Bandura Cyber TIG BT-500, User Manual

Page 1: ...August 2019 Version 3 72 USER S MANUAL...

Page 2: ...ocument may be reproduced or transmitted in any form or by any means electronic or mechanical or translated into another language without the prior written consent of Bandura Cyber Inc This edition pu...

Page 3: ...Bandura Cyber TIG can Access the Internet 2 3 Console Modes 2 4 Overview of Bandura Cyber TIG Configuration 2 5 Configuring the Bridge Filters 2 6 Configuring a Resource Group 2 7 Configuring Adminis...

Page 4: ...User 3 5 2 Maintenance Users 3 5 3 Change Password 3 6 Network 3 6 1 Admin Interface 3 6 1 1 HTTPS Access Settings 3 6 1 2 Ping Access Settings 3 6 2 Bridging Interface 3 6 3 IPsec Settings 3 6 4 ARP...

Page 5: ...em Providers 3 8 2 HIPPIE Provider 3 9 Update Software 3 10 System 3 10 1 Active Sessions 3 10 2 Reboot 3 10 3 Shutdown 3 10 4 Self Test 3 10 5 Maintenance Mode 3 10 6 System Information 3 10 7 Licens...

Page 6: ...roviding visibility into threats and unwanted traffic that s bypassing your firewall Bandura Cyber TIG incorporates the unique HIPPIE High Speed Internet Protocol Packet Inspection Engine technology w...

Page 7: ...STIX TAXII support can easily integrate with additional threat intelligence sources Transparent Bridging The Bandura Cyber TIG acts as a bridge placed in between a firewall and the external or intern...

Page 8: ...s A transparent bridge reduces the configuration complexity and saves time In addition to its use in large corporate and government networks it is ideal for branch offices and smaller networks which m...

Page 9: ...Copper RJ45 10 100 1000 Copper RJ45 10 100 1000 Copper RJ45 10 100 1000 Copper RJ45 10 100 1000 Copper RJ45 Throughput Limits 500 Mb 1 Gb 1 Gb 2 x 1 Gb 10 Gb Connections per Second 10 000 10 000 40 0...

Page 10: ...IG administration interface 2 1 Initial Configuration YOUR BANDURA CYBER TIG ARRIVES WITH AN ALLOW ALL POLICY CONFIGURATION Once the appliance is powered on take a look at the back of the Bandura Cybe...

Page 11: ...ministration Interface is 192 168 1 1 with a network mask of 255 255 255 0 Configure the Bandura Cyber TIG according to this manual and your security plan and place the Bandura Cyber TIG in your netwo...

Page 12: ...and prompt window Mac Go to your System Preferences and click on Network Find your network adaptor on the left and select Advanced Go to TCP IP Settings and configure as follows Configure IPv4 Manuall...

Page 13: ...the best time to register an account with the support site Otherwise please be sure to register as soon as possible after completing the setup process You can do so by going to https support banduracy...

Page 14: ...of the page Enter a new password and enter it again to confirm Click Submit to save your changes YOUR PASSWORD CAN ALSO BE CHANGED FROM THE USERS CHANGE PASSWORD MENU OPTION By default a new Bandura C...

Page 15: ...2 2 4 Changing Date Time It is important that your Bandura Cyber TIG has the correct time Navigate to Settings Date Timezone and set the correct timezone Set the date and time if necessary 2 2 5 Chan...

Page 16: ...the Bandura Cyber TIG into HTTPS IPv4 Access You cannot ping the Bandura Cyber TIG unless your IP address is added into the appropriate list Add your network and any other networks you would like to h...

Page 17: ...admin port Replace the default address with an open address on your private network and the corresponding subnet mask and input your Gateway and DNS Server addresses Once you have confirmed your addr...

Page 18: ...ox back to DHCP or your prior settings Linux Visit our Help Desk Article for assistance in reverting your network settings If you come across a screen stating that your connection is not secure you ll...

Page 19: ...rocess you will want to navigate to Network Bridging Interface to confirm your settings You will see details about your Inside and Outside ethernet interfaces Both interfaces should read No Link Detec...

Page 20: ...rial device server to your Bandura Cyber TIG in order to remotely access console mode may be a security risk 2 4 Overview of Bandura Cyber TIG Configuration Your Bandura Cyber TIG comes with three act...

Page 21: ...m for any reason Your web and email services need to expose their services to the internet which your router will need to query outside domain name servers You can configure custom resource groups to...

Page 22: ...guring Administration The Bandura Cyber TIG comes with a single administrative port that is used to configure and monitor your Bandura Cyber TIG This port is configured separately from the bridge port...

