment file.

 

User message header

Specify a header for the user message information field.

 

User message information

Specify the contents of the user message.

 

Example of a user message request

 

Message type: Block

Message name: Blocked message

Message comment: Application management blocked message

User message main view: Applications control

User message logo: Attached to the request

User message header: Applications blocked

User message information: Access to “applications” is blocked according to the organization security policy.  For more information, please contact your helpdesk.

 

7.5 Application and bandwidth control user message change request

 

Specify the user message to be changed and the change to be made.

 

Example of a change request

 

Message type: Block

Message name: Blocked message

Message comment: Application management blocked message

User message main view: Applications control

User message logo: Attached to the request

User message header: Applications blocked

User message information: Access to “applications” is blocked according to the organization security policy.  For more information, please contact your helpdesk.

Change to be made: Change the user message logo. The logo is in the file attached to the request.

 

7.6 Application and bandwidth control user message deletion request

 

Specify the user message to be deleted.

 

Example of a deletion request

 

Name of the user message to be deleted: Blocked message

 

Return change targets table

 

8 ANTIVIRUS SERVICE

 

The antivirus service scans the files downloaded through the firewall and prevents any malware from entering the customer network according to the company’s scanning policy. The antivirus service supports the most common web browsing, data transmission and email protocols. The user is notified of any viruses detected. The firewall updates the virus database automatically from the manufacturer’s update servers. Typically there is no need to make any changes to the rule base and the profile, but the protection is sufficient if the default values are used.

 

With an antivirus request, you can order new rules, profiles and user messages for the anti-virus service and changes to them or their deletion.

 

Changes can be made to the networks scanned, to the scan profile in order to prevent, detect, enquire or deactivate scanning, or to the message shown to the user.

 

Profile scanning is based on the confidence level and performance settings that are specified by the manufacturer and that can be changed.

 

The protection settings are specified by the manufacture.

 

Figure: Antivirus protection settings specified by the manufacturer

 

8.1 Antivirus rule request

 

In the following, you will find a picture of an antivirus rule and descriptions of the settings ordered with an antivirus rule request.

 

Figure: Antivirus rule

 

Definition of the rule number (No.)

The rule number defines the point in the anti-virus rule base where the rule is read.

 

Specifying the rule name (Name)

Give a name to the rule. The name will remain unchanged in the rule base. The name can include up to 30 characters.

 

Definition of the protected scope

Specify what IP addresses, IP networks or users are scanned (‘Any’ refers to all).

 

Definition of the profile (Action)

Specify the profile to be used in the rule. Instructions on how to specify the profile here.

 

Specifying the tracking of the rule

Specify whether the rule in question is to be tracked.

 

Specifying a Comment

The comment is a free text attached to a rule.

 

Sending a request for implementation

When you have made the specifications, select ‘Send request’ or, to add new changes, select ‘Add change’. When all the necessary definitions have been made, press ‘Send request’, and the request is submitted to Telia for implementation.

 

Exampe of a rule request

 

Rule number: 1

Rule name: anti-virus scan

Protected scope: Any (scans all traffic)

Scan profile: Recommended_Profile

Track: Yes

Comment: Anti-virus scan of the organization.

 

8.2 Antivirus rule change request

 

Specify the rule to be changed and the change to be made.

 

Example of a change request

 

Rule name: Antivirus scan

Protected scope: Any (scans all traffic)

Scan profile: Recommended_Profile

Track: Yes

Comment: Antivirus scan of the organization

Change to be made: Change the protected scope to network intra_10.10.10.0m0

 

8.3 Antivirus rule deletion request

 

Specify the rule to be deleted.

 

Example of a deletion request

 

Rule to be deleted: Number 1

Name of the rule to be deleted (obligatory information): Anti-virus scan

 

8.4 Antivirus profile request

 

In the following, you will find a picture of a profile scan activated when the service is introduced and descriptions of the specifications that can be made in the fields.

 

Figure: Profile specifications

 

NB: The antivirus profile can be identical with the Botnet protection and Advanced Threat Protection profile.

 

Specifying the profile name (Name)

Specify the profile name. The name can include up to 60 characters.

 

Specifying a Comment

Specify a comment for the profile. The comment can include up to 80 characters.

 

Specifying high-confidence actions

The confidence level determines how likely the detected virus is actually a virus. Specify the actions to be taken with high-confidence traffic. The options are: Prevent, Detect, Ask or Inactive. The user message sent to the user is determined by these settings. If Prevent is selected, a Block message is sent, and if Ask is selected, an Ask message is sent. The user message specifying here.

