In this weekend, WannaCry swept Europe and Asia quickly, locking up critical systems like the UK’s National Health Service, a large telecom in Spain, several universities in China and other businesses and institutions around the world. Once infected, the infected computer denies access, and demands the equivalent of around $300 in bitcoin for decryption.
In this post, I would introduce the important tips to block WannaCry attack.
1. Install Security Patches. Microsoft has released security patches that fix SMB flaw currently being exploited by the WannaCry ransomware, with most version of Windows supported — including Windows XP, Vista, Windows 8, Server 2003 and 2008.
2. Block incoming connections on TCP port 445 in your router/firewall. This rule blocks attacks from internet.
3. For windows DMZ hosts, you also need to block TCP port 445 in firewall settings.
4. To protect VLANs being attacked by an infected VLAN, you can block TCP port 445 in VLAN ACL rules of your core switch.
Using the “network health checker” extension of WFilter, you also can check whether there are “Suspicious Hosts ” in your LAN network. Hosts with massive connections will be identified as “Suspicious”.
IP and MAC address binding is usually configured in network switch or router(gateway). An effective IP-MAC binding solution needs to:
1. Be able to integrate with the DHCP server to assign static IPs to clients.
2. Have option to block or allow internet for un-bound devices.
3. Be able to do IP-MAC binding in multi-subnet networks.
In this post, I will demonstrate the “IP-MAC binding” feature in WFilter NG firewall. For IP-MAC binding in “WFilter internet content filter”, please check: “WFilter IP-MAC binding solution“.
1. IP-MAC Binding List
You can define the IP-MAC binding list in “Modules”->”Access Policy”->”IP-MAC Binding”. When listed, these devices will always be assigned with static IP addresses when using dynamic IP address.
Below options are available in the “IP-MAC binding” module:
1. For unlisted IP addresses, you can choose “Allow all”, “Block all” or “Block below IP ranges”.
2. For unlisted MAC addresses(devices), you can configure whether to assign IP address or not.
3. Multi-subnet IP-MAC binding solution
Your network is multi-subnet? No worry. With “MAC address detector”, WFilter NGF is able to retrieve MAC addresses from your core switch. So you can bind IP address with MAC address, even in a multi-subnet network.
A guide of “IP-MAC binding” in WFilter NGF can be found at: IP-MAC binding.
WSG(WFilter Security Gateway) appliance has two series of models: professional and enterprise. For example, WSG-100P means WSG professional for 100 users; while WSG-100E means WSG enterprise for 100 users.
WSG enterprise has full the features of WFilter NG firewall. Compare to WFilter enterprise, WSG professional is lack of some enterprise-level features: “Internet Usage”, “AD Integration”, “ISP”, and “Hot Standby”.
Since WSG professional does not record internet usage which requires a lot disk space, WSG professional appliance only have a small harddisk(8GB) for reports only. And the RAM is also less.
WSG professional and WSG enterprise have the same box appearance.
WSG professional has no “Internet Usage”, “AD Integration”, “ISP Management”, and “Hot Standby”. Other features are all the same. Please check the screenshots.
So in case you don’t need usage recording and other enterprise-level features, you can choose WSG professional, which is much more cost-effective.
There are dozens of open source firewall systems to download. Some are complete free, some provides limited free features. Does “free” sound attractive? but they have dis-advantages. In this post, I would like to discuss the comparsion of WFilter NGF with open source firewall systems.
Disadvantages of open source firewalls
- Limited features. Most open source firewalls does not have other enterprise-level features, such as “ usage recording/reports” , “domain integration”…
- Lack of support. Most systems only have forum support, unless paid.
- Slow response. Bugs may need months to be fixed.
WFilter NGF is designed for business networks, with a lot enterprise-level features. In case you want a free solution, open source firewalls can help. However, if you need more features and better support, you’d better choose some commerical products. Below is a list of WFilter NGF advantages comparing to open source firewalls:
- Designed for business networks.
- Enterprise-level features: usage recording, powerful report system, AD integration…
- 7 * 24 dedicated support via email/phone/skype/teamviewer.
