News
Hackers are busy exploiting coronavirus in their attacks. In recent weeks SophosLabs has seen a surge of COVID- and Corona-related domains registered – while some will be legitimate, it’s a fair bet that the majority are destined for criminal purposes.
Common attack techniques
Phishing attacks using COVID-19 as a lure are the most visible and immediate cybersecurity risk right now. Common tactics include:
Coronavirus news
Beware of emails, SMS, and WhatsApp messages from unknown sources with information on coronavirus. Often hackers impersonate legitimate organizations and people to make their messages more believable.
Home delivery scams
With many people waiting on home delivery of essential items, hackers are impersonating delivery services. Their goal: to trick you into clicking malicious links or con you into paying extra ‘delivery’ fees.
We’re also seeing coronavirus used in other ways, including:
Extortion attempts
Criminals threaten to infect people with coronavirus unless you pay them. Often these threats include a small piece of personal information to make it more believable.
Malicious apps
Purporting to give you useful information on coronavirus, these apps enable the crooks to access all the information on the device – and even hold you to ransom.
Malicious documents
These documents claim to contain coronavirus-related information. Upon opening them you’re asked to ‘enable editing’ and ‘enable content.’ Doing so installs malicious software onto your computer.
Practical steps to minimize risk
In the current situation, many people are lowering their guard to phishing attacks and scams. We’re more anxious, more eager for information, and therefore less likely to question something that could be suspect.
With that in mind, here are three practical steps you can take to minimize the risk from coronavirus-related attacks.
Enable Multi-Factor Authentication (MFA)
MFA is a great form of defense against attacks that use a fake login page to trick people into entering their credentials.
Raise awareness of these scams amongst your employees
A simple, but effective, step is to always looks at the actual email address used to send the email, not just the display name. (If you’re on a mobile device click on the display name to reveal the real email address.)
Sophos Phish Threat, our phishing simulation and training tool, is available to everyone for free for 30 days, and now includes a coronavirus phishing template to help train your teams.
Make sure your endpoint and email protection are well-configured
When properly set-up, good protection can catch a phishing attack in multiple ways. You can try our endpoint and email protection for free at any time.
Sophos Cloud Optix has now been certified by the Center for Internet Security (CIS) to accurately assess AWS, Azure and GCP environments based on best practices for secure configuration.
Developed through a unique consensus-based process comprised of cybersecurity professionals and subject matter experts around the world, CIS Benchmarks are recommended as industry-accepted system hardening standards.
The standards are used by organizations in meeting compliance requirements for the Federal Information Security Management Act, PCI, the Health Insurance Portability Accountability Act and other security requirements.
- Amazon Web Services CIS Benchmarks
- Microsoft Azure CIS Benchmarks
- Google Cloud Platform CIS Benchmarks
By certifying Cloud Optix with CIS, Sophos has demonstrated commitment to actively solve the foundational problem of ensuring secure configurations are used throughout AWS, Azure and GCP environments.
Not all certifications are equal
CIS Benchmark Certification is awarded on two profile levels. The aim of the level 1 profile is to lower the attack surface of your organization while keeping machines usable and not hindering business functionality. The level 2 profile is considered “defense in depth” and is intended for environments where security is paramount.
Organizations should investigate whether a vendor offers the level of certification required for their industry, or compliance standard. Sophos has provided evidence that Cloud Optix can accurately report security recommendations in both level 1 and level 2 CIS Benchmark profiles.
This three-day training program was designed and intended for experienced technical professionals who want to install, configure and support the XG Firewall in production environments and is the result of an in-depth study on the next generation firewall of Sophos. The program consists of presentations and practical workshops for the enhancement of teaching content. Due to the nature of the traditions and the varied experience of the trainees, open discussion is encouraged during the training.
Sophos XG Architect Training (Tuesday 28 April 2020– Thursday 30 April 2020)
(3 days Training)
Requirement
XG Firewall _ Certified Engineer course and delta modules up to version 18.0
Recommended Knowledge
- Knowledge of networking to a CompTIA N+ level
- Knowledge of IT security to a CompTIA S+ level
- Experience configuring network security devices
- Be able to troubleshoot and resolve issues in Windows networked environments
- Experience configuring and administering Linux/UNIX systems
Content
- Module 1: Deployment
- Module 2: Base firewall
- Module 3: Network Protection
- Module 4: Synchronized security
- Module 5: Web server Protection
- Module 6: Site to site connections
- Module 7: Authentications
- Module 8: Web Protection
- Module 9: Wireless
- Module 10: Remote Access
- Module 11: High Availability
- Module 12: Pulic Cloud
Certification
+ exam: Sophos XG Architect
Duration 3 days
Agenda
Trainer: Micheal Eleftheroglou
Day 1 Tuesday 28 April 2020
9:30-10:45 Module 1: Deployment and Lab
- Recall important information from Engineer courses
- Deployment modes supported by the XG Firewall
- Understand a range of scenarios where each deployment mode would commonly be used
- Use built-in tools to troubleshoot issues
- Labs
10:45-11:00 break
11:00-13:00 Module 2: Base Firewall
- Explain how the XG firewal can be accessed
- Understand the types fo interfaces that can be created
- Understand the benefits of Fast Path Technology
- Configure routing per firewall rule
- Understand best practice for ordering firewall rules
- Explain what Local NAT policy is and known how to configure it.
13:00-14:00 Lunch
14:00-16:00 Labs
- Activate the Sophos XG Firewalls
- Post installation Configuration
- Bridge interfaces
- Create a NAT rule to load balance access to servers
- Create a local NAT policy
- Configure routing using multiple WAN links
- Configure policy-based routing for an MPLS scenario
- Install Sophos Central
16:00-16:15 Break
16:15-17:15 Module 3:Network Protection and Lab
- Explain what IPS is and how traffic can be offloaded to Fastpath
- Demonstrate how to optimize workload y configuring IPS policies
- Examine advanced Intrusion Prevention and optimize policies
- Configure advanced DOS Protection rules
- Demonstrate how the strict policy can be used to protect networks
- Labs- Create Advanced DoS Rules
Day 2 Wednesday 29 April 2020
9:30-11:00 Module 4: Synchronized Security and Labs
- Explain how Security Heartbeat works
- Configure Synchronized Security
- Deploy Synchronized Security in discover and inline modes
- Understand the advantages and disadvantages of deploying
- Synchronizes Security in different scenarios
- Labs
- Configure source-Based Security
- Hearteat firewall rules
- Destination based Security Heartbeat
- Missing Security Heartbeat
- Lateral Movement Protection
11:00-11:15 Break
11:15-13:45 Module 5 Webserver Protection and Labs
- Explain how Websever Protection works
- Describe protection features for a web application
- Configure Web Server authentication
- Publish a web service using the Web Application Firewall
- Use the preconfigured templates to configure Web Server Protection for common purposes
- Configure SlowHTTP protection
- Labs (Web Application Firewall)
- Labs (Load balancing with Web Server Protection)
- Labs (Web Server Authentication and path-specific routing)
13:45-14:45 Break and Lunch
14:45-17:45 Module 6: Site to site connections and Labs
- Configure and deploy site to site VPNs in a wide range of environment
- Implement IPsec NATing and failover
- Check and modify route precedence
- Create RED tunnels between XG firewalls
- Understand when to use RED
- Labs ( Create an IPsec site to site VPN
- Labs ( Configure VPN network NATing )
- Labs (Configure VPN failover)
- Labs (Enable RED on the XG firewall)
- Labs (Create a RED tunnel between two XG Firewalls
- Labs (Configure routing for the RED tunnel)
- Labs (Configure route-based VPN)
Day 3 Thursday 30 April 2020
9:00-10:00 Module 7: Authentications and Labs
- Demonstrate how to configure and use RADIUS accounting
- Deploy STAS in large and complex environment
- Configure SATC and STAS together
- Configure Secure LDAP and identify the different secure connections available
- Labs (configure an Active Directory Authentication server)
- Labs (configure single sing-on using STAS
- Labs (Authenticate users over a site to site VPN)
10:00-11:15 Module 8: Web Protection
- Choose the most appropriate type for web protection in different deployment scenarios
- Enable web filtering using the DPI engine or legacy web proxy
- Configure TLS inspection using the DLP engine or legacy web proxy
- Labs (Install the SSL CA certificate)
- Labs (Configure TLS inspection rules)
- Labs (Create a custom web policy for users)
11:15-11:30 Break
11:30-12:15 Module 9: Wireless
- Explain how Sophos Access Points are deployed and identify some common issues
- Configure RADIUS authentication
- Configure a mesh network
12:15-13:05 Module 10:Remote Access
- Configure Sophos Connect and manage the configuration using Sophos Connect Admin
- Configure an IPsec remote access VPN
- Configure an L2TP remote access VPN for mobile devices
- Labs (Sophos Connect)
13:05-14:25 Module 11: High Availability
- Explain what HA is and how it operates
- Demonstrate how to configure HA and explain the difference between quick and manual configuration
- List the prerequisites for high availability
- Perform troubleshooting steps andc heck the logs to ensure that HA is set up correctly.