 

Specifying medium-confidence actions

Specify the actions to be taken with medium-confidence traffic. The options are: Prevent, Detect, Ask or Inactive.

 

Specifying low-confidence actions

Specify the actions to be taken with low-confidence traffic. The options are: Prevent, Detect, Ask or Inactive.

 

Performance Impact

Specify the performance level on or below which scanning is performed. The options are: Low, Medium or lower, High or lower.

 

8.5 Antivirus profile change request

 

Specify the profile to be changed and the change to be made.

 

Example of a change request

 

Profile name: Intra_verkon_suojaus

Comment: Profile for protecting the intranet

High-confidence actions: prevent

Medium-confidence actions: prevent

Low-confidence actions: detect

Impact on performance: High or lower

Change to be made: Change low-confidence actions to: prevent

 

8.6 Antivirus profile deletion request

 

Specify the profile to be deleted.

 

Example of a deletion request

 

Profile to be deleted: Intra_verkon_suojaus

 

8.7 Antivirus user message request

 

In the following, you will find a picture of an antivirus user message (Prevent) and how it is shown in the browser and also a list of the settings ordered with an anti-virus user message request.

 

 

Figure: User message.

 

Message type (Block/Ask)

The message can be a block or an ask message. A block message is sent if the setting Prevent is selected in the profile. An ask message is sent if the setting Ask is selected in the profile.

 

Message name

Give a name to the message.

 

Message comment

Enter a comment for the message. The comment is not shown in the user message.

 

User message main view

Specify the main view (main heading) to be shown on the top of the user message.

 

User message logo

Specify the logo to be shown in the user messages. Attach the logo to the request as an attachment file.

 

User message header

Specify a header for the user message information field.

 

User message information

Specify the contents of the user message.

 

Example of a user message request

 

Message type: Block

Message name: Blocked message

Message comment: Antivirus Blocked message

User message main view: Antivirus

User message logo: Attached to the request

User message header: Antivirus Blocked

User message information: The site you are trying to access is classified as malicious and has been blocked. For more information, please contact your help desk.

 

8.8 Antivirus user message change request

 

Specify the user message to be changed and the change to be made.

 

Example of a change request

 

Message type: Block

Message name: Blocked message

Message comment: Antivirus Blocked message

User message main view: Antivirus

User message logo: Attached to the request

User message header: Antivirus Blocked

User message information: The site you are trying to access is classified as malicious and has been blocked. For more information, please contact your help desk.

Change to be made: Change the contents of the user message to “The site you are trying to access is classified as malicious and has been blocked. For more information, please contact your help desk at 0000 9999.”

 

8.9 Antivirus user message deletion request

 

Specify the user message to be deleted.

 

Example of a deletion request

 

Name of the message to be deleted: Blocked message

 

Return change targets table

 

9 BOTNET PROTECTION

 

With a Botnet protection request, you can order new rules, profiles and user messages for the Botnet protection service and changes to the existing ones or their deletion.

 

Botnet malware allows criminals to manage workstations and servers remotely and to perform unauthorized actions – such as steal data, distribute spam and spread malware – and to force them to participate in DoS attacks.

 

This functionality allows botnet-contaminated workstations and servers to be identified and traffic from them to botnet management servers to be prevented. It helps you to minimize damage by preventing for instance the transmission of confidential information from the company's network.

 

Profile scanning is based on the confidence level and performance settings that are specified by the manufacturer and that can be changed.

 

Protection settings are specified by the manufacturer.

 

 

Figure: Botnet protection settings specified by the manufacturer

 

9.1 Botnet protection rule request

 

In the following, you will find a picture of a botnet protection rule and descriptions of the settings ordered with a botnet prevention request.

 

Figure: Botnet prevention rule

 

Specifying the rule number (No.)

The rule number specifies the point in the botnet prevention rule base where the rule is read.

 

Specifying the rule name

Give a name to the rule. The name will remain unchanged in the rule base. The name can include up to 30 characters.

 

Definition of the protected scope

Specify what IP addresses, IP networks or users are scanned (‘Any’ refers to all).

 

Profile to be used (Action)

Specify the profile to be used in the rule. Instructions on how to specify the profile here.

Tracking the rule

 

Specify whether the rule is to be tracked or not.

