ASL V Hyve IPS

[poppy]

Hi
I have just acquired a new cloud server and want to install ASL

It has just been setup with cPanel/WHM and the hosting company has put 2 firewalls already
they are Dedicated VMware vShield Edge Firewalls.

So my question is ... I see that a firewall is incorporated into ASL, so if i installed ASL would i turn off its firewall part, or is it an integral part of the entire ASL system? Perhaps it can be run as well as the existing firewalls?

Also the hosting company also offers an Active Blocking - Intrusion Prevention System. That is an external box and they say of this

This in‐line security appliance inspects all network traffic, identifying malicious, harmful, and/or unwanted activity and blocks it before it reaches your server.
 Daily updates to SANS_D shield & CVS database (blacklisted IPs & Vulnerability database)
 Blocks Spyware sites and blocks spyware calling home
 Stops remote exploits of critical vulnerabilities
 Keeps spyware, viruses, botnet programs and other malware out of the network
 Thwarts advanced hybrid and application‐level attacks
 Prevents undesired access
 Improves security posture through acceptable application usage enforcement
 Enables regulatory compliance through protection of confidential data
 Reduces IT hours devoted to fixing/remediating systems infected by viruses, botnets and malware

https://www.hyve.com/services/security- ... rvices-ips

I am trying to decide whether to simply go with their entire security system (its a little more expensive than asl) or whether ASL may have some advantages over their system? Not being a security expert it is hard for me to compare...both sound pretty impressive. I am hoping that someone could point out any differences, to help me decide.

[mikeshinn]

Thank for the questions, I hope you dont mind if I take a swing at speaking to these features. The short answer is yes, ASL does all of this and more. Heres specific answers:

* Daily updates to SANS_D shield & CVS database (blacklisted IPs & Vulnerability database)

Built into ASL, plus we provide way more than just SANS dshield, which is actually a pretty short list of /24 networks. You'll find all the third party RBLs built into ASL here:

https://www.atomicorp.com/wiki/index.ph ... #FW_CIARMY
https://www.atomicorp.com/wiki/index.ph ... NG_THREATS
https://www.atomicorp.com/wiki/index.ph ... #FW_OPENBL
https://www.atomicorp.com/wiki/index.ph ... W_AUTOSHUN
https://www.atomicorp.com/wiki/index.ph ... PENPROXIES
https://www.atomicorp.com/wiki/index.ph ... FW_DSHIELD
https://www.atomicorp.com/wiki/index.ph ... all#FW_TOR


Plus, ASL includes our real time Threat Intelligence system, which blocks known attack sources in realtime on all ASL systems based on both information reported by other users of ASL, and our honeypots and threat intelligence analysts.

https://www.atomicorp.com/wiki/index.php/Atomicrbl

* Blocks Spyware sites and blocks spyware calling home

Built into ASL. ASL blocks spyware both on install, and if installed from calling home. It will also remove malware in real time from the system. It can also prevent any outbound communication you wish to restrict, for example it can prevent users from sending out spam via email.

* Stops remote exploits of critical vulnerabilities

Built in. Plus, ASL doesnt rely on the outdated model of trying to stop attacks against vulnerabilities, it protects you from weaknesses and methods of attack. So its proactively protecting your system, we dont have to add in rules or signatures when new vulnerabilities are published, ASL is designed to protect your system from methods of attack as well. For example, ASL will protect your system from SQL injection attacks, so if a new SQLi vulnerability is discovered in an application you wont have to wait for your security product to be updated to protect you from a new attack.

* Keeps spyware, viruses, botnet programs and other malware out of the network

ASL protects your systems, it keeps spyware, viruses, botnet programs and malware off your system.

* Thwarts advanced hybrid and application‐level attacks

Built into ASL.

* Prevents undesired access

Built into ASL.

* Improves security posture through acceptable application usage enforcement

Built into ASL.

* Enables regulatory compliance through protection of confidential data

Built into ASL. Plus, ASL can configure your system to meet regulatory compliance standards, such as PCI-DSS, CSS, DOD and others.

* Reduces IT hours devoted to fixing/remediating systems infected by viruses, botnets and malware

ASL is designed to be a "lights out" solution. That means ASL is designed to require no human interaction, its automated and designed to work out of the box with minimal configuration or interaction.

[poppy]

ASL does all of this and more.

Thankyou, I thought that was probably the case . Thankyou for pointing some specifics, very good to know, specially about the ability to configure for pci compliance.

With regards the firewall features in ASL....the new server has come configured with 2 x Dedicated VMware vShield Edge Firewalls... what would you advise regards the firewall features within ASL?

1) Is it possible there could be any conflict with ASL?
2) Would it be better to ask the host to remove the existing two firewalls in order to only run the ASL system
3) Would the ASL firewall run alongside the vShields as another layer of protection?
4) Should I disable the firewall features of ASL and use the other features only (if that is even possible)

I think that the hosts dual firewalls come as standard with their cloud hosting, as part of their 100% uptime guarantee. So I am not sure that is optional, so am hoping there is no conflict...or at least some solution if there is.

[mikeshinn]

With regards the firewall features in ASL....the new server has come configured with 2 x Dedicated VMware vShield Edge Firewalls... what would you advise regards the firewall features within ASL?

1) Is it possible there could be any conflict with ASL?

Based on vmware documentation no. Its an edge firewall, that is its not part of the virtual machine its external to it a bit like a classic firewall.

2) Would it be better to ask the host to remove the existing two firewalls in order to only run the ASL system

Since they shouldnt interact, probably no need to. You'll just have to remember that you have two firewalls you'll need to configure.

3) Would the ASL firewall run alongside the vShields as another layer of protection?

Correct.

4) Should I disable the firewall features of ASL and use the other features only (if that is even possible)

You wont need to, so I wouldnt recommend you disable these features in ASL. Plus the ASL firewall has a lot of features vshield does not, so between the two you'll get more functionality and protection from the ASL firewall.

[poppy]

Thankyou for your help, I will be signing up shortly.

[mikeshinn]

My pleasure, and please dont hesistate to ask if you have any other questions.