- Explain the packet flow in high availability
- Demonstrate how to disable HA
- Labs (Create an Active-Passive cluster)
- Labs (Disable High Availability)
14:25-15:05 Break – Lunch
15:05-16-15 Public Cloud and Labs
- Deploy XG firewall in complex network enviroments
- Explain how XG firewall process traffic and use this information to inform the configuration
- Configure advanced networking and protection features
- Deploy XG firewall on public cloud infrastructure
- Labs (Put a service in debug mode to gather logs)
- Labs (Retrieving log files)
- Labs (Troubleshoot an issue from an imported configuration file)
- Labs (Deploy an XG Firewall on Azure (simulation)
16:15 (Exams)
The increase in remote working is driving greater use of mobile devices for business purposes. In this article we explore how Sophos Mobile can help you keep your devices and data secure, and how to balance privacy, security and productivity.
Setting up remote employees
Not everyone has the option to use a corporate-owned device and you may need to enable people to start using personal devices for work. Sophos Mobile lets you to secure any combination of personal and corporate-owned devices with minimal effort.
Users can easily set up their personal macOS, Windows 10, or mobile devices via the flexible self-service portal; they can enroll their device, reset passwords, and get help, all without any involvement from IT.
Balancing privacy and security
In Bring Your Own Device (BYOD) scenarios, you need to protect and control business email and data without intruding on your users’ privacy. The container-only management capabilities in Sophos Mobile let you control corporate content in the Sophos Secure Email and Sophos Secure Workspace apps without requiring management of the mobile device itself. This way, your users’ personal information remains private, while company resources are protected.
Protecting against mobile threats
10% of threats are discovered on mobile devices according to our recent survey of 3,100 IT Managers. Sophos Mobile includes Intercept X for Mobile which leverages our Intercept X deep learning engine to protect your users, their devices and corporate data from known and never-before-seen mobile threats. Intercept X for Mobile also gives your users easy-to-use security tools right at their fingertips, such as the Authenticator, Password Safe, Secure QR Code Scanner and Privacy Advisor.
Set up is as simple as downloading the app from the relevant app store and then enrolling your device via the Corporate management tool.
Your users can also use Intercept X for Mobile for free to protect their personal devices – they can simply download and start using today.
Read our help guide for more information on using Intercept X for Mobile.
Keeping employees safe on the web
Intercept X for Mobile also helps you keep your users safe on the web, stopping risky file types being downloaded, and blocking access to inappropriate websites to maintain productivity and compliance. Read our step-by-step guidelines for creating a Web Filtering policy.
Monitoring and control
Compliance policies in Sophos Mobile help ensure mobile devices are used appropriately – both from a security and business policy perspective. For example, you can:
- Ensure that only reputable apps are downloaded from the relevant app stores
- Block the sideloading of a potentially dangerous app
- Restrict access to business resources
- Allow, forbid or enforce certain features of a device
- Define actions that are executed when a compliance rule is violated
You can create separate compliance policies and assign them to different device groups, allowing you to apply appropriate levels of security and access for your users and devices. See the full list of available compliance rules.
For more information and general configuration steps for both Sophos Mobile and Intercept X for Mobile, take a look at the comprehensive help guide.
|
|||||||||||||||
The widespread nature and severity of coronavirus (COVID-19) continues to raise challenges on a variety of fronts. For many organizations, one of those is the need to enable employees to work from home until it’s safe to return to the office.
Solutions for remote working exist, but they can be costly and complex to implement. And, they may not offer the level of security you need.
If you’re looking for a solution that solves each of these issues, Sophos can help. You can take advantage of our free 90-day XG Virtual Firewall Free Trial to get your employees securely connected from home.
XG Virtual Firewall is available on your favorite virtual platforms including VMware, Hyper-V, Citrix XenApp, and KVM. It provides a bevy of connectivity and security features and it’s easy to set up. Simply visit the free trial page, fill out the form, and you’re off.
Secure connectivity for remote workers
A nice aspect of the virtual free trial is its multi-platform support. You can also select the hardware you want to install it on, which makes the process more convenient.
XG Virtual Firewall includes a base license that offers remote connectivity options for users, including both IPsec through Sophos Connect client, and SSL VPN. Both provide secure methods for connecting from home back to the corporate office and accessing resources such as email, applications, and documents.
Your free trial also includes a FullGuard security bundle that protects your firewall and connected devices from threats such as ransomware, breaches, phishing emails, and more.
You can even add additional services such as Sophos Intercept X to take advantage of our Synchronized Security feature, which shares telemetry data on the health status of each connected device in addition to isolating any endpoint that does become infected so the infection can’t spread laterally to other hosts.
Setting up your XG Virtual Firewall free trial
Keeping your organization running smoothly can be challenging during the best of times. As we switch to a “work from home” model until it’s safe to return to the office, having a solution that meets your remote connectivity and security needs can help make things easier. And, it doesn’t need to be difficult to get up and running quickly.
We’re here to make your XG Virtual Firewall Free Trial simple to deploy and configure so your remote employees can get connected and stay productive. Here are some resources to help you get started.
- Sign up for the XG Virtual Firewall Free Trial
- XG Firewall Virtual and Software Appliance Installation Guide
- XG Firewall: Useful links for configuring VPN remote access
- XG Firewall: How to configure Connect client on XG Firewall
- XG Firewall: How to configure SSL VPN remote access
If you have questions at any point during your free trial please visit our knowledgebase, review our how-to videos, documentation, or contact us.
After 90 days
Should you wish to continue using XG Firewall once the free 90-day trial ends, we can help you transition to a hardware, virtual or cloud instance of XG Firewall. Speak to your Sophos representative to discuss your requirements.
The coronavirus and resulting changes to work practices have a number of cybersecurity repercussions. This article brings together all of our advice to support people through this challenging time, including best practices for secure remote working as well as information on cyberthreats that exploit COVID-19.
We will continue to update this page as new resources and research findings become available.
Non-stop Sophos protection during the coronavirus pandemic
We’d like to reassure our customers and partners that our ability to protect them is uncompromised. All departments, including threat intelligence, protection and response from SophosLabs, Managed Threat Response and Global Support Services are operating as normal to provide 24×7 detection, protection and technical support. Read our full statement.
FREE personal PC and Mac protection for all Sophos customers
For the duration of the COVID-19 global health concern, all Sophos customers can protect their employees’ personal PCs and Macs for free with our Sophos Home Commercial Edition program.