 

Specifying a Comment

The comment is a free text attached to a rule.  

 

Sending a request for implementation

When you have made the specifications, select ‘Send request’ or, to add new changes, select ‘Add change’. When all the necessary specifications have been made, press ‘Send request’, and the request is submitted to Telia for implementation.

 

Example of a rule request

 

Rule number: 1

Rule name: Botnet scan

Protected scope: Any (scans all traffic)

Scan profile: Recommended_Profile

Track: Yes

Comment: Anti-virus scan of the organization

 

9.2 Botnet protection rule change request

 

Specify the rule to be changed and the change to be made.

 

Example of a change request

 

Rule name: Botnet scan

Protected scope: Any (scans all traffic)

Scan profile: Recommended_Profile

Track: Yes

Comment: Anti-virus scan of the organization

Change to be made: Change the protected scope to the network intra_10.10.10.0m0

 

9.3 Botnet protection rule deletion request

 

Specify the rule to be deleted.

 

Example of a deletion request

 

Rule to be deleted: Number 1

Name of the rule to be deleted (obligatory information): Botnet scan

 

9.4 Botnet protection profile request

 

In the following, you will find a picture of a profile scan activated when the service is introduced and descriptions of the settings that can be made in the fields.

 

Figure: Profile settings

 

NB: The botnet prevention profile can be identical with the antivirus and Advanced Threat Protection  profile.

 

Specifying the profile name (Name)

Specify the profile name. The name can include up to 60 characters.

 

Specifying a Comment

Specify a comment for the profile. The comment can include up to 80 characters.

 

Specifying high-confidence actions

The confidence level determines how likely the detected bot command channel is actually a command channel. Specify the actions to be taken with high-confidence traffic. The options are: Prevent, Detect, Ask or Inactive. The user message sent to the user is determined by these definitions. If Prevent is selected, a Block message is sent, and if Ask is selected, an Ask message is sent. The user message specifying here.

 

Specifying medium-confidence actions

Specify what actions are to be taken with medium-confidence traffic. The options are: Prevent, Detect, Ask or Inactive.

 

Specifying low-confidence actions

Specify the actions to be taken with low-confidence traffic. The options are: Prevent, Detect, Ask or Inactive.

 

Performance Impact

Specify the performance level on or below which scanning is performed. The options are: Low, Medium or lower, High or lower.

 

Example of a profile request

 

Profile name: Intra_verkon_suojaus

Comment: Profile for protecting the intranet

High-confidence actions: prevent

Medium-confidence actions: prevent

Low-confidence actions: detect

Impact on performance: High or lower

 

9.5 Botnet protection profile change request

 

Specify the profile to be changed and the change to be made.

 

Example of a change request

 

Profile name: Intra_verkon_suojaus

Comment: Profile for protecting the intranet

High-confidence actions: prevent

Medium-confidence actions: prevent

Low-confidence actions: detect

Impact on performance: High or lower

Change to be made: Change low-confidence actions to: prevent

 

9.6 Botnet protection profile deletion request

 

Specify the profile to be deleted.

 

Example of a deletion request

 

Profile to be deleted: Intra_verkon_suojaus

 

9.7 Botnet protection user message request

 

In the following, you will find a picture of a botnet protection user message (Prevent) and how it is shown in the browser, and also descriptions of the settings that can be made in the fields.

 

Figure: User message.

 

Message type (Block/Ask)

The message can be a block or an ask message. A block message is sent if the setting Prevent is selected in the profile. An ask message is sent if the setting Ask is selected in the profile.

 

Message name

Give a name to the message.

 

Message comment

Specify a comment for the message. The comment is not shown in the user message.

 

User message main view

Specify the main view (main heading) to be shown on top of the user message.

 

User message logo

Specify the logo to be shown in the user messages. Attach the logo to the request as an attachment file.

 

User message header

Specify a header for the user message information field.

 

User message information

Specify the contents of the user message.

 

Example of a user message request

 

Message name: Blocked message

Message comment: Botnet Blocked message

User message main view: Botnet

User message logo: Attached to the request

User message header: Botnet Blocked

User message information: Your computer is trying to access a malicious server. It is probably infected by malware. For more information and remediation, please contact your helpdesk.

 

9.8 Botnet protection user message change request

 

Specify the user message to be changed and the change to be made.

