cancel
Showing results for 
Search instead for 
Did you mean: 
dgunner
Level 7

Correct use of "Trusted networks" in HIPS

Jump to solution

Hi,

I'm looking to see how people use the 'trusted networks' feature in HIPS.

Would I be correct in saying that I could have a trusted network consisting of the address range of my severs and a firewall rule on each server that says to allow all trafic between these servers as they are on a section of the network considered trusted? It seems that I could simplify my firewall rules and mean I only need exceptions for traffic that falls outside of the trusted network e.g. to/from my DHCP network range?

If my servers fall between 192.168.100.1 and 192.168.100.50, why not trust that portion of the network and allow all traffic rather than creating rules for every single piece of network traffic between every host? Seems a reasonable way to keep things simple? For things like email I can add additional rules to allow comms with other networks.

There is nothing to stop someone assigning a client with an IP address that falls within the trusted address range and plugging it into my network but then it is the job of IPS to detect scans and other malicious activity?

Have I understood the correct use of trusted networks i.e. to allow me to simplify my firewall rules?

Many thanks

0 Kudos
1 Solution

Accepted Solutions
bgable
Level 11

Re: Correct use of "Trusted networks" in HIPS

Jump to solution

Yes, you are correct.

The

Trusted Networks policy lists IP addresses and networks that are safe for communication.

Trusted networks can include individual IP addresses or ranges of IP addresses. Marking networks

as trusted eliminates or reduces the need for network IPS exceptions and additional firewall

rules. For Windows clients only.

Settings for

Trusted Networks and Trusted Applications policies can reduce or eliminate

false positives, which aids in tuning a deployment.

0 Kudos
2 Replies
bgable
Level 11

Re: Correct use of "Trusted networks" in HIPS

Jump to solution

Yes, you are correct.

The

Trusted Networks policy lists IP addresses and networks that are safe for communication.

Trusted networks can include individual IP addresses or ranges of IP addresses. Marking networks

as trusted eliminates or reduces the need for network IPS exceptions and additional firewall

rules. For Windows clients only.

Settings for

Trusted Networks and Trusted Applications policies can reduce or eliminate

false positives, which aids in tuning a deployment.

0 Kudos
dgunner
Level 7

Re: Correct use of "Trusted networks" in HIPS

Jump to solution

Thanks for clarifying.

I think I might do it the other way round as follows:

Keep my trusted networks list to include all internal networks that need to communicate with each other e.g. the subnet with servers and the one with workstations and printers.

Create a rule on all servers that allows TCP In/Out between all servers that fall within the range of IP addresses that I use for my servers, i.e. not the trusted networks so excluding workstations and printers.

That way I can use the default corporate firewall rule set that includes rules that you would want between workstations and servers such as netbios and AD and means I don't need to treat workstations as entirely untrusted and create separate rules for them.

So, in summary, my servers allow all traffic to and from all other servers and some traffic to/from clients on the trusted networks. Servers running web services or other apps can have custom rules to allow traffic inbound as required.

0 Kudos