It gives your staff the same business-grade protection that our commercial customers already enjoy, providing added security and peace of mind when working remotely. For more information and to request your free access, please reach out to your Sophos representative.
Best practices for secure remote working
Coronavirus and remote working: what you need to know
This article explores the behaviors and technologies you need to keep your organization protected from cyberthreats while enabling people to work remotely. This guidance is applicable to all organizations.
Facilitating remote working with Sophos XG Firewall
Sophos XG Firewall and SD-RED devices provide multiple solutions for secure remote connectivity. This article looks at the specific features in XG Firewall that support remote working and provides information on configuring IPsec and SSL VPN connections.
Securing remote working with Sophos Endpoint Protection
Sophos Endpoint Protection is designed to secure everyone, whether they’re office-based or working elsewhere. In this article we explore how to set up remote workers, including how to create web filtering and peripheral control policies.
Coronavirus threat research from Sophos
Coronavirus warning spreads Trickbot malware
Our SophosLabs researchers recently discovered a spam campaign targeting Italy that ultimately results in infection by a well-known strain of Windows malware called Trickbot. We anticipate that attackers will try to use similar approaches in other countries.
Coronavirus “safety measures” email is a phishing scam
The Sophos security team detected a phishing attack purporting to be from the World Health Organization.
Sophos Endpoint Protection is designed to secure everyone, whether they’re office-based or working elsewhere. With many customers enabling or exploring remote working for their employees, this article highlights key capabilities that help you keep your users and data secure while working from home.
Setting up remote workers
The Sophos Central management platform makes it easy to set up and protect employees who are working from home, even if they are a new user or are using a personal device.
To get started you can download the installer file for whichever components you wish to deploy. Alternatively you can use email deployment which is perfect for users who are not currently on the network or for users who need to perform the installation themselves.
If users are not already imported or synchronized via Active Directory synchronization, you need to import their email addresses into Sophos Central. Once complete, simply click the Send Installers to Users button that is highlighted in the image below.
A simple wizard will guide you through picking which components to deploy. The user will receive an email with instructions on what to do and a link to the installer for them to run themselves.
For more information on the various deployment methods for our endpoint protection agent, see Knowledge Base article 119265.
Keeping employees safe on the web
When a user is in an office, traditionally it’s your company firewall that enforces web filtering rules. However, unless they are using a VPN, when people work from home their laptop needs to pick up that role and enforce any web filtering rules defined by your organization.
At the same time, working from home can also lead to changes in behaviour as users adopt a ‘home use’ rather than ‘work’ mindset. This can lead them to use their company device for non-work purposes.
The Web Control capabilities in Sophos Endpoint Protection stops risky file types being downloaded and blocks access to inappropriate websites. Read our step-by-step guidelines for creating a Web Control policy.
Controlling which peripherals employees can plug into their devices
14% of cyberattacks entered the organization via USB sticks or external devices, according to our recent survey of 3,100 IT managers. With more people working from home, there is potential for people to plug new devices into their company laptop.
Peripheral Control in Sophos Endpoint Protection enables you to control what employees can and can’t plug into their corporate devices. Read our step-by-step guidelines for creating a Peripheral Control policy.
For more information on how to enable safe and secure remote working, visit our remote working page or speak with your Sophos representative.
As organizations look to keep their workforce connected and productive, the ability for employees to work from home or any another location has become critical. While coronavirus (COVID-19) is driving the current increase in remote working, long commute times, severe weather and the need for greater flexibility are just some of the other reasons companies are looking at alternatives to working in an office.
Sophos XG Firewall and SD-RED devices provide businesses, schools, hospitals and other organizations with multiple solutions for secure remote connectivity. Employees can have access to applications, email and resources on the network from their own home, just as if they were onsite. And, you can keep them safe with features like web filtering which controls access to websites containing harmful and inappropriate content. Here’s how:
XG Firewall and Connect client
If you own an XG Firewall (hardware or virtual appliance), you have a perpetual Base license that includes both IPsec and SSL VPN connectivity. You can choose either or both to provide your remote workers with access to the corporate network.
Setting up IPsec-based remote access is managed through Sophos Connect client on XG Firewalls running v17.5 or newer firmware. Connect client is focused on ease of use and reliability to ensure an extremely positive user experience. Just select your desired network or office and click “Connect” to establish an encrypted VPN tunnel that secures the transmission of traffic (data, applications, etc.) between the firewall and remote device. On the client side, the remote device uses free Connect client software for either Windows or macOS to create the VPN connection.
SD-RED
An alternative solution for connectivity from home is Sophos SD-RED. These low-cost Remote Ethernet Devices create a secure Layer 2 VPN tunnel to a central XG Firewall. SD-RED makes a great remote access solution for connecting remote sites, as well as for individual employees who deal with particularly sensitive information, such as executives.
No technical expertise is needed to connect the device. Simply note the device ID in your XG Firewall and ship it to the employee. As soon as it’s plugged in and connected to the internet, the SD-RED appliance contacts your XG Firewall and establishes a secure dedicated VPN tunnel. You can connect to the device directly or wirelessly through a Sophos APX wireless access point.
IPsec or SSL VPN: Which remote access solution is right for me?
With both IPsec and SSL VPN options available to you in XG Firewall, how do you choose the one that’s right for you? Here are some points to consider when evaluating your environment:
IPsec VPN – Sophos Connect client
Strengths:
- Easy for administrators to bulk deploy and provision
- Intuitive to use
- Consistent performance
- Windows and macOS support
Challenges:
- IPsec occasionally blocked on hotel/public hotspot networks
- No automated user group provisioning
- Currently limited to 255 simultaneous connections
SSL VPN
Strengths:
- Provision access by user groups
- Works in more restricted environments
Challenges:
- Agent deployment geared to end user self-installation
- User action required to deploy VPN policies
- Windows-only support
Resources
Sophos has a series of tools to help you learn more about configuring IPsec and SSL VPN connections for secure remote access using your XG Firewall:
• XG Firewall: Useful links for configuring VPN remote access – Community article
• Using Sophos Connect VPN client – Community article
• XG Firewall: Sophos Connect client – Knowledge Base article
• Sophos Connect client – User Assistance article
• Sophos Connect VPN client – Video
• XG Firewall: How to deploy Sophos Connect via Group Policy Object (GPO) – Knowledge Base article
• XG Firewall: How to configure SSL VPN remote access – Knowledge Base article and video
• XG Firewall: Licensing guide – Knowledge Base article
• XG Firewall: Performance testing methodology – Knowledge Base article
Securing remote connections
With sensitive information travelling back and forth between the firewall and remote devices over the internet, ensuring the traffic is secured from threats is critical. If your XG Firewall has a TotalProtect Plus or FullGuard Plus license, traffic is scanned for ransomware, viruses, intrusions, and other threats in both directions, providing comprehensive protection.
Extend your protection with Synchronized Security
When your remote device has an active Sophos Intercept X license, it can share real-time threat, health and security information with XG Firewall via the Security Heartbeat ™. If a remote device becomes infected, XG Firewall isolates the device until it is cleaned, preventing the infection from moving laterally to other devices on the network.
Stay home, stay connected
Whatever reason your workforce is at home, you can help them stay connected with your XG Firewall. Check out the resources in this article, and for more information, speak with your local Sophos sales team. Stay tuned for enhancements to Connect client in an upcoming XG Firewall v18 maintenance release.
Following the continued spread of coronavirus (COVID-19) across the globe, we’d like to reassure our customers and partners that our ability to protect them is uncompromised. All departments, including threat intelligence, protection, and response from SophosLabs, Managed Threat Response, and Global Support Services are operating as normal to provide 24×7 detection, protection, and technical support. These business units already use a global follow-the-sun delivery strategy that allows Sophos to maintain continuity during the regular course of business and is continually improved as needed.