 

Example of a change request

 

Message name: Blocked message

Message comment: Antivirus Blocked message

User message main view: Botnet

User message logo: Attached to the request

User message header: Antivirus Blocked

User message information: The site you are trying to access is classified as malicious and has been blocked. For more information, please contact your help desk.

Change to be made: Change the contents of the user message to “The site you are trying to access is classified as malicious and has been blocked.” For more information, please contact your helpdesk at: 0000 9999”.

 

9.9 Botnet protection user message deletion request

 

Specify the user message to be deleted.

 

Example of a deletion request

 

Name of the message to be deleted: Blocked message

 

Return change targets table

 

10 INTRUSION PREVENTION

 

With an intrusion prevention request, you can order new scan profiles, changes to existing scan profiles and their deletion and specify networks, protocols or identifiers not to be scanned.

 

The intrusion prevention functionality allows the information security device to detect any intrusion and attack attempts in the connections passing through it.

The intrusion prevention functionality detects, for example, network worms, Trojans, applications sending usage data without authorization (spyware), and targeted attacks towards vulnerable applications.

 

10.1 Intrusion prevention profile request

 

In the following, you will find a picture of a profile scan activated when the service is introduced and descriptions of the settings that can be made in the fields.

 

 

Figure: Intrusion prevention profile scans

 

Specifying the profile name

Specify the profile name. The name can include up to 60 characters.

 

Specifying a Comment

Specify a comment for the profile. The comment can include up to 80 characters.

 

Specifying the IPS settings (IPS Mode)

Specify whether intrusion/attack attempt traffic is to be prevented or detected.

 

Specifying the IPS policy:

 

Protections to activate

Specify whether scanning is activated for clients and servers.

 

Protections to deactivate:

 

Do not activate protections with severity

Specify the severity level below which scanning is not performed. The severity levels have been specified by the manufacturer. The available options are: low, medium, high, critical.

 

Do not activate protections with confidence level

Specify the confidence level below which scanning is not performed. The severity levels have been specified by the manufacturer. The available options are: low, medium-low, medium, medium-high, high.

 

Do not activate protections with performance impact

Specify the performance level above which scanning is not performed. The severity levels have been specified by the manufacturer. The available options are: very-low, low, medium, high.

 

Example of an IPS profile request

 

Profile name: Intra_verkon_suojaus

Comment: Profile for protecting the intranet

Specifying the IPS settings: Preventing traffic if an intrusion attempt is detected

Specifying the protection settings: Activating protection for clients and servers

Specifying severity-level-based scanning: Scanning is not performed below the severity level ‘low’

Specifying confidence-level-based scanning: Scanning is not performed below the confidence level ‘low’

Specifying performance-level-based scanning: Scanning is not performed above the performance level ‘high’

 

10.2 Intrusion prevention profile change request

 

Specify the profile to be changed and the change to be made.

 

Example of a change request

 

Profile name: Intra_verkon_suojaus

Comment: Profile for protecting the intranet

Specifying the IPS settings: Preventing traffic if an intrusion attempt is detected

Specifying the protection settings: Activating protection for clients and servers

Specifying severity-level-based scanning: Scanning is not performed below the severity level ‘low’

Specifying confidence-level-based scanning: Scanning is not performed below the confidence level ‘low’

Specifying performance-level-based scanning: Scanning is not performed above the performance level ‘high’

Change to be made: Change the specification of severity-level-based scanning: Scanning is not performed below the level ‘medium’

 

10.3 Intrusion prevention profile deletion request

 

Specify the profile to be deleted.

 

Example of a deletion request

 

Profile to be deleted: Intra_verkon_suojaus

Return change targets table

 

11 USER AWARENESS

 

With a user awareness request, you can order changes to the IP addresses of the domain controllers, to the domain name or to the user ID (username, password) of the service account.

 

The functionality enables users, user groups and devices to be identified, access to be restricted, and the information security policy to be implemented based on the identity and user group. The introduction of the functionality requires integration of the system with the customer’s user directory. The customer is responsible for the maintenance and management of the user directory.

 

If the request relates to the user identification functionality, our specialist will contact you before the delivery, if necessary.

 

Example of a change to be made to the user identification functionality:

 

Changing the Secondary AD's IP address 10.10.10.10 to 10.10.10.11. The Domain Admin password remains unchanged.

 

Return change targets table

 

12 ADVANCED THREAT PROTECTION

The Advanced Threat Protection service monitors how a file behaves in a workstation environment and strives to prevent unknown malware from entering the customer network.

