Quantcast
Channel: Snorby Labs
Viewing all articles
Browse latest Browse all 12

Introducing Snorby Cloud Firewall

0
0

Packet Stash is proud to announce the public beta of Snorby Cloud Firewall, an easy and effective way to manage firewall policies across your internal and cloud based infrastructure.

If you’ve been following the blog, this new product is the outcome of our first company Hackathon. As we mentioned, we are offering this firewall management solution free of charge for an unlimited amount of servers. In its current form, Snorby Cloud Firewall can help customers quickly reduce the overall attack surface on the publicly accessible infrastructure that they maintain.

Let’s walk through how the solution works:

First, click on the new option called “Firewall” on the main Snorby Cloud Dashboard. After clicking it, we will see a listing of all agents with the firewall management functionality deployed.

image

We can see two active agents that are connected. Let’s add our European web server. To do that we will click on “Add new agent.”

image

During the beta period, the firewall agent is separate from our primary incident response agent. The agents can co-mingle on the same server, without conflict. Let’s run the installer.

image

The agent is now deployed. We can see that it now appears on the agent listing page and has a status of “pending”.

image

We can click into the agent, see its properties and confirm the registration by clicking on the “Register” button.

image

Once registered, the agent will have our default firewall policy instantly applied. In our case, SSH is protected in our default policy, so we lose access.

image

We can regain SSH access by clicking on the “request access” button in the firewall rules table. Access can be bound to a specific IP, a range of IPs (defined with CIDR notation), or to all IP addresses. Access is time-bound and will auto-terminate once the lease has expired.

image

If we want, we can define a new policy for all of our cloud servers, by using the following screen.

image

Additional Notes

As mentioned above, this solution is still in early beta and while currently useful, is not feature complete. We plan on implementing the following features over the coming weeks:

Global Blacklist - A list of IP addresses that will be blocked from all infrastructure regardless of policy.

IP Whitelists - Lists of acceptable IP addresses that may be used for scoping specific firewall policies.

Multi-user support - Enable multiple users to access the Snorby Cloud UI to request access to protected infrastructure.

iOS Application - Request access remotely through a mobile application.

Bug Reporting & Support

If you run into bugs or issues, please open a support ticket by browsing to https://cloud.snorby.org/#/support or by emailing support@snorby.org. Feature requests and public feedback can be left at our UserVoice site at http://snorbycloud.uservoice.com/.


Viewing all articles
Browse latest Browse all 12

Latest Images

Trending Articles



Latest Images