Sophos also has in place a robust set of technologies that enables the majority of our global employees to work from home. As a precautionary measure, and to help prevent the spread of coronavirus, we have advised employees in countries reporting a rising number of cases to work from home. We are fully enabled to continue day-to-day business, including product development and other important efforts, remotely.
We recognize that many other organizations are requiring employees to work from home and need secure connectivity. Customer information with tips on configuring VPN remote access with XG Firewall is available on our Sophos Community page. This article provides a quick and easy reference guide to getting started and more. We have also published practical security guidance for anyone enabling or exploring remote working.
Sophos is abiding by the ongoing and changing government guidelines and implementing a range of precautionary measures to help reduce the global spread of coronavirus (COVID-19) to protect the health and wellbeing of our employees, partners, and customers. These include restricting both international and domestic business travel for all employees, reducing participation in events, and switching in-person meetings to video conference.
We have established a cross-functional working group to stay coordinated on actions across our global operations, to support employee health and safety while minimizing disruption to our business. We continue to monitor this rapidly evolving situation and will update all our employees, partners, and customers with any changes.
We encourage everyone to maintain high cybersecurity vigilance at this difficult time. Cybercriminals are already exploiting coronavirus in their attacks and SophosLabs recently published new research into a Trickbot campaign that targets coronavirus fears in Italy. For quick updates to new findings about these types of attacks, please follow SophosLabs on Twitter.
Coronavirus has brought remote working to the top of everyone’s mind. With many organizations already enabling or exploring remote working, here are 11 tips to help your users, and your company, stay secure while protecting everyone’s physical health.
1. Make it easy for users to get started
Remote users may need to set up devices and connect to important services (Mail, Internal Services, SalesForce, etc.) without physically handing them over to the IT department. Look for products (security and otherwise) that offer a Self Service Portal (SSP) that allows users to do things themselves.
2. Ensure devices and systems are fully protected
Go back to basics – ensure all devices, operating systems and software applications are up to date with the latest patches and versions. All too often malware breaches an organization’s defenses via a rogue unpatched or unprotected device.
3. Encrypt devices wherever possible
When people are out of the office there is often a greater risk of lost or stolen devices; for example, phones left in cafes, laptops stolen from cars. Most devices include native encryption tools such as BitLocker – be sure to use them.
4. Create a secure connection back to the office
Using a Virtual Private Network (VPN) ensures that all the data transferred between the home user and the office network is encrypted and protected in transit. Plus, it makes it easier for employees to do their jobs.
5. Scan and secure email and establish healthy practice
Home working will likely lead to a big increase in email as people can no longer speak to colleagues in person. The crooks are wise to this and already using the coronavirus in phishing emails as a way to entice users to click on malicious links. Ensure your email protection is up-to-date and raise awareness of phishing.
6. Enable web filtering
Applying web filtering rules on devices will ensure that users can only access content appropriate for ‘work’ while protecting them from malicious websites.
7. Enable use of cloud storage for files and data
Cloud storage enables people to still access their data if their device fails while working remotely. Don’t leave files and data in the cloud unprotected and accessible by anyone. At the very least, employees must successfully authenticate. Multi factor authentication takes that a step further.
8. Manage use of removable storage and other peripherals
Working from home may increase the chance of people connecting insecure devices to their work computer – to copy data from a USB stick, or to charge another device. Considering that 14% of cyberthreats get in via USBs/external devices*, it’s a good idea to enable device control within your endpoint protection to manage this risk.
9. Control mobile devices
Mobile devices are susceptible to loss and theft. You need to be able to lock or wipe them should this happen. Implement application installation restrictions and a Unified Endpoint Management solution to manage and protect mobile devices.
10. Make sure people have a way to report security issues
With home working people can’t walk over to the IT team if they have an issue. Give people a quick and easy way to report security issues, such as an easy-to-remember email address.
11. Make sure you know about “Shadow IT” solutions
With large numbers of people working from home, Shadow IT – where non-IT staff find their own ways of solving issues – will likely increase. Sophos recently discovered ‘public’ Trello boards containing names, emails, dates of birth, ID numbers, and bank account information. Ensure users report use of such tools.
If you’d like more information we’re running a series of webinars on this topic in the coming weeks. Register for you spot today.
All roads lead to Rome, or at least that is what the proverb says, meaning no matter what route you take, you will always end up with the same result. Unfortunately, this isn’t something you can say for sensitive data. At Boldon James, we have spent the past twenty years working with defence and intelligence environments, and can report that often many roads exist, but only one of those is operational.
What am I referring to with this proverb? Well, it’s how we classify sensitive data. Applying a classification to an email message should be straight forward: mark it as ‘sensitive’, store as a piece of metadata on the email and send it. The email was probably the first type of electronic data to have a dedicated place to store a Classification. The 1988 X.400 standards included a ‘Security Label’, which was used by defence and intelligence systems for transmitting classified email messages (the phrase ‘Security Label’ is an X.400 term for what this blog will refer as the ‘Classification’).
You would imagine having only one location to look for the Classification made interoperability easy. However, the downside of X.400 was the strict binary encoding (ASN.1), meaning the recipient of an X.400 Security Label had to first understand the binary, and convert this into text for display to the end-user. If system ‘A’ used a different binary encoding to system ‘B’, the two systems couldn’t interoperate, and with neither system willing to alter their encoding, because of the legacy data they had stored, the solution resulted in complex gateways to convert between the two encoding formats.
We’ve largely left the X.400 world behind us, and moved into the SMTP world where everything is plain text, operates over the internet and is generally a lot easier than X.400. However, in the SMTP world, we don’t:
a) have a standard place to store a Classification or,
b) a standard format for the Classification.
Is this progress? Today, we’ve seen the Classification stored in the subject field, the first line of text in the email body, and a multitude of customised x-headers. Interoperability is generally achieved by adding additional Classifications onto the email. It’s not uncommon to find four or five variants of the Classification (in differing formats) on the email message; in which case, how do we know which one is the reference Classification? The more systems we have that label and share sensitive data, the more interoperability issues we will begin to see – as we realise that in fact not all roads leads to Rome.
In the defence world, NATO has been looking at data-centric security and written standards (STANAG 4774 and 4778) which defines a standard place and format for storing the Classification on an email message (and also to cryptographically bind that Classification to the email message). Boldon James is involved in prototyping these standards at various defence events; have we reached the time when the commercial world needs similar standards, allowing all roads return to Rome (or wherever your favourite City is!)?
Earlier this week the personal details of more than 10.6 million MGM Resort hotels guests were published on a hacking forum, the result of a cloud server data breach.
With this in mind, we take a look at some things you can do to avoid falling victim to a public cloud attack, including how Sophos can help you see and secure your data in the public cloud.
Know your responsibilities
Before anything else, you need to understand what you are responsible for when it comes to storing data in the public cloud.
Public cloud providers such as AWS, Azure, and Google offer customers a great deal of flexibility in how they build their cloud environments.
But the consequence of all this flexibility is that they can’t completely protect your virtual network, virtual machines, or data while in the cloud. Instead they run a Shared Responsibility model – they ensure security of the Cloud, while you are responsible for anything you place in the Cloud.
Aspects such as physical protection at the datacenter, virtual separation of customer data and environments – that’s all taken care of by the public cloud providers.
You might get some basic firewall type rules to govern access to your environment. But if you don’t properly configure them – for instance, if you leave ports open to the entire world – then that’s on you. So learn what you’re responsible for – and act on it.
Watch our shared responsibility video to learn more.
Five steps to minimize your risk of attack
Here are five essential steps you should take to minimize your risk of a cloud-based attack, and protect your data.