With an Advanced Threat Protection request, you can order new rules, profiles and user messages for the Advanced Threat Protection service and changes to the existing ones or their deletion.

 

Profile scanning is based on the confidence level and performance settings that are specified by the manufacturer and that can be changed.

 

The protection settings are specified by the manufacturer.

 

Figure. Protection settings of Advanced Threat Protection as specified by the manufacturer.

 

12.1 Advanced Threat Protection rule request

In the following, you will find a picture of an Advanced Threat Protection rule and descriptions of the settings ordered with an Advanced Threat Protection request.

Figure .Advanced Threat Protection rule

 

Specifying the rule number (No.)

The rule number specifies the point in the Advanced Threat Protection rule base where the rule is read.

 

Specifying the rule name

Give a name to the rule. The name will remain unchanged in the rule base. The name can include up to 30 characters.

 

Definition of the protected scope

Specify what IP addresses, IP networks or users are scanned (‘Any’ refers to all).

 

Profile to be used (Action)

Specify the profile to be used in the rule. You can find instructions for specifying the profile here.

 

Tracking the rule

Specify whether the rule is to be tracked or not.

 

Specifying a comment

The comment is a free text attached to a rule.  

 

Sending a request for implementation

When you have made the specifications, select ‘Send request’ or, to add new changes, select ‘Add change’. When all the necessary specifications have been made, press ‘Send request’, and the request is submitted to Telia for implementation.

 

Example of a rule request

 

Rule number: 1

Rule name: Advanced Threat Protection scan

Protected scope: Any (scans all traffic)

Scan profile: Recommended_Profile

Track: Yes

Comment: Advanced Threat Protection scan of the organization

 

12.2 Advanced Threat Protection rule change request

Specify the rule to be changed and the change to be made.

Example of a change request

 

Rule name: Advanced Threat Protection scan

Protected scope: Any (scans all traffic)

Scan profile: Recommended_Profile

Track: Yes

Comment: Advanced Threat Protection scan of the organization

Change to be made: Change the protected scope to the network intra_10.10.10.0m0

 

12.3 Advanced Threat Protection rule deletion request

Specify the rule to be deleted.

Example of a deletion request:

 

Rule to be deleted: Number 1

Name of the rule to be deleted (obligatory information): Advanced Threat Protection scan

 

12.4 Advanced Threat Protection profile request

In the following, you will find a picture of a profile scan activated when the service is introduced and descriptions of the settings that can be made in the fields.

 

Figure. Profile settings

 

NB: The antivirus, botnet prevention and Advanced Threat Protection profiles can be identical.

 

Specifying the rule name

Specify the profile name. The name can include up to 60 characters.

 

Specifying a comment

Specify a comment for the profile. The comment can include up to 80 characters.

 

Specifying high-confidence actions

The confidence level determines how likely the detected threat is actually a threat. Specify the actions to be taken with high-confidence traffic. The options are: Prevent, Detect, Ask or Inactive. The user message sent to the user is determined by these definitions. If Prevent is selected, a Block message is sent, and if Ask is selected, an Ask message is sent. You can find instructions for specifying a user message here.

 

Specifying medium-confidence actions

Specify what actions are to be taken with medium-confidence traffic. The options are: Prevent, Detect, Ask or Inactive.

 

Specifying low-confidence actions

Specify the actions to be taken with low-confidence traffic. The options are: Prevent, Detect, Ask or Inactive.

 

Performance Impact

Specify the performance level on or below which scanning is performed. The options are: Low, Medium or lower, High or lower.

 

Example of a profile request

 

Profile name: Intra_verkon_suojaus

Comment: Profile for protecting the intranet

High-confidence actions: prevent

Medium-confidence actions: prevent

Low-confidence actions: detect

Impact on performance: High or lower

 

12.5 Advanced Threat Protection profile change request

Specify the profile to be changed and the change to be made.

Example of a change request

 

Profile name: Intra_verkon_suojaus

Comment: Profile for protecting the intranet

High-confidence actions: prevent

Medium-confidence actions: prevent

Low-confidence actions: detect

Impact on performance: High or lower

Change to be made: Change low-confidence actions to: prevent

 

12.6 Advanced Threat Protection profile deletion request

Specify the profile to be deleted.

