Ổng quan về xây dựng chính sách kiểm soát ứng dụng

End-Users should import this certficate ito their browsers fo avoid SSL warning messages El 2¢min admin Proxy CA Network Protection @ Web Filtering Web Filter Profiles Venficaton CAs

BQ CONG THUONG _ TRƯỜNG ĐẠI HỌC CÔNG THƯƠNG TP.HỒ CHÍ MINH

KHOA CÔNG NGHẸ THÔNG TIN

Giảng viên : Lê Anh Tuấn Sinh viên : Nguyễn Minh Tuấn-2006ó210303

Thành phố Hồ Chí Minh, năm 2023

Trong Sophos UTM, việc xây dựng các quy tắc kiểm soát các ứng dụng mạng được

thực hiện trong Web Protection > Application Control

Mo x

= A

Pra Application Control

Network visibility i)

Network Services force ; force ~

Network Protection aor aes S Sf & f

\WebEiRminp 8 —S y

Fitering Options waded 8B ——݇———— —

Polcy Helpdesk “ '

Application Control ' 2 ~ -R- — — — —'i

tp & _. EÐÐ.— S ~ ¡

f Flow Monitor Piease select § Select an interface and cick on the button to open the Flaw Monitor

Open Flow Monitor v

ở ôflowmonitor bấm vào dé xem lưu lượng

Nene vy =) >

Web Protection ——

Web Filter Profiles

Fitering Options 8g — = —e

Flow MotYtox

Open Flow Monitor

G Flow Monitor - interne

Smt] hnetps//192.16842.1344444/fiow_monitorhtmi#tabula © Certificate error ®©

Tabular | Chart

Sophos Webadmin 1 <1 KBIs 2MB © Block Shape Throtde

Để tiến hành thiết lập các quy tắc, cần bật Network visibility

Tại đây còn cung cấp chức năng Flow Monitor cho phép theo dõi lưu lượng mạng

(network traffic) của các ứng dụng thông qua các card mạng theo thời gian thực.

m 2

e (GD hntosy/192.168.42.134.4043/ Ð Š 6 eerie aro) we admin- User acmin C Waiting for google.com ®

a ˆ

2 Aopkcaten Condrol

Da @ Network Visi Application Control Rules = Advanced

va + New Rute a a « »

De Prcarch Find

3 Open Live Log Deplay 10 [Vv 0-0øf0 Action ~ | Sortby: Postionasc X]

Policy Helpdesk

Application Control

FIP

RED Manageme

Khi xây dựng chính sách, có thể thực hiện chính sách kiểm soat (Control by) theo loại

ứng dụng (Applications) hoặc theo bộ lọc động (Dynamic filter) dựa theo đánh giá từ Sophos về năng suất (Productivity) và độ nguy hiểm (Risk) của loại ứng dụng đó

Thiết lập bộ Chính sách kiểm soát ứng dụng & giải quyết các vấn đề:

e (Ontos y/192.16842 13440047 Peete aro) wei scmin - User acmin C Waiting for google.com

SOPHOS 1° 1—=i8:@C

Dashboard Exceptions Websies BypassUsers PUAs | Categories HTTPSCAs Misc

Management

Signing CA

Definitions & Users

Interfaces & Routing The Signing CA is used to sign all autogenerated site certificates that are transmitted to end-user browsers End-Users should

import this certficate ito their browsers fo avoid SSL warning messages

El 2¢min admin Proxy CA

Network Protection

@

Web Filtering

Web Filter Profiles Venficaton CAs

Filtering

Policy Helpdesk

Application Control Verification CAs are used by the proxy fo establish trust in the authenticity of a remote site The Global CAs are equivalent to

intranet Email Protection

Wreless Protection

om I Actalls $.p.A.(03358520967 Actas Authentication Root CA

site VPN

I Zalo Received Fi” ¬ =

®msrc rosy 24 a ec

so (9 mh tush sophes

Sa-36bO-463a-D8C3aab2cS Ỹ - pH

C

Pease select a file to upload, then click the Start Upload button, Chọn tếp ` Không có tgp néo duoc chon

