Security Configuration

Crystal Eye’s security configuration is designed to allow administrators to arrange and fine-tune various security related settings that come as default. The sole objective of these configurations and controls is to facilitate a defence-in-depth strategy.

Security Configurations of your Crystal Eye appliance

Protecting devices in the Crystal Eye network from harmful applications: Ensuring that devices connected to the Crystal Eye network do not have harmful applications running is important. The CE administrator can use the Application Whitelisting application to create a fingerprint-based whitelist. Applications running on the Crystal Eye network can be identified by this unique device/application fingerprint and once the baseline is set, Crystal Eye can block unknown applications not identified as safe from communicating across the network. With Application Whitelisting, Crystal Eye can protect against unknown Zero Day Attacks or other malicious applications. Know more about how to block harmful applications in the CE network

Setting up web filter/content filter on your Crystal Eye devices: The CE administrator can enforce a variety of content filter policies on a particular CE group. There are 8 major content filter policy components that can be configured according to specific requirements. The content filter policy components of CE that can be further fine tuned are General Settings, Blacklists, Phrase Lists, MIME Types, File Extensions, Banned Sites, Gray Sites, and Exception Sites. The content filter policies can be assigned to specific devices or CE users. Know more about how to setup Content Filter application of the Crystal Eye

Domain Name System Blocking: This method of blocking websites cannot be levied upon a particular group of users. However, websites that are blocked using the DNS Insure application creates a universal affect where the blockade is extended to all the devices connected to the CE. Learn how to use DNS Insure application to block websites

Adding Custom Firewall Rules

Deploying a server or device in the DMZ Zone of Crystal Eye: The Demilitarized Zone (DMZ) Firewall provides an advanced security realm to a network zone that lies between LAN and WAN. Any external facing device placed in Crystal Eye’s DMZ has all incoming connections blocked by default. This essentially means that if a server is in CE’s DMZ it cannot be accesed by default. However, a CE administrator can permit access to systems in the DMZ by allowing incoming connections based on specific IP address, protocol, and port. Learn more about how to create a DMZ and then allow incoming connections

Block or allow any outbound traffic originating from Crystal Eye’s network: Using the Egress Firewall application the CE administrator can allow all outgoing traffic – specify block destinations or block all outgoing traffic – specify allowed destinations. Learn more about Egress Firewall and its capabilities

Allow all incoming attacks from external sources on the internal network or LAN: The firewall application can be used to allow incoming connections based on service, port or port range. Incoming connections from a particular domain can be blocked. Learn more about firewall application

Banning IP address which exceeds the threshold of Authentication failure in CE: The Crystal Eye appliance has an in-built system called ‘forcefield’ that bans IP addresses involved in exceeding the threshold of authentication failure. CE provides an excellent protection against both malicious "Internet background noise" and motivated attackers aiming to leverage weak, common, or harvested passwords. Learn more about how to use the forcefield application of CE

The Automated Actionable Intelligence (AAI) feature of CE: AAI by definition is the intelligence that can be acted upon and followed up. The primary objective of Crystal Eye’s AAI is to gather a list of bad hosts and known good IP addresses from Red Piranha’s Service Delivery Network (SDN). While this is done, the Intrusion Protection System (IPS) and the Intrusion Detection System (IDS) of the Crystal Eye detects bad hosts and blocks them. Learn more about AAI feature of CE

Scan the directories of your CE appliance for malware: The Crystal Eye appliance can be scanned for malware using the advanced scanning features available in the Anti-malware File Scanner. The CE administrator can also whitelist the files quarantined post CE malware scan. Read more about the features of Anti-Malware File Scanner

Identifying malicious URLs: The platform intelligently scans URLs and the scanning engine ensures that cryptographic certificates are valid and match the host as claimed. The scanning process is also aimed at detecting links that are cloaked in order to deceive end users. Know more about how to identify malicious URLs

Block Encrypted Files: Encrypted files can be blocked using the antivirus application of CE.

Intrusion Protection and Detection: The Intrusion Protection & Detection application is a rule-based IDS/IPS engine that utiliszes externally developed rule sets to monitor traffic and generates alerts accordingly. The CE administrators can add new IDS/IPS local rules, enable/disable local rule, and upload changes made to the rules to update server. Learn more about how to configure and use CE’s IDS/IPS application

Log Processing & Reporting: IDS/IPS alerts generated through the Crystal Eye’s IDS/IPS engine are saved in the form of indexes or report files and are stored in the Crystal Eye. The Log Processing and Reporting application is used to manage these indexes and report files in order to create backup for further references. Learn more about Log Processing & Reporting