Example of a deletion request:

 

Profile to be deleted: Intra_verkon_suojaus

 

12.7 Advanced Threat Protection user message request

In the following, there are pictures of an Advanced Threat Protection user message (Prevent) and how it is shown in the browser, and descriptions of the settings that can be made in the fields.

 

 

Figure

User message

 

Message type (Block/Ask)

The message can be a block or an ask message. A block message is sent if the setting Prevent is selected in the profile. An ask message is sent if the setting Ask is selected in the profile.

 

Message name

Give a name to the message.

 

Message comment

Specify a comment for the message. The comment is not shown in the user message.

 

User message main view

Specify the main view (main heading) to be shown on top of the user message.

 

User message logo

Specify the logo to be shown in the user messages. Attach the logo to the request as an attachment file.

 

User message header

Specify a header for the user message information field.

 

User message information

Specify the contents of the user message.

 

Example of a user message request

 

Message name: Blocked message

Message comment: Threat Emulation Blocked message

User message main view: Threat Emulation

User message logo: Attached to the request

User message header: Threat Emulation Blocked

User message information: The file you are trying to access is classified as malicious and has been blocked. For more information, please contact your help desk.

 

12.8 Advanced Threat Protection user message change request

Specify the user message to be changed and the change to be made.

 

Example of a change request

 

Message name: Blocked message

Message comment: Threat Emulation Blocked message

User message main view: Threat Emulation

User message logo: Attached to the request

User message header: Threat Emulation Blocked

User message information: The site you are trying to access is classified as malicious and has been blocked. For more information, please contact your help desk.

Change to be made: Change the contents of the user message to “The site you are trying to access is classified as malicious and has been blocked.” For more information, please contact your help desk at: 0000 9999”

 

12.9 Advanced Threat Protection user message deletion request

Specify the user message to be deleted.

Example of a deletion request:

 

Name of the message to be deleted: Blocked message

 

Return change targets table

 

13 ACCESS RIGHT REQUEST

 

With an access right request, you can order SurfManager users access to the security device tools, which makes possible to check rules and log information.  

 

The information required includes the username, the public IP address from which the connections are set up.  Password and mobile number for SMS authentication are same as SurfManager user ID.

 

You should see to it that the firewall openings in your own firewall are in order and submit a separate change request on any firewall openings (firewall rule change).

 

We recommend that the same NAT address is always used for all client users. NB: If the NAT address is changed, you should submit an access right change request and disclose the new NAT address in it.

 

When you have received the access rights, you can download the client from Partnergate’s website, where you can also find instructions on how to use the client. You can check client software version from SurfManager connection view “Access rights”(Version).

 

Example of an access right change:

 

A user ID for the client is created for the user abc12345. The user’s IP address is 1.1.1.1.

 

Return change targets table

 

14 EXPERT WORK

 

With a expert work request, you can order remote specialist work related to the service.

 

The deliverability and schedule of the work is confirmed separately. Examples of expert work include firewall-related reports, data collection, and requests for information.

 

Example of specialist work

 

Find out which rules have not been used during the past two months. These rules should be disabled and deleted after approval.

 

Return change targets table

 

15 Standby

 

With a stand-by/on-call request, you can order a member of the production personnel to be on stand-by or on call.

 

Stand-by means that a specialist is reserved for a certain time in case a specialist is needed to make firewall openings during a network change.

 

Work performed during stand-by is invoiced for according to specialist work. A stand-by request is to be submitted at least two business days in advance. Telia confirms stand-by separately and gives the specialist’s contact details. The specialist is ready to start work with a maximum delay of one hour. In the service request field, you should enter the dates and times when stand-by is required and the reason for stand-by.

 

Example of a stand-by request

 

We need a specialist to monitor traffic from the address 10.10.10.10 to the address 10.1.1.1 and to find out which ports are used for this traffic. The traffic monitoring will take place on Friday this week, between 10 and 11 am.

 

Return change targets table

 

16 REPORTING AND LOGS

 

With a reporting request, you can order more detailed reports on the traffic that has passed through the firewall. With a reporting request, it is also possible to request changes to the settings of existing reporting, such as the reporting interval.

 

Reports give the customer more detailed information on the traffic that has passed through, or that has been blocked by, the firewall.

 

Example of a reporting request

 

Provide a report on traffic to the address 10.10.10.10 during the past week.

 

Return change targets table

 

17 OTHER CONFIGURATION CHANGE

 

With other configuration change, you can order small changes to the information security device, such as changes to its interface settings.

 

Return change targets table