https://docs.mitigator.ru/v26.04/en/tags/protection/ Recent content in Protection on BIFIT Mitigator Hugo -- gohugo.io en https://docs.mitigator.ru/v26.04/en/kb/quick-setup/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/kb/quick-setup/ The materials in this article are intended to facilitate understanding of the protection organizing basic principles using MITIGATOR. Below is an example of setting up the system in the first iteration. First, all packets are processed in “General Protection”, then 5-tuple routing rules distribute traffic to protection policies, and after the policies, the traffic returns to “General Protection” for the remaining countermeasures. Processing of back traffic from the protected resource is not considered in this article. https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/ip-lists/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/ip-lists/ IP Analyzer analyzes lists of IPv4 addresses, providing a extended set of data for each address in the list. Only unique IP addresses are included in the analysis. Checks: IP addresses presence in reputation lists; compliance with GeoIP databases. If the list contains a prefix from /16 to /32, then it is decomposed into separate IP addresses. You can analyze: A text file with a list of entries separated by comma, space, semicolon, line break. https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/rts-tree/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/rts-tree/ ACL Rules Generator analyzes dumps of legitimate traffic and attack traffic and generates a set of ACL filtering rules. IP, TCP, UDP and ICMP protocol packets are analyzed. Traffic dumps are selected from the drop-down list, for which they must be previously uploaded to the service on the Uploads tab. Optionally, you can specify additional dumps on which the rules obtained during the analysis will be tested. If no additional dumps are specified, then the training dumps are divided proportionally into a training part and a test part. https://docs.mitigator.ru/v26.04/en/kb/system-checklist/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/kb/system-checklist/ List of steps Set up network integration. Specify a license key and set limits. Set up interaction via BGP. Upload GeoIP databases into the system. Set up delivery channels for system event notifications. Set up notifications via syslog. Enable protection. (Optional) Upload logos and background images for various interface themes. (Optional) Select the interface theme type and graph display style. Details 1. Set up network integration. The configuration is performed independently for each instance of the system and is based on the composition of the network infrastructure and the tasks to be solved. https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/service/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/service/ Service Analyzer helps in the initial setup of protection by identifying services in the protected network based on the uploaded dump. Currently, any loaded dump is perceived by the mechanism as a dump of incoming traffic from an external network. The Five tuple threshold field specifies the number of repetitions of a unique 5-tuple in a dump. If the number of repetitions is less than the established limit, then such a 5-tuple will not be included in the report. https://docs.mitigator.ru/v26.04/en/kb/policy-checklist/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/kb/policy-checklist/ List of steps Make sure the routing rules for the policy are set. Configure the policy to display only the necessary countermeasures. Set up countermeasures. Set up automatic packet capture. Set up autodetection. (Optional) Check the effect on legitimate traffic via the test mode. Enable protection policy. (Optional) Configure the log analyzer. (Optional) Pin countermeasure graphs. Details 1. Make sure the routing rules for the policy are set. Make sure that the routing rules are set for the policy on the “Policy Setup” tab of the “Protection policy” page. https://docs.mitigator.ru/v26.04/en/kb/ss-feeds/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/kb/ss-feeds/ The MITIGATOR team generates regularly updated reputational lists of IP addresses, autonomous systems and JA3 fingerprints (hereinafter referred to as “feeds”). Feeds can be imported into MITIGATOR as named lists and used in countermeasures and routing rules. To do this you need to specify Mitigator feeds as a source type. To do this, specify Mitigator feeds as the named list source type and select the required feed. Feeds cannot be downloaded or viewed, even through the MITIGATOR Web interface.