Giokal veritication CAs

BBBBBBBR HHI*i®I*=EI

Thực hiện tải file và upload file lên

Mở mmc ở máy sever

Interface: all

Tabular | Chart

1 | Sf GB Consolet - [Console Root]

File Action View

5 Console Root Favorites

Actions

Console Root

There are no items to show in this view

More Actions

| Add or Remove Snap-ins

.©xtenÐle snap-ins, you can configure which extensiorg are enabled

Son Vendor I Console Root

BWP Active rectory Ste

Ty Active Ovectory Use

ActiveX Control Microsoft Cor

filevent Viewer Description:

You can use the Active Directory Domains and Trusts snap-n to menage Active Drectory domsine and trusts

Me muc add or remove

Interface: all

Tabular | Chart

Certificates snap-in

GB File Action

This snapsn wil aways manage centficates for:

Thém certificate vao

e

| G tps //192.16842.1344444/flow_monitorntmittabular

Interface: all

Tabular | Chart

Application Clients

94 ÑÑ Consolet - (Console Root]

[i File Action View Favorites Window Help

«* ml 2|

“3 Consele Reet me

Mote cons

l

@ Certificates (Local Computer)

Interface: all

Tabular | Chart

GH File Action View Favorites

#9%\2m\0\aa/85

1D Console Root Ob Welcome to the Certificate Import Wizard =

Personal

This wzord helps you copy

‘Trusted Reet Certification Aut &

ate store

2 Enterprise Trust

(Trusted Publishers and contains informat to protect dats or to ectablich secur u cabot

connectors A certficate store i¢ the system ares where certécates are kept

Store Location

1 Smart Card Trusted Roots Tecmrue, di Net,

7) Trusted Devices

1 Windows Live ID Token Iss

add task & muc trust cétifiacte

8

| hetps/192.16842.134-444/fiow_monitochtmittabuler

Interface: all

Tabular | Chart

# = Application

¢ 4 Certificate import Ward

Ñ He Action View Favorites

© Console Root Ob Spactly the fle you want te part Actions

sonal

Trusted Root Cestitication iano — ,

Note: More than one certificate can be stored in 3 single te in the folowing formats:

File te impect

Personal Information Exchange: PKCS #12 (.PFX Cryptographic Message Simtax Standard- PACS #7 Certificates (P78) Microsoft Serialized Cer sficate Store (

1) Certificate Enrollment Rec|

Smart Card Trusted Roots

Eh Trusted Devices

GD Windows Live ID Token Is

Trusted Root Certification Authorities store

upload thu mục lên máy sever

Interface: all

Tabular | Chart

= Application Bandwith Usage now Total Traffic

1 =

GB File Action View Favorites

#e\2m0\aa8\85

1D Console

© GJ Cetifcates (Local Computer)

2) Personal Import Wiza

indow Help

Di Certificates

‘Trusted Reet Certification Aut =

2 Enterprise Trust

@ The import was successful

DD Intermediate Certification

2 Remote Desktop

1D Certificate Enrollment Rec

Smart Card Trusted Roots

1 Trusted Devices

1 Windows Live ID Token Is

Trusted Root Certification Authorities store contains 23 certificates

Két qua

B= BS) Bi receboot— log in orsign up

Unsupported browser You're using a browser that isn’t supported by Facebook, so we've redirected you to a simpler version to give you the best experience

facebook Mobile number or email address

Password

Forgotten password?

Create new account

¬ © nntps:// www mediafire.com 2 + 8O Fa Facebook — jon in or sign up (Py Fite shoring and storage ma x

