Endpoint Protection

 View Only

  • 1.  SEP Network Threat Protection

    Posted Mar 07, 2018 10:32 PM

    Hi, 

    I have a customer that due to some issues with wants to have the abilty to have clients, while on the coorporate network, utalize a "light" version of network threat protection policy vs when off the network - have all rules of the firewall enabled. I understand the best method to accomplish this is to use the location awareness. According to the customer, they feel with all their other tools in place, they are protected... 

    Question:

    How is this accomplished and what specifc configuration is used - Best practice? 

    What are the cons to configuring the policy in this way? what possible risks would this create? Vulnarabilities etc



  • 2.  RE: SEP Network Threat Protection

    Posted Mar 07, 2018 10:58 PM

    Policie are applied based on location ( on network , off-network)

    I would start from here,

    Again , it depends on what you want to keep and discard,

    Location awareness best practices for Endpoint Protection

     

    https://support.symantec.com/en_US/article.TECH97369.html

     



  • 3.  RE: SEP Network Threat Protection

    Posted Mar 08, 2018 05:14 AM

    The risk is what the customer is willing to accept. If they feel they're adequately protected when on the network then if somethign happens it's on them to accept it. You should understand what they have in place internally as maybe having the SEP firewall on is redundant while connected to the network. If not then they should understand they're opening their network up to more vulns.

    Basically create two locations - OFF and ON

    Assign the ON network policy to the ON location and assign the OFF policy to the OFF location. Create a condition so the client knows whether it's OFF network or ON network, such as can or can't connect to SEPM or by DNS servers used by the client.



  • 4.  RE: SEP Network Threat Protection

    Posted Mar 09, 2018 11:04 AM

    Thanks Gentleman.

    Any reccomendations for a "light" internal firewall policy. Anything in perticualar I should pay attention to allowing or blocking?



  • 5.  RE: SEP Network Threat Protection

    Posted Mar 09, 2018 11:09 AM

    It's really up to the ORG but if these are standard users then probably letting them hit 80/443 and any internal applications. If you have your network segregated then stopping users from accessing server VLANs is a good start.



  • 6.  RE: SEP Network Threat Protection

    Posted Mar 09, 2018 11:31 AM

    if you already have a firewall at the network level, you need to figure out if you really need SEP client firewall.