Step 1: Apply your on-premises security learnings
On-premises security is the result of decades of experience and research. When it comes to securing your cloud-based servers against infection and data loss, it’s a good idea to think about what you already do for your traditional infrastructure, and adapt it for the cloud:
Next-gen firewall
Stop threats from getting onto your cloud-based servers in the first place by putting a web application firewall (WAF) at your cloud gateway. Also look to include IPS (to help with compliance) and outbound content control to protect your servers/VDI.
Sophos XG Firewall protects your cloud and hybrid environments. And, with pre-configured virtual machines in Azure and AWS, you can be up and running quickly.
Server host protection
Run effective cybersecurity protection on your cloud-based servers, just as you would your physical servers.
Sophos Intercept X for Server protects your AWS and Azure workloads from the latest threats. Watch this video overview to see it in action.
Endpoint security and email protection
While your network may be in the cloud, your laptops and other devices are staying on the ground, and all it takes a phishing email or spyware to steal user credentials for you cloud accounts.
Ensure you keep endpoint and email security up to date on your devices to prevent unauthorized access to cloud accounts.
Step 2: Identify all your cloud assets
If you can’t see the data in the public cloud, you can’t secure it.
That’s why one of the most important factors in getting your cloud security posture right is getting accurate visibility of your infrastructure and how traffic flows through it. This will allow you to identify anomalies in traffic behavior – such as data exfiltration.
Step 3: Build a complete inventory
Build a complete inventory of your cloud estate, including server and database instances, storage services, databases, containers and serverless functions.
As well as looking at numbers of assets, also look for weak spots. Potential risk areas include:
- Databases with ports open to the public internet that could allow attackers to access them
- Cloud storage services set to public
- Virtual hard drive and Elastic Search domains set to public
Step 4: Regularly review identity access management
Actively manage user roles, permissions, and role-based access to cloud services. The scale and interwoven nature of individual and group access to services creates an enormous challenge, and attackers will exploit that gap in security.
Ensure you have visibility over all access types, and their relationships to cloud services to identify overprivileged access and review your policies accordingly. Afterall, if a hacker obtained these credentials, they could search far and wide across your cloud accounts for sensitive data.
Step 5: Actively monitor network traffic
Look for the telltale signs of a breach in your network traffic, with unusual traffic spikes a key indicator of data exfiltration.
The dynamic nature of the cloud means that traffic and assets are changing frequently, so humans generally struggle to track all these data points.
Instead use AI to harness these data sources and build a picture of what “normal” traffic is, then when activities occur outside “normal” you can be alerted instantly to unusual, and potentially malicious behavior.
Sophos Cloud Optix makes it easy for you to see all your cloud databases and workloads. It also enables you to identify potential vulnerabilities within your architecture so you can prevent a potential breach point.
Start an instant no-obligation online demo to see Cloud Optix in action for yourself.
As organizations move quickly to do their part in stopping the spread of COVID-19 people are working remotely more than ever before. At CyberArk we have taken action to protect the health and safety of our global community of customers, partners and employees – including having our employees across the globe work from home.
It’s not always easy for organizations to move to full remote work, especially having to balance productivity and security. Sudden, unexpected changes in the amount of work being done from home affects the workflows of remote users – especially those requiring privileged access – and most of the time, organizations don’t have the ability to properly scale. Additionally, attackers are working to capitalize on people’s fears and desire for information, which underscores the need to safeguard critical systems and assets.
Utilizing technology to overcome these challenges can help make these trying times a bit easier. Whether that’s making greater use of video chat and conference calling or allowing secure access to internal systems from anywhere, technology is helping business to continue with as little disruption as possible.
Recently we launched a new use case for CyberArk Alero to address the needs of all remote users (employees and vendors) by providing secure remote access to critical systems managed by CyberArk.
Starting today, we’ll be offering qualified customers the use of CyberArk Alero at no cost through the end of May in hopes that it will help ease some of the burden associated with the changing work environment. There are many ways that we, as individuals and as a company, are working to help our communities during this trying time. As business continuity plans are being tested, we hope to help organizations keep business running securely while putting the health and safety of all of us first.
Sophos Mobile Control Architect Training (2 days Training) – Tuesday, March 31st 2020 – Wednesday April 1st, 2020
Requirement
Have completed and passed the Sophos Mobile Certified Engineer course and any subsequent delta modules up to version 8.5
Recommended Knowledge
- Knowledge of how setup a Windows Active Directory environment with servers and workstations
- Experience of Windows networking and the ability to troubleshoot issues
- Understand the principles of DMZs, proxies and reverse proxies
- Experience using Microsoft SQL Server and Microsoft Exchange Server
- Experience with webservers or another web facing infrastructure
- Be familiar with iOS, Android and Window mobile devices
Content
- Module 1: Solution Overview & Architecture
- Module 2: Installation
- Module 3: Configuration & Management
- Module 4: Containers
- Module 5: Sophos Mobile Security
- Module 6: EAS Proxy
- Module 7: Network Access Control
- Module 8: Server Maintenance
Certification
To become a Sophos Certified Architect, trainees must take and pass an online assessment. The assessment tests their knowledge of both the presented and practical content. The pass mark for the assessment is 80%, and is limited to 3 attempts
Duration 2 days
Lab Environment
Each student will be provided with a pre-configured environment which simulates a company network with two sites, a head office and a branch office and contains Windows Servers, a Windows Desktop and three XG Firewalls
Agenda
Trainer: Micheal Eleftheroglou
Day 1 Tuesday 31 March 2020
9:30-10:30 Module 1: Solution Overview & Architecture
- Review Sophos Mobile knowledge from the Engineer course
- Explore the architecture of Sophos Mobile and deployment options
- Understand communication protocols, clustering and sizing the solution
10:30-10:45 break
10:45-11:45 Module 2: Installation
- Understand the supported devices, servers and database versions for Sophos Mobile
- Understand the installation process
- Understand the installation pre-requisites and tools used to ensure these are met
- Configure an External Directory
- Configure post-installation settings
- Understand cluster configuration and user roles
- Explain the migration tool and troubleshooting steps during installation.
