Document toolboxDocument toolbox

Creating Security Policies

Owned by Gary Leicht
Last updated: May 22, 2024
3 min read

A security policy is a set of rules and actions that you define to balance access and constraints so you can mitigate malicious attacks and provide security for your networks. 

To create a security policy, complete the following:

  1. From the Cloud Services Portal, click Policies > Security Policies.
  2. On the Security Policies page, click Create Security Policy at the top Action bar. The Create New Security Policy wizard appears.
  3. On the General page, complete the following:
    • Name: Enter a name for the security policy. Ensure that you enter a unique name for each security policy. This is a required field.
    • Description: Enter a brief description of the security policy. You can enter up to 256 characters. This is not a required field, but it is recommended. 
    • Precedence: Enter the precedence order for this policy, or use the arrows in the field to choose the precedence order for the policy. You can reorder security policy rules precedence using drag-and-drop functionality. Click on the policy rule to be reordered on the Policy Rules page and drag it to its new location. Repeat the process as necessary until all policy rules precedence have been reordered as required. If you do not set a precedence order, the system will set this policy.
    • Geolocation: Toggle the Geolocation switch from Disable to Enable (disabled by default) in order to enable the geolocation for the security policy, or accept the default disabled configuration for the security policy to preserve privacy. For more information about geolocation support, see Enabling and Disabling Geolocation for a Security Policy.
    • Safe Search: Toggle this switch from Disable to Enable (disabled by default). When safe search is enabled, inappropriate content from search results obtained from four major search engines (Google, Bing, YouTube, and Yandex) is filtered and restricted. Enabling safe search ensures that protected users will be unable to access or view inappropriate content. Enabling safe search does not override any configured custom lists or the default redirect. For more information about safe search enforcement, see Safe Search Enforcement.
    • DoH per Policy: Switch the DoH per Policy toggle from Disable to Enable (disabled by default) to activate an encrypted protocol for DNS resolution. Once enabled, a textbox will display a custom, generated FQDN. You can click Copy to accept the generated FQDN or click Regenerate to generate a new FQDN. A pop-up window will then prompt you to confirm the refresh (regenerate) action for a new FQDN, indicating that the former FQDN will become invalid and this action cannot be undone. BloxOne Threat Defense can terminate DoH connections and associate custom DoH FQDNs with specific customer policies. This allows customers to securely redirect their DNS traffic to the BloxOne Threat Defense cloud without a client and integrate our solution with third-party solutions. For information on how to use an agentless client over DoH, see Implementing Clients over DoH.
    • Block DNS rebind attack: Toggle this switch from Disable to Enable (disabled by default) to prohibits DNS rebinding attacks. For information, see Blocking DNS Rebind Attacks.
    • Local on-Prem Resolution: Toggle this switch from Disable to Enable (disabled by default) to enable Local on-Prem Resolution. For information, see Using Local On-Prem Resolution.
    • Tags: Tags can be added for DNS Forwarding Proxy, endpoints, endpoint groups, IPAM networks, individual IPs, IPAM Host objects, and ranges. Tags can also be added to Endpoint metatdata, OS and endpoint version. Policy rules can be defined by tags for custom lists, application filters and category filters. In the Tags section, click Add to add a tag. A tag consists of a KEY (required) and a Value. When a security policy is created possessing a key and its corresponding value, all resource data having the same or similar key and the same or similar value will be associated with the security policy. For example, you can assign a security policy for firewalls. New firewalls will be automatically included in a policy when you add a relevant tag to an IPAM object. Or you can quarantine compromised or outdated endpoints (e.g. on Windows 8.1) by tags and metadata.  
       
  4. Click Next.
  5. On the Network Scope page, define your network scope for this security policy. For more information, see Configuring Network Scopes.
  6. Click Next.
  7. On the Policy Rules page, add policy rules, and set their actions and precedence. For more information, see Adding Policy Rules and Setting Precedence.
  8. Click Next.
  9. On the Bypass Codes page, add bypass codes to your security policy. For more information, see Adding Bypass Codes to a Security Policy.
  10. Click Next.
  11. On the Summary page, review your configuration. This page displays the configuration details. You can click the right-pointing arrow icon next to a network scope or policy rule to view the details in the Selected panel. Before saving the security policy, you can make modifications by clicking the respective pages on the left navigation panel. You can also click the Back button to navigate back to previous steps in the Create New Security Policy wizard.
  12. Click Save & Close to save the configuration.

For additional information on security policies, see the following: