Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Setup
PC Setup Configuration Help & Showcase
Valvaris - Corp. Protection on Private PC and Network Config.
Message
<blockquote data-quote="valvaris" data-source="post: 989522" data-attributes="member: 38787"><p>Hello to all,</p><p></p><p>first a huge Disclaimer:</p><p>- > Software and Hardware in use is Company / Enterprise grade. </p><p>- > All Licenses in use are purchased with my own Money (Private) and NOT SPONSORED by the Vendors in any way!</p><p>- > This Configuration is my own Opinion and would love to share my Experience with the MalwareTips Community.</p><p>- > Configurations shared here can be unpractical for some and need a deeper understanding how the products function.</p><p>- > I will keep my configuration short and not go too deep in to what function covers what... (Protection alone [Would be a Wall-of-Text] otherwise)</p><p></p><p>My First Line of Defense is Network. With the Sophos XGS Firewall Appliance and segmentation of Networks: (Sophos XG / XGS Series of Firewalls are Zone Based Firewalls/Rules. It can be difficult to understand how Networks are effected by them!) </p><p></p><p>Example:</p><p>192.168.2.0 /30 - LAN Zone</p><p>10.222.222.0 /30 - Corp. Zone (Why such an IP-Address -> Not to Conflict with Routed Address on the Company Side)</p><p>192.168.5.0 /30 - IoT Device Server Zone</p><p>192.168.3.0 /28 - WiFi Zone with VLAN (Example 5 as a virtual interface) [Reason is to detach Access Point Management VLAN 1 from the Network] Broadcast Mitigation Unifi Products -> Will be replaced with a Sophos APX 120 Access Point in the future! </p><p></p><p>All features from the Sophos XGS Firewall Appliance that come with the XStream Protection Bundle are enabled and in use!</p><p>Just to name a few:</p><p>- Granular User Rules with Firewall features / ATP / IPS / Content Filter / DPI / SSL-Inspection / RED SD-WAN Orchestration / Sophos Central / DoS / Anti-Spoofing with Trusted IP and MAC Binding / ZeroDay Protection and so on...</p><p></p><p>Clarification:</p><p>There is no Active Directory or Directory Services in use. Users can be Managed directly from the Appliance as Local Users with MFA and Client Authentication Agent (Software).</p><p></p><p>Primary Firewall Rule Set is -> Default Deny </p><p>This means if the User is not logged on = Drop All!!! <- LAN Zone = No Internet / No Local Network</p><p>The other Zones are Configurated with dedicated Hosts and therefore have very granular Rules for that specific Zone Only with all Protections Modules enabled like mentioned above.</p><p></p><p>Only Protocols in use is: HTTP / HTTPS / DNS / NTP</p><p></p><p>As for the Private Laptop:</p><p></p><p>It is protected with Sophos Intercept X Advanced with XDR (Live Response and Data Lake = Enabled) and Managed in Sophos Central. The devices and network is configured with Security Heartbeat - So if a device becomes infected or something suspicious is happening it will ISOLATE itself automatically - Then it tries to clean itself and informs the admin! - With the Forensic tools build in to Sophos Central a Root Cause will be generated. </p><p></p><p>On default (My Configuration) all known Applications are blocked from execution and only the ones I truly use and need are Allowed specifically. (Build in to Sophos Intercept X Advanced)</p><p></p><p>With Sophos Intercept X Advanced with XDR there are so many Protection layers and can highly recommend to check them out: <a href="https://www.sophos.com/en-us/products/endpoint-antivirus" target="_blank">Sophos Intercept X Endpoint Protection</a></p><p></p><p>All my personal data is synced with OneDrive Premium as a backup measure with Personal Safe Enabled for Critical Data.</p><p></p><p> I know it is very short in terms of information. [view disclaimer on top of page]</p><p></p><p>I do not use Consumer grade AV-s or Firewalls anymore since there has to be a trust with Vendor / Dev. team behind it. Since I work in a company that mainly sells Sophos Products I got my hands-on-experience with it and learned allot about how they function and how big the community is behind Sophos. That is the reason I chose to convert my Ubiquiti Infrastructure with a F-Secure EPP for Computer AV, UDM-Pro and AccessPoints to Sophos XGS Firewall and Sophos AV Product. </p><p></p><p>On how I got my licenses for the products is simple - > I bought them (No NFR Licenses or Sponsorship)!!! </p><p></p><p>Sincerely</p><p>Val.</p></blockquote><p></p>