11:45-13:15 Lab 1 Installation
- Prepare the Sophos Mobile Server
- Create an SSL certificate using the Sophos Mobile SSL Certificate Wizard
- Install Sophos Mobile using an existing database and PKCS12 certificate file
- Create and install an APNs certificate
- Configure the internal EAS proxy
- Install the CA Certificate (for iOS devices only)
13:15-14:15 Lunch
14:15-16:15 Module 3: Configuration & Management
- Configure Super Admin settings and customer settings
- Understand configuration inheritance
- Configure SCEP and troubleshoot common issues
- Configure mobile devices
- Understand Device Profiles, Apple VPP, Apple DEP, Android for Work & Device Owner
- Configure Task Bundles and Device groups
- Configure the Self Service Portal
- Configure compliance policies
- Understand how to remove a device from Sophos Mobile
- Troubleshooting common issues
16:15-16:30 Break
16:30-17:30 Lab 2: Configuration & Management
- Configure Super Admin level settings
- Configure inheritance and view assigned configuration
- Create a customer and configure customer level settings
- Enroll a mobile device (Android or iOS)
Day 2 Wednesday 1 April 2020
9:30-10:00 Module 4: Containers
- Explain what Container-only Management is
- Describe which components are included in the Sophos Container
- Explain how document encryption works with Secure Workspace
- Describe the possible compliance actions available
- Explain Samsung KNOX
10:00-10:30 Lab 3: Sophos Container
- Manage documents in Sophos Mobile
- Create an encrypted file using the SafeGuard client
- Configure and test a Sophos Container Policy (Android and iOS)
10:30-10:45 Break
10:45-11:15 Module 5 Sophos Mobile Security
- Explain what Sophos Mobile Security is
- Describe how App Reputation works
- Understand how to manage Sophos Mobile Security
- Troubleshoot common issues
11:15-11:30 Lab 4: Sophos Mobile Security
- Configure a Sophos Mobile Security policy
- Test the Sophos Mobile Security policy (Android only)
11:30-12:00 Module 6: EAS Proxy
- Describe what EAS Proxy is used for
- Review use of EAS Proxy with Lotus Notes Traveler and O365 support
- Understand the deployment scenarios for EAS Proxy
- Explain clustering and certificate base authentication
- Work through an installation of EAS Proxy
- Troubleshoot common issues and understand the log files generated
12:00-12:20 Lab 5: EAS Proxy
- Install an External EAS Proxy
- Configure the UTM as a reverse proxy for the External EAS proxy
- Update the EAS settings to use the External EAS proxy (Android or iOS)
- Review the external EAS proxy log file
12:20-12:50 Module 7: Network Access Control
- Explain how NAC works
- Configuration NAC
- Describe device compliance options with NAC enabled
- Troubleshoot common issues and understand the log files generated
12:50-13:20 Lab 6: Network Access Control
- Enable Network Access Control
- Test Network Access Control (Android or iOS)
- Unenroll your device
- Remove lab configuration
13:20-14:20 Break – Lunch
14:20-15:00 Module 8:Server Maintenance
- Explain the daily maintenance schedule
- Describe when and how to update Sophos Mobile
- Understand what steps to take if changes are made to your environment
- Understand the deployment scenarios for Sophos Mobile
15:00-15:15 Lab 7: Cluster Configuration Simulation
- Complete the simulation
XG Firewall v18 is here, and with it comes a slew of terrific new features that address the visibility, protection, and performance problems organizations face every day.
One of the more exciting enhancements in v18 adds is Central Firewall Reporting (CFR), Sophos’ new cloud-based reporting tool.
Sophos CFR enables customers to create historical reports on network activity with a great deal of customization. It’s extremely flexible, and it’s included for free on any XG Firewall capable of running the v18 firmware.
Greater insight through analytics
If you are in any way responsible for your organization’s network, here’s a simple question to ask yourself:
Do I have a good understanding of the user activities, applications, network events, risks, and performance in our security environment?
If you don’t or the solution you’re using only scratches the surface, a reporting tool that provides deeper insight in these areas could be just what you need. Armed with deeper analytics, you can implement policy changes to drive efficiencies that enhance productivity while also protecting against cyber threats.
Flexible, customizable reporting
Creating reports on the topics that are important to you should be easy, and with CFR it is.
An integral component of Sophos Central, Central Firewall Reporting provides organizations with a flexible set of options to capture network activity through your Sophos Central account and XG Firewall.
Using the interactive dashboard, you can drill down into the syslog data for a granular view that is presented in a visual format for easy understanding. The data can then be analyzed for trends that could lead to gaps in security, requiring policy changes.
Key features in Central Firewall Reporting
With Central Firewall Reporting, you can create reports to fit your needs using one of the pre-defined report templates and customizing it the way you want. Here are some of the key features:
- Up to seven days of historical reporting
- Rich, granular data organized into easy-to-understand reports
- Pre-defined, out-of-the-box report templates
- Flexible report table and charts allow you to customize each report
- Report Dashboard provides an at-a-glance view from the XG Firewall for network operational health, policy control events, and all security-driven events
- Visual representation of data displayed in graphical form
- Search and retrieval of all log data from the XG Firewall
What’s next for CFR?
Because Central Firewall Reporting is cloud-based, we’ll roll out additional features and report templates without requiring any firmware update to your XG Firewall. Even bigger, however, is a new reporting service with more features and built-in reports.
Complementing the free version of Central Firewall Reporting, CFR Premium is a “for pay” service that unlocks more capabilities and built-in report templates along with historical reporting up to one year.
CFR Premium is designed for organizations with more connected devices that generate larger amounts of syslog data and want the flexibility to add storage capacity as needed. Look out for the launch in the coming months.
In the meantime, try out the free version to see the types of custom reports you can create and the insights you’ll get into network activity. For more information, see the CFR web page on our website.
XG Firewall v18 is now available, and it’s sporting the all-new Xstream Architecture, which delivers extreme levels of visibility, protection and performance.
We’ve packed this release with new and enhanced features for you, including:
- Xstream SSL inspection. Get unprecedented visibility into your encrypted traffic flows, support for TLS 1.3 without downgrading, powerful policy tools, and supreme performance.
- AI-powered threat intelligence. Extend your protection against zero-day threats and emerging ransomware variants with multiple best-in-class machine learning models and unmatched insights into suspicious files entering your network.
- Application acceleration. Optimize network performance by putting your important application traffic on the fast path through the firewall and routing it reliably out through your preferred WAN connection.
Watch the overview video to see everything that’s new in XG Firewall v18:
Sophos Central
XG Firewall v18 also includes support for all new central management, reporting, and deployment options launching on Sophos Central next week:
- Group firewall management. Easily keep your full estate of firewalls consistent using groups that automatically keep policies, objects, and settings synchronized.
- Central reporting. Network activity and insights across all your firewalls are now at your fingertips in Sophos Central, with several pre-packaged reports and flexible reporting tools to create your own.
- Zero-touch deployment. Conveniently setup a new firewall in Sophos Central, export the config, load it on a flash drive and have your new firewall automatically connect back to Sophos Central without having to touch it.
And, there’s more!
In addition, there are also a ton of other new features that will enhance your protection, visibility, management experience, and network versatility:
- Synchronized SD-WAN brings the power of Synchronized Security to reliably and accurately route application and user-based traffic over your preferred WAN links
- Firewall, NAT, and SSL Inspection rules and policies are now more powerful, flexible and easier to work with than ever before
- Plug-and-play high-availability (HA) makes it easy to enable business continuity and adds peace-of-mind – simply connect two XG Series appliances together and you’ll be up and running in no time
- Real-time flow monitoring provides at-a-glance insights into active bandwidth consuming hosts, applications, and users
- Expanded notifications and alerts ensure you never miss an important network security event whether it’s related to a threat, service, or important performance metric
How to get XG Firewall v18
As usual, this firmware update comes at no charge for licensed XG Firewall customers. The firmware will be rolled-out automatically to all systems over the coming weeks, but you can manually update at any time via MySophos.
Head on over to the XG Firewall Community Blog to get the full release notes.
Also check that your current hardware appliance supports v18.
Making the most of your new XG Firewall features
Free online training – available to all XG Firewall customers, our delta training program will help you make the most of the new features in XG Firewall v18.
It walks you through the key enhancements since v17.5 and takes about 90 minutes to complete. Get started on the XG Firewall training program.
Customer resources and how-to videos – be sure to visit the Customer Resource Center for the latest how-to videos and links to documentation, the community forums, training and other resources.
Take advantage of Partner and Sophos Professional Services: To augment your local Sophos partner’s services, we offer services to help you getting up and running and make the most of your XG Firewall, including the latest capabilities in v18.
While Sophos Professional Services can help with any task, here are the most common services they provide:
- XG Firewall deployment and setup
- XG Firewall v18 DPI, FastPath and SSL Engine Optimization
- XG Firewall Health Checks
Here are some direct links to helpful resources:
- Customer Training Portal (free Delta Training)
- Customer Resource Center (with how-to videos)
- Community Forum Recommended Reads
- What’s New and Release Notes
- XG Firewall v18 Complete Documentation
New to XG Firewall?
If you’re new to XG Firewall, see how it provides the world’s best network visibility, protection and response on the new XG Firewall website.
