Configuring Security Components
- Shirly Tsang
- Gary Leicht
After you define your network scope, they are automatically protected by intelligence threat feeds that come with Infoblox Threat Defense based on your subscription level. You can now set up a few security components such as custom lists, filters, security policies, and redirects.
If you are running the DNS forwarding proxy service on your NIOS Grid, you can configure on-prem DNS firewall to distribute threat intelligence feeds to protect your on-premises networks.
The following sections describe the security components and their usage.
Security PoliciesÂ
A security policy is a set of rules and actions that you define to balance access and constraints, so you can mitigate malicious attacks and provide security for your networks. Infoblox Threat Defense provides a default global policy that gives you a head start in protecting your networks. You can review the default global policy and decide whether you want to add or remove some of the rules based on your business requirements.
In addition to the default global policy, you can add new security policies from scratch or clone an existing policy to complement the default policy. For information on setting up and configuring security policies, see Configuring Security Policies.
Custom ListsÂ
You can create custom lists containing domains and IP addresses to define allow lists and bock lists for additional protection. You can use a custom list to complement existing feeds or override the Block, Allow, Log, or Redirect action that is currently defined for an existing feed. You can also add a custom list to multiple security policies or multiple custom lists to one security policy based on your business needs. When using your own threat intelligence feeds with Infoblox Platform, allow lists and block lists, you can apply your own security policies. Each custom list can contain as many as 50,000 records, and Infoblox Thread Defense supports up to 500,000 records across al customer lists. For information on setting up and configuring custom lists, see Custom Lists.
FiltersÂ
Infoblox Threat Defense provides two types of filters you can use to control internet content for users: category and application filters. Category filters are content categorization rules that Infoblox Threat Defense uses to detect and filter specific internet content. Based on your configuration, specific actions such as Allow or Block will be taken on the detected content. Application filters are rules that Infoblox Platform uses to allow or deny specific applications, such as email, video conferencing, and others. For information on setting up and configuring filters, see Using Filters.
Intelligence Threat Feeds
Infoblox Threat Defense provides threat feeds based on your subscription level. For information, see Licensing and Subscriptions.
Default and Custom RedirectsÂ
You can configure Infoblox Threat Defense to redirect traffic to display the default or custom redirect page. If you want to redirect traffic to a custom destination, you must first add the redirect IP or domain to the Redirect page. For information on setting up and configuring redirects, see Defining the Redirect Page.
For more information, see the following:
Â