[QUOTE="valvaris, post: 989522, member: 38787"] Hello to all, first a huge Disclaimer: - > Software and Hardware in use is Company / Enterprise grade. - > All Licenses in use are purchased with my own Money (Private) and NOT SPONSORED by the Vendors in any way! - > This Configuration is my own Opinion and would love to share my Experience with the MalwareTips Community. - > Configurations shared here can be unpractical for some and need a deeper understanding how the products function. - > I will keep my configuration short and not go too deep in to what function covers what... (Protection alone [Would be a Wall-of-Text] otherwise) My First Line of Defense is Network. With the Sophos XGS Firewall Appliance and segmentation of Networks: (Sophos XG / XGS Series of Firewalls are Zone Based Firewalls/Rules. It can be difficult to understand how Networks are effected by them!) Example: 192.168.2.0 /30 - LAN Zone 10.222.222.0 /30 - Corp. Zone (Why such an IP-Address -> Not to Conflict with Routed Address on the Company Side) 192.168.5.0 /30 - IoT Device Server Zone 192.168.3.0 /28 - WiFi Zone with VLAN (Example 5 as a virtual interface) [Reason is to detach Access Point Management VLAN 1 from the Network] Broadcast Mitigation Unifi Products -> Will be replaced with a Sophos APX 120 Access Point in the future! All features from the Sophos XGS Firewall Appliance that come with the XStream Protection Bundle are enabled and in use! Just to name a few: - Granular User Rules with Firewall features / ATP / IPS / Content Filter / DPI / SSL-Inspection / RED SD-WAN Orchestration / Sophos Central / DoS / Anti-Spoofing with Trusted IP and MAC Binding / ZeroDay Protection and so on... Clarification: There is no Active Directory or Directory Services in use. Users can be Managed directly from the Appliance as Local Users with MFA and Client Authentication Agent (Software). Primary Firewall Rule Set is -> Default Deny This means if the User is not logged on = Drop All!!! <- LAN Zone = No Internet / No Local Network The other Zones are Configurated with dedicated Hosts and therefore have very granular Rules for that specific Zone Only with all Protections Modules enabled like mentioned above. Only Protocols in use is: HTTP / HTTPS / DNS / NTP As for the Private Laptop: It is protected with Sophos Intercept X Advanced with XDR (Live Response and Data Lake = Enabled) and Managed in Sophos Central. The devices and network is configured with Security Heartbeat - So if a device becomes infected or something suspicious is happening it will ISOLATE itself automatically - Then it tries to clean itself and informs the admin! - With the Forensic tools build in to Sophos Central a Root Cause will be generated. On default (My Configuration) all known Applications are blocked from execution and only the ones I truly use and need are Allowed specifically. (Build in to Sophos Intercept X Advanced) With Sophos Intercept X Advanced with XDR there are so many Protection layers and can highly recommend to check them out: [URL="https://www.sophos.com/en-us/products/endpoint-antivirus"]Sophos Intercept X Endpoint Protection[/URL] All my personal data is synced with OneDrive Premium as a backup measure with Personal Safe Enabled for Critical Data. I know it is very short in terms of information. [view disclaimer on top of page] I do not use Consumer grade AV-s or Firewalls anymore since there has to be a trust with Vendor / Dev. team behind it. Since I work in a company that mainly sells Sophos Products I got my hands-on-experience with it and learned allot about how they function and how big the community is behind Sophos. That is the reason I chose to convert my Ubiquiti Infrastructure with a F-Secure EPP for Computer AV, UDM-Pro and AccessPoints to Sophos XGS Firewall and Sophos AV Product. On how I got my licenses for the products is simple - > I bought them (No NFR Licenses or Sponsorship)!!! Sincerely Val. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