We have all seen films where the defences of a medieval castle prevent the attackers from gaining entry – the deep moat, unscalable walls and impenetrable portcullis. From within the castle, the firing of arrows, canons and boiling oil poured onto the attackers all help protect the castle residents inside.
In many ways, a lot of the commercial, defence and intelligence organisations have treated their IT networks in the same way – protect the perimeter, and your information inside will remain safe. Unfortunately, today this isn’t the case; the perimeter protecting your information is widening. With the boom of Cloud services, an increasingly mobile workforce and the need to share information, the protection of the perimeter becomes even more difficult when we’re unsure exactly where the perimeter is, and the more opening doors we place in our perimeter, the harder it becomes to protect.
We still need to protect the perimeter using our existing network-centric security tools, but also need to protect the information we store inside our network. An information-centric approach uses classification and encryption to protect the information wherever it moves, placing less importance on where your information resides.
Classification of your information at the point of creation is key to the success of information-centric security; this is very familiar to the defence and intelligence communities but may require an important mindset change to some commercial organisations. Once your information is correctly classified, you begin to understand the sensitivity of your information, and can treat it accordingly – a document containing project plans is more sensitive than a document with today’s restaurant menu, for example.
Metadata is the usual method for storing the classification with your information, but for protection of your information, the classification must be cryptographically bound to your information (this prevents your sensitive document becoming insensitive). Also, to facilitate information sharing, the metadata cannot be bespoke to your organisation; otherwise sharing information is made more difficult with unreadable classification metadata.
With the information classified and protected using a common format, the organisation can now begin to apply access control policies to control the flow of information throughout the entire network. Who needs access to the information, the location of the user, the type of device they are using are all factors that may affect whether a user has access to the sensitive project plan document.
The ability to control the sharing of information is made easier with information-centric security. Ongoing, rights management technology can be applied (using an open standard) to control access to the information after it was shared, as we may only want to share sensitive information externally for a limited time.
Data is the building blocks for information, and it is information we use in our everyday lives. By adopting an information-centric security approach, we can begin to control, protect and monitor our data wherever it resides.
This three-day training program was designed and intended for experienced technical professionals who want to install, configure and support the XG Firewall in production environments and is the result of an in-depth study on the next generation firewall of Sophos. The program consists of presentations and practical workshops for the enhancement of teaching content. Due to the nature of the traditions and the varied experience of the trainees, open discussion is encouraged during the training.
(3 days Training)
Tuesday 17 March 2020– Thursday 19 March 2020
Requirement
XG Firewall _ Certified Engineer course and delta modules up to version 18.0
Recommended Knowledge
Knowledge of networking to a CompTIA N+ level
Knowledge of IT security to a CompTIA S+ level
Experience configuring network security devices
Be able to troubleshoot and resolve issues in Windows networked environments
Experience configuring and administering Linux/UNIX systems
Content
Module 1: Deployment
Module 2: Base Firewall
Module 3: Network Protection
Module 4: Synchronized security
Module 5: Web server Protection
Module 6: Site to site connections
Module 7: Authentications
Module 8: Web Protection
Module 9: Wireless
Module 10: Remote Access
Module 11: High Availability
Module 12: Public Cloud
Certification
+ exam: Sophos XG Architect
Duration: 3 Days
Agenta
Trainer: Micheal Eleftheroglou
Day 1 Tuesday 17th March 2020
9:30-10:45 Module 1: Module 1: Deployment and Lab
- Recall important information from Engineer courses
- Deployment modes supported by the XG Firewall
- Understand a range of scenarios where each deployment mode would commonly be used
- Use built-in tools to troubleshoot issues
- Labs
10:45-11:00 Break
11:00-13:00 Module 2: Base Firewall
- Explain how the XG firewal can be accessed
- Understand the types fo interfaces that can be created
- Understand the benefits of Fast Path Technology
- Configure routing per firewall rule
- Understand best practice for ordering firewall rules
- Explain what Local NAT policy is and known how to configure it.
13:00-14:00 Break
14:00-16:00 Base Firewall
- Activate the Sophos XG Firewalls
- Post installation Configuration
- Bridge interfaces
- Create a NAT rule to load balance access to servers
- Create a local NAT policy
- Configure routing using multiple WAN links
- Configure policy-based routing for an MPLS scenario
- Install Sophos Central
16:00-16:15 Break
16:15-17:15 Module 3: Network Protection and Lab
- Explain what IPS is and how traffic can be offloaded to Fastpath
- Demonstrate how to optimize workload y configuring IPS policies
- Examine advanced Intrusion Prevention and optimize policies
- Configure advanced DOS Protection rules
- Demonstrate how the strict policy can be used to protect networks
- Labs- Create Advanced DoS Rules
Day 2 Wednesday 18th March 2020
9:30-11:00: Module 4: Synchronized Security and Labs
- Explain how Security Heartbeat works
- Configure Synchronized Security
- Deploy Synchronized Security in discover and inline modes
- Understand the advantages and disadvantages of deploying
- Synchronizes Security in different scenarios
- Labs
- Configure source-Based Security
- Hearteat firewall rules
- Destination based Security Heartbeat
- Missing Security Heartbeat
- Lateral Movement Protection
11:00-11:15 Break
11:15-13:45 Module 5 Webserver Protection and Labs
- Explain how Websever Protection works
- Describe protection features for a web application
- Configure Web Server authentication
- Publish a web service using the Web Application Firewall
- Use the preconfigured templates to configure Web Server Protection for common purposes
- Configure SlowHTTP protection
- Labs (Web Application Firewall)
- Labs (Load balancing with Web Server Protection)
- Labs (Web Server Authentication and path-specific routing)
13:45-14:45 Break and Launch
14:45-17:45 Module 5: Red Management
- Configure and deploy site to site VPNs in a wide range of environment
- Implement IPsec NATing and failover
- Check and modify route precedence
- Create RED tunnels between XG firewalls
- Understand when to use RED
- Labs ( Create an IPsec site to site VPN
- Labs ( Configure VPN network NATing )
- Labs (Configure VPN failover)
- Labs (Enable RED on the XG firewall)
- Labs (Create a RED tunnel between two XG Firewalls
- Labs (Configure routing for the RED tunnel)
- Labs (Configure route-based VPN)
Day 3 Thursday 19th March 2020
9:00-10:00 Module 7: Authentications and Labs
- Demonstrate how to configure and use RADIUS accounting
- Deploy STAS in large and complex environment
- Configure SATC and STAS together
- Configure Secure LDAP and identify the different secure connections available
- Labs (configure an Active Directory Authentication server)
- Labs (configure single sing-on using STAS
- Labs (Authenticate users over a site to site VPN)
10:00-11:15 Module 8: Web Protection
- Choose the most appropriate type for web protection in different deployment scenarios
- Enable web filtering using the DPI engine or legacy web proxy
- Configure TLS inspection using the DLP engine or legacy web proxy
- Labs (Install the SSL CA certificate)
- Labs (Configure TLS inspection rules)
- Labs (Create a custom web policy for users)
11:15-11:30 Break
11:30-12:15 Module 9: Wireless
- Explain how Sophos Access Points are deployed and identify some common issues
- Configure RADIUS authentication
- Configure a mesh network
12:15-13:05 Module 10: Remote Access
- Configure Sophos Connect and manage the configuration using Sophos Connect Admin
- Configure an IPsec remote access VPN
- Configure an L2TP remote access VPN for mobile devices
- Labs (Sophos Connect)
13:05-14:25 Module 11: High Availability
- Explain what HA is and how it operates
- Demonstrate how to configure HA and explain the difference between quick and manual configuration
- List the prerequisites for high availability
- Perform troubleshooting steps andc heck the logs to ensure that HA is set up correctly.
