Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Jan 08 14 3:48 am
Hi all...
The bain of every network managers life - security on remote access!!!
I've got an FTP server access to this is port forwarded from my internet router to wingate - then redireced via Wingate itself. The contents of this FTP server are backed up every night. All users have a login of course. Ports 20 &21 are of course open.
It all works, and our staff are accessing this from home. I've created an event for this so I can keep tracking usage.
No suprise, when I look I see IP addresses from China, USA and other countries in there - all our users are soley UK based. Obviously the only security I have here are of course usernames and passwords.
Now, the only way to blackhole these IP addresses, is to go to the log, note the rogue IP address, and then type this into the blackhole list. Copy and paste does not work because the input box is a different format. I realise that I could have a full time job here in putting such addresses in - is there a quicker way to blackhole these? What other security could I put in place?
Thanks in advance.
Steve
Jan 08 14 7:07 am
Hi Steve!
I think you can create a policy to do this for you. You can use Session - ClientIP - Country to check if it equals GB.
I haven't tried it but it looks like all the parts are there.
Also be aware that the clever bad guys (may they burn in hades) will figure ways to spoof their IP address so it's not 100% fool proof.
Larry
Jan 08 14 7:56 am
Thanks Larry.
Yep - aware of spoofing... but anything I can do to lock it down would be great.
Anyone anyideas on how to create that policy?
Steve
Jan 08 14 8:58 am
You could try a policy like the one attached.
If I was more clever I'd remember how to put a screen shot here too.
- Attachments
-
- FTP Connection by Country Checker.zip
- Policy Check for GB country domain
- (1.25 KiB) Downloaded 549 times
Jan 08 14 4:40 pm
Actually, that policy might need a bit of work - it should first check if the IP is private.
Jan 08 14 9:18 pm
Larry, the policy looks good.
Probably don't need to check if the IP is private, if the proxy is only bound to external, the IP won't be private. I'd recommend in any case if there's a FTP proxy for reverse, it should be different than for forward proxying (for LAN-based clients).
Adrien
Jan 09 14 1:40 am
Thanks for the update.
Powered by phpBB © phpBB Group.
phpBB Mobile / SEO by Artodia.