- Faster response. Improvements and bugs will be fixed ASAP.
WFilter internet content filter(ICF) is a windows software internet filtering solution for business networks. As an IT administrator, you may face several choices when deploying internet filtering in your network. In this topic, I will try to provide a comparison of WFilter ICF and other solutions.
As we have highlighted in WFilter homepage, WFilter can be deployed in pass-by mode, with minimal change to network topology. It requires no client installation. Please also check:
1. WFilter ICF vs. client & browser plugin internet filtering solutions.
2. WFilter ICF vs. dns internet filtering solutions.
3. WFilter ICF vs. internet filtering appliances.
4. WFilter ICF vs. proxy-based internet filtering solutions.
5. WFilter ICF vs. WFilter NG firewall.
WFilter is also very cost-effective, please check: WFilter price list.
Some users get confused about “WFilter ICF”(WFilter Enterprise) and “WFilter NG firewall”, so in this topic I would like to discuss the difference about these two products.
Though they are all named as “WFilter xxx”, ”WFilter ICF” is a pass-by web filtering software for windows pc, while “WFilter NG firewall” is a linux-based firewall system which shall be installed in a dedicated x86 pc.
WFilter NG Firewall
- 1. A total solution for bandwidth optimize, access control, VPN.(UTM and NG firewall)
- 2. Deployment: gateway, bridge.
- 3. Installation: x86 PC or virtual machine
- 4. License: 30-day free trial
WFilter Internet Content Filter(ICF)
- 1. Pass-by monitoring windows software solution.
- 2. Recommend deployment: pass-by
- 3. Installation: shall be installed in a windows PC.
- 4. License: 30-day free trial
How to choose?
The first, you need to confirm your requirement. If you only need “internet access control”, both “WFilter ICF” and “WFilter NG firewall” can satisfy you. If you need “bandwidth shaper” or VPN features, you need to choose “WFilter NG Firewall”.
The second, you need to choose the prefered deployment. In case you don’t want to change current network topology or add a new network device, you need to choose “WFilter ICF” which can be deployed with your current topology unchanged. If you agree to replace your current router/firewall, or add a transparent network bridge, please choose “WFilter NG firewall”.
The third, please be aware that WFilter ICF is a windows software program, which can be installed instantly. While WFilter NG firewall is an operation system, you need a dedicated PC and burn a CD or usb stick to install it.
An email client receives emails via POP/IMAP protocols, sends emails via SMTP protocol. In today, SSL encryption is widely used for email clients. There are two kinds of SSL encryption: “SSL Connection” and “STARTTLS”.
WFilter Enterprise is an internet content monitoring and filtering software program, which can monitor a whole network from one pc, without the need to install any client agent.
With WFilter, you can monitor employee emails usage of plain SMTP/POP/IMAP.
1. Click “Emails” number in “Online Users”.
2. You will see a list of sent/received emails.
Click the “Subject” link will be able to check the email content.
3. Query email history in “Query History Logs”.
Please note that “WFilter Enterprise” can only monitor plain pop3/smtp/imap emails. To monitor SSL emails, you need to check SSL Email Inspection feature of “WFilter NG Firewall“.
“Auto update” feature of WFilter NG firewall can upgrade “protocol pattern database” and “url category database” automatically. By default, WFilter NG firewall has “auto update” enabled.
However, “auto update” can not perform fireware upgrade. When a new version comes out, you need to manually perform the system fireware upgrade.
This guide demonstrates the steps to perform a fireware upgrade of WFilter NG firewall.
1. Make a backup of current settings.
Please note that upgrade may fail on power supply issue, disk issue… So at first, please export current settings to a backup file in “Config”->”Backup”. In case when you’re unlucky, you don’t need to re-configure the whole system.
2. Click “Check Update now”.
3. Found a new version, then click “Upgrade”.
4. Downloading the new firmware.
5. Confirm the upgrade.
At lease one reboot is required during the upgrading. All settings and data will persist after the upgrading.