- Explain the packet flow in high availability
- Demonstrate how to disable HA
- Labs (Create an Active-Passive cluster)
- Labs (Disable High Availability)
14:25-15:05 Break and Launch
15:05-16-15 Public Cloud and Labs
- Deploy XG firewall in complex network enviroments
- Explain how XG firewall process traffic and use this information to inform the configuration
- Configure advanced networking and protection features
- Deploy XG firewall on public cloud infrastructure
- Labs (Put a service in debug mode to gather logs)
- Labs (Retrieving log files)
- Labs (Troubleshoot an issue from an imported configuration file)
- Labs (Deploy an XG Firewall on Azure (simulation)
16:15 (Exams)
Η νέα αρχιτεκτονική Xstream στο XG Firewall v18 περιλαμβάνει μια ολοκαίνουργια, υψηλής απόδοσης λύση επιθεώρησης SSL που προσφέρει την καλύτερη ορατότητα της βιομηχανίας σε κρυπτογραφημένες ροές κίνησης (δεδομένων), υποστήριξη για TLS 1.3 χωρίς υποβάθμιση και ιδιαίτερα υψηλά επίπεδα απόδοσης.
Με τον όγκο της κρυπτογραφημένης κίνησης να βρίσκεται τώρα κοντά στο 80% και να αυξάνεται σταθερά, η επιθεώρηση SSL αποτελεί κορυφαίο ζήτημα για πολλούς οργανισμούς. Και με το δίκιο τους.
Αυτός ο όγκος κρυπτογράφησης όχι μόνο δημιουργεί ένα τεράστιο τυφλό σημείο, που οι χάκερς εκμεταλλεύονται, αλλά έχει ωθήσει και τα περισσότερα τείχη προστασίας σε σημεία πέρα από τις δυνατότητες τους. Πολλοί οργανισμοί είναι ανίκανοι να κάνουν πολλά για το πρόβλημα με αποτελέσμα τα firewalls τους ουσιαστικά καθίστανται ξεπερασμένα.
Η νέα αρχιτεκτονική Xstream του XG Firewall παρόλα αυτά έχει σχεδιαστεί για το σύγχρονο κρυπτογραφημένο διαδίκτυο.
Εξαιρετική ορατότητα σε κρυπτογραφημένες ροές κίνησης
Το XG Firewall είναι μοναδικό στην παροχή ορατότητας πρωτοφανούς επιπέδου στις κρυπτογραφημένες ροές κίνησης. Μόλις συνδεθείτε, μπορείτε με μια ματιά να έχετε εικόνα για τον όγκο κρυπτογραφημένης κίνησης στο δίκτυό σας, να βλέπετε πόση από αυτή αποκρυπτογραφείται ενεργά αλλά και αν υπάρχουν προβλήματα συμβατότητας.
Με μερικά μόνο κλικ επίσης είστε σε θέση να επιλύσετε τυχόν πιθανά ζητήματα για να εξασφαλίσετε μια εξαιρετική εμπειρία χρήσης.
Εξαιρετική εστίαση στην ασφάλεια και υποστήριξη για TLS 1.3 (χωρίς υποβάθμιση)
Οι περισσότεροι προμηθευτές τειχών προστασίας και UTM θα ισχυριστούν ότι παρέχουν υποστήριξη TLS 1.3 ωστόσο στην πραγματικότητα υποβαθμίζουν τις κρυπτογραφημένες συνεδρίες σε TLS 1.2. Το XG Firewall σχεδιάστηκε για να αναλάβει τις απαιτήσεις του σύγχρονου κρυπτογραφημένου διαδικτύου με πλήρη υποστήριξη του προτύπου TLS 1.3.
Το TLS 1.3 είναι το πιο πρόσφατο πρότυπο για όλους τους καλούς λόγους. Έτσι, επιλύει σημαντικά ζητήματα ασφάλειας και απόδοσης που υπάρχουν με το TLS 1.2. Η υποβάθμιση (downgrading) δημιουργεί ένα άνοιγμα για επιθέσεις και ρίχνει την απόδοση.
Με την υποστήριξη του TLS 1.3 να αυξάνει διαρκώς μεταξύ των μεγάλων web servers και των οργανισμών hosting, κανείς δεν πρέπει να εξετάσει την αγορά ενός τείχους προστασίας σήμερα χωρίς κατάλληλη υποστήριξη για το πρότυπο TLS 1.3.
Το XG Firewall προσφέρει επιπλέον -μεταξύ άλλων- τα καλύτερα controls στην βιομηχανία για την διαχείριση μη ασφαλών και παλαιότερων σουιτών κρυπτογράφησης (cipher) χάρη στις ολοκληρωμένες επιλογές που διαθέτει ως μέρος των νέων προφίλ αποκρυπτογράφησης (Decryption Profiles) που μπορούν να χρησιμοποιηθούν στους κανόνες επιθεώρησης TLS.
Έχετε πλήρη επιχειρησιακού επιπέδου controls για να επιτύχετε την τέλεια ισορροπία μεταξύ ασφάλειας, ιδιωτικότητας, απόδοσης και συμμόρφωσης για τον οργανισμό και την επιχείρηση σας.
Εκπληκτική απόδοση
Η νέα αρχιτεκτονική Xstream στο XG Firewall v18 προσφέρει εξαιρετική απόδοση σε όλες τις λειτουργίες του τείχους προστασίας, συμπεριλαμβανομένης και της επιθεώρησης SSL.
Η νέα αρχιτεκτονική επεξεργασίας πακέτων συμπεριλαμβάνει μία ολοκαίνουργια μηχανή συνεχούς ροής βαθιάς επιθεώρησης πακέτων, που όχι μόνο παρέχει αποκρυπτογράφηση SSL υψηλής απόδοσης αλλά και hands-off αποκρυπτογράφηση περιεχομένου για IPS, προστασία ιστού, AV (antivirus), αναγνώριση και έλεγχο εφαρμογών και όλα τα παραπάνω από μία μοναδική μηχανή.
Χρησιμοποιώντας τα πλέον σύγχρονα μοντέλα μηχανικής εκμάθησης, η νέα υπηρεσία πληροφοριών απειλών (threat intelligence) αναλύει επίσης τα εισερχόμενα αρχεία με ενεργό κώδικα σε πραγματικό χρόνο, για να εντοπίσει απειλές που είναι άγνωστες και δεν έχουν ακόμα παρατηρηθεί, ώστε να διατηρεί τα τελευταία φορτία ransomware και άλλες απειλές εκτός του εταιρικού δικτύου σας.
Με το νέο χαρακτηριστικό Xstream SSL Inspection στο XG Firewall v18, τα κρυπτογραφημένα αρχεία δεν μπορούν πλέον να «κρύβουν» απειλές που ενδέχεται να περάσουν απαρατήρητες από το τείχος προστασίας του δικτύου σας.
Που να μάθετε περισσότερα
Για περισσότερες πληροφορίες σχετικά με τις προκλήσεις που αντιμετωπίζουν τα περισσότερα τείχη προστασίας όσον αφορά στην σωστή επιθεώρηση της κρυπτογραφημένης κίνησης TLS, το τεράστιο τυφλό σημείο που αυτό δημιουργεί και για το πώς οι χάκερ χρησιμοποιούν όλο και περισσότερο την κρυπτογράφηση προς όφελός τους, μπορείτε να διαβάσετε την πιο πρόσφατη αναφορά της Sophos: Έχει η κρυπτογράφηση καταστήσει το υφιστάμενο τείχος προστασίας σας ασήμαντο;
Αν δεν γνωρίζετε το XG Firewall, ρίξτε μία ματιά σε όλα τα άλλα πλεονεκτήματα που παρέχει όσον αφορά στην ορατότητα, στην προστασία και στην απόδοση του δικτύου σας και ξεκινήσετε άμεσα με ένα online demo.