=© MediaFire

File storage and sharing made simple

Network Vai ‘Application Co Advanced

pications to control

Risk | Productivity

ure

EẠ Asure Servce Bue

148 Applications found

4

1

2

3

2

4

1

1

1

3

ov Apply X Canew

Legging & Reporting

Support

X Save X Cancel

càid đặt rule và cấm truy cập các trang web định dang upload file

Dashboard Network Vai Application Co Advanced

Intertaces & Roưing [Bi Open Live Log Display [10 1-101

For

D Clone

Zopyshare $Any

'ZaeNet

Nr

Wireless Protectan

Webserver Protector

RED Management

Remete Access

Logging & Reparting

Support

Log off

c 2_ lezila - Search ra

[Ö‹97101963:5esero@lttp sselab.16mb.com - FileZilla =

File Edit View Transfer Server Bookmarks Help

ä¿ - |[EJZÏFSSB] © th @ 1x 2| a ow

Host: [iselab.16macom] Username: [71091963isedemo | Password | se

Resolving address of ftpiselab.1émb.com

Could not connect to server

Waiting to retry

Local site: | C:\Users\Administrator\,

File folder

3/13/2023 GS

12/15/2023 11- 3/13/2023 6:45

Not connected to any server

3/28/2023 8:36

7 files and 22 directories, Total size: 2,383,892 bytes ‘Not comected,

Server/Local file Direc Remote file Size Priority Status

3 Cấm tất cả người dùng sử dụng giao thức truyền tập tin FTP, không cho

SOPHOS

dm BOC

Networks (CTRL) % Application Control 4+

fo vị, O Network Vai ‘Application Co Advanced

File Transter

[aD Aominstrator (User Network) vat Z

Ý xwtx4 = Are AFP q 3 3 3

Bi imema (Broadcast) @ File Transfer = ? 3 2 2

(đổ ImemetIPv4 | 3 3

Ie NTP Server Pool 3 ›

Sophos LiveConnect 3 ?

Gad SuperAdmins (User Group Ne 1 $

1 3°

(VPN Pool (Cisco)

Cancet

(YPN Pool (L2TP) Apply acest,

VPN Pool (SSL

# = X se X Cancel

m5

c@ File Edit View Transfer Server Bookmarks Help p

C hronl ¡¡ v|L8|IFIP&I 2 x © lì @ x x|Í# 4 2 @ Z3 ~ 2

Status: Waiting to retry ˆ

Local site: | C:\Users\Administrator\,

= @ Administrator ^

HD All Users

‡ fault

Ih Default User

0 minhtuan v

i

Ä AppD: File folder 3/13/2023 645 Not connected to any zerver

|B Application Data File toler 12/15/2023 11:

` Cookies File folder 12/15/2023 11

Server/Local file Direc Remote file Size Priceity Status

Queued files | Failed transters Successful transfers

© Queue: empty

EMIESUY đvIHIIỢIIE UšEI: II HT

a (User Network : =

> New Rule, Ác «

Ga Active Directory Users (User ¢

D say © Eat 2ttp o

BE tmemal (Broadcast)

FB imemal (Network

đổ Imemet IPv4

{ud mevtuan (User Network) 2 Edt m:«ea °

fad SuperAdmins (User Group Ne

WBYPN Pool (Cisco)

YEN Pool IPsec)

(YPN Pool (L2TP)

{YPN Pool (PPTP

(YPN Pool (SSL)

block mang xa h

chan proxy

ội

SOPHOS

[ad Actor Directory Users (User Group Network) wate (User Netwark)

2 b (User Newark)

2 minttuan (User Netwark)

fad Superadmins (User Group Network)

Ped Nhóm: MC059- Đỗ Xuân Hợp

EJ a O Network Vai ‘Application Co Advanced

Ga (User Network: An v

a , = ” Ede 113 °

1 x4 For

Clone E

Ribte Zant 2 Active Directory Users {User Group Network

Fi Imemal (Broadcast)

FG intemal (Network) fad minivan (User Network) foe E

_Ă X.Deme, ©Modwdi

|) Clone

fad SuperAdmins (User Group Ne

WBYPN Pool (Cisco)

YEN Poot IPsec)

(YPN Pool (L2TP)

(VPN Pool (PPTP

(VPN Pool (SSL)

¢@ 8 #

Nore

Pee 3 socal i x

IFTPSDATA FIPS FTP Data fad 8 (User Newark) {ad Actve Directory Users (User Group Network)

fad admin (User Network) [ad Admonstrator (User Network)

SA fad mintnuan (User Network)

lad SuperAdmns (User Group Network)