- Jul 26, 2015
- 263
Hello to all,
first a huge Disclaimer:
- > Software and Hardware in use is Company / Enterprise grade.
- > All Licenses in use are purchased with my own Money (Private) and NOT SPONSORED by the Vendors in any way!
- > This Configuration is my own Opinion and would love to share my Experience with the MalwareTips Community.
- > Configurations shared here can be unpractical for some and need a deeper understanding how the products function.
- > I will keep my configuration short and not go too deep in to what function covers what... (Protection alone [Would be a Wall-of-Text] otherwise)
My First Line of Defense is Network. With the Sophos XGS Firewall Appliance and segmentation of Networks: (Sophos XG / XGS Series of Firewalls are Zone Based Firewalls/Rules. It can be difficult to understand how Networks are effected by them!)
Example:
192.168.2.0 /30 - LAN Zone
10.222.222.0 /30 - Corp. Zone (Why such an IP-Address -> Not to Conflict with Routed Address on the Company Side)
192.168.5.0 /30 - IoT Device Server Zone
192.168.3.0 /28 - WiFi Zone with VLAN (Example 5 as a virtual interface) [Reason is to detach Access Point Management VLAN 1 from the Network] Broadcast Mitigation Unifi Products -> Will be replaced with a Sophos APX 120 Access Point in the future!
All features from the Sophos XGS Firewall Appliance that come with the XStream Protection Bundle are enabled and in use!
Just to name a few:
- Granular User Rules with Firewall features / ATP / IPS / Content Filter / DPI / SSL-Inspection / RED SD-WAN Orchestration / Sophos Central / DoS / Anti-Spoofing with Trusted IP and MAC Binding / ZeroDay Protection and so on...
Clarification:
There is no Active Directory or Directory Services in use. Users can be Managed directly from the Appliance as Local Users with MFA and Client Authentication Agent (Software).
Primary Firewall Rule Set is -> Default Deny
This means if the User is not logged on = Drop All!!! <- LAN Zone = No Internet / No Local Network
The other Zones are Configurated with dedicated Hosts and therefore have very granular Rules for that specific Zone Only with all Protections Modules enabled like mentioned above.
Only Protocols in use is: HTTP / HTTPS / DNS / NTP
As for the Private Laptop:
It is protected with Sophos Intercept X Advanced with XDR (Live Response and Data Lake = Enabled) and Managed in Sophos Central. The devices and network is configured with Security Heartbeat - So if a device becomes infected or something suspicious is happening it will ISOLATE itself automatically - Then it tries to clean itself and informs the admin! - With the Forensic tools build in to Sophos Central a Root Cause will be generated.
On default (My Configuration) all known Applications are blocked from execution and only the ones I truly use and need are Allowed specifically. (Build in to Sophos Intercept X Advanced)
With Sophos Intercept X Advanced with XDR there are so many Protection layers and can highly recommend to check them out: Sophos Intercept X Endpoint Protection
All my personal data is synced with OneDrive Premium as a backup measure with Personal Safe Enabled for Critical Data.
I know it is very short in terms of information. [view disclaimer on top of page]
I do not use Consumer grade AV-s or Firewalls anymore since there has to be a trust with Vendor / Dev. team behind it. Since I work in a company that mainly sells Sophos Products I got my hands-on-experience with it and learned allot about how they function and how big the community is behind Sophos. That is the reason I chose to convert my Ubiquiti Infrastructure with a F-Secure EPP for Computer AV, UDM-Pro and AccessPoints to Sophos XGS Firewall and Sophos AV Product.
On how I got my licenses for the products is simple - > I bought them (No NFR Licenses or Sponsorship)!!!
Sincerely
Val.
first a huge Disclaimer:
- > Software and Hardware in use is Company / Enterprise grade.
- > All Licenses in use are purchased with my own Money (Private) and NOT SPONSORED by the Vendors in any way!
- > This Configuration is my own Opinion and would love to share my Experience with the MalwareTips Community.
- > Configurations shared here can be unpractical for some and need a deeper understanding how the products function.
- > I will keep my configuration short and not go too deep in to what function covers what... (Protection alone [Would be a Wall-of-Text] otherwise)
My First Line of Defense is Network. With the Sophos XGS Firewall Appliance and segmentation of Networks: (Sophos XG / XGS Series of Firewalls are Zone Based Firewalls/Rules. It can be difficult to understand how Networks are effected by them!)
Example:
192.168.2.0 /30 - LAN Zone
10.222.222.0 /30 - Corp. Zone (Why such an IP-Address -> Not to Conflict with Routed Address on the Company Side)
192.168.5.0 /30 - IoT Device Server Zone
192.168.3.0 /28 - WiFi Zone with VLAN (Example 5 as a virtual interface) [Reason is to detach Access Point Management VLAN 1 from the Network] Broadcast Mitigation Unifi Products -> Will be replaced with a Sophos APX 120 Access Point in the future!
All features from the Sophos XGS Firewall Appliance that come with the XStream Protection Bundle are enabled and in use!
Just to name a few:
- Granular User Rules with Firewall features / ATP / IPS / Content Filter / DPI / SSL-Inspection / RED SD-WAN Orchestration / Sophos Central / DoS / Anti-Spoofing with Trusted IP and MAC Binding / ZeroDay Protection and so on...
Clarification:
There is no Active Directory or Directory Services in use. Users can be Managed directly from the Appliance as Local Users with MFA and Client Authentication Agent (Software).
Primary Firewall Rule Set is -> Default Deny
This means if the User is not logged on = Drop All!!! <- LAN Zone = No Internet / No Local Network
The other Zones are Configurated with dedicated Hosts and therefore have very granular Rules for that specific Zone Only with all Protections Modules enabled like mentioned above.
Only Protocols in use is: HTTP / HTTPS / DNS / NTP
As for the Private Laptop:
It is protected with Sophos Intercept X Advanced with XDR (Live Response and Data Lake = Enabled) and Managed in Sophos Central. The devices and network is configured with Security Heartbeat - So if a device becomes infected or something suspicious is happening it will ISOLATE itself automatically - Then it tries to clean itself and informs the admin! - With the Forensic tools build in to Sophos Central a Root Cause will be generated.
On default (My Configuration) all known Applications are blocked from execution and only the ones I truly use and need are Allowed specifically. (Build in to Sophos Intercept X Advanced)
With Sophos Intercept X Advanced with XDR there are so many Protection layers and can highly recommend to check them out: Sophos Intercept X Endpoint Protection
All my personal data is synced with OneDrive Premium as a backup measure with Personal Safe Enabled for Critical Data.
I know it is very short in terms of information. [view disclaimer on top of page]
I do not use Consumer grade AV-s or Firewalls anymore since there has to be a trust with Vendor / Dev. team behind it. Since I work in a company that mainly sells Sophos Products I got my hands-on-experience with it and learned allot about how they function and how big the community is behind Sophos. That is the reason I chose to convert my Ubiquiti Infrastructure with a F-Secure EPP for Computer AV, UDM-Pro and AccessPoints to Sophos XGS Firewall and Sophos AV Product.
On how I got my licenses for the products is simple - > I bought them (No NFR Licenses or Sponsorship)!!!
Sincerely
Val.