Page 23: ...andura Cyber TIG screen There are also general operation and maintenance activities Logout to end a login session Reboot to restart the Bandura Cyber TIG Bandura Cyber TIG will be in bypass mode durin...

Page 24: ...rouping has a separate bar showing if the connections were inbound or outbound You can hover over the bars to see tooltips with the exact numbers they represent 3 1 2 Threat Summary Threat Summary sho...

Page 25: ...End Traffic Direction Resource Group Time Frame Presets can be selected to quickly see the last 30 minutes 1 hour 24 hours 7 days 30 days or 360 days If you want to view data from a specific period o...

Page 26: ...s found in a Resource then the Bandura Cyber TIG will allow communications based on the Resource Group s restrictions If a computer is not included in any Resources it will follow the restrictions fou...

Page 27: ...Resource Groups Edit Rename the Resource Group change its description and assign a Policy Resources Add a specific network protocol and port range to the Resource Group Country Policies Select countri...

Page 28: ...es Risk Thresholds Exception Lists Country Policies Throttles and Alerts 3 2 2 Edit You can rename a Resource Group change its description direction drop action preference blacklist or whitelist inclu...

Page 29: ...es and place restrictions on your local network An address found in a Resource gets processed based on its associated Resource Group but if an address is not found in any Resource Group then it will b...

Page 30: ...rity Payload AH Authentication Header GRE Generic Routing Encapsulation Note that if the Bandura Cyber TIG allows traffic in one direction it will also allow response traffic If you allow outbound tra...

Page 31: ...f countries to search The countries displayed in green are allowed and red shows those that are blocked 3 2 5 Risk Thresholds You can edit the Risk Thresholds associated with a policy by clicking the...

Page 32: ...clicking the Exception Lists icon shown in the actions list To apply exceptions to a Resource Group you first have to create the exception within your Exception Lists The Exception Lists will not inf...

Page 33: ...igger the alert Activation Interval is the amount of time in seconds that the traffic has to be excessive before the alert is triggered Re raise timeout is the amount of time delay before the Bandura...

Page 34: ...ection Inbound Outbound or both Refresh Update the data shown every 1 3 10 30 or 60 seconds You can select which countries you want to be displayed from the list By default none are selected 3 2 11 De...

Page 35: ...lows or blocks internet traffic by country Each list should be a collection of similar sites For example a list of remote offices of your organization or a list of networks that have need to know acce...

Page 36: ...description Exceptions Add networks to Exception Lists Delete Delete the Exception List and all of its associated networks Click on the Exceptions icon to add entries to the list Add computers or netw...

Page 37: ...efined services Click on the Add Service Group to create a new Service Group Enter a name and description then click on the Resources icon to view any defined protocols and ports Click on Add Service...

Page 38: ...vided blacklists or search for a specific IP across all blacklists Blacklists block inbound and outbound requests to IPs in enabled lists 3 3 3 2 Domain Blacklists Domain lists block outbound requests...

Page 39: ...lt This can be changed by editing an individual Resource Group Enter the Address Maskbits and a Description in your IPv4 or IPv6 entries to add it to the Whitelist 3 3 4 2 Domain Whitelists Domains in...

Page 40: ...eption lists must be included in your policies in order for the domain whitelist to take effect 3 3 5 REACT REACT is a part of our open API that can be set up to ingest requested blacklist entries aut...

Page 41: ...d system events You can browse these log files and send the data to external syslog servers You can also set up alarms to notify you if any of these files become filled 3 4 1 Connections The Connectio...

Page 42: ...r a more precise search or export the logs via CSV or PDF 3 4 3 System System Logs allow you to display internal operating messages of the Bandura Cyber TIG and administer command history You can also...

Page 43: ...udit trail encourages individual accountability and decreases the risk of fraud and misunderstanding When you no longer need a user account disable it rather than deleting it A disabled User ID cannot...

Page 44: ...ngs found in the Bandura Cyber TIG Configuration General Settings If you are unfamiliar with the Bandura Cyber TIG s password policy you may want to review the settings before creating a new password...

Page 45: ...Allowed Networks lists Identify local trusted networks and add them to this list Once you add the trusted networks delete the Allow All networks You can limit what times a user can log into the Bandu...

Page 46: ...Show User Sessions icon shown in the actions list This brings up a list of the administrators last sessions with login and logout times You can view the details of a specific session by clicking on Vi...

Page 47: ...ization or is reassigned you should disable their account You can set an account to Disabled to restrict its use Even if the correct password is entered the user will not be able to login If you set t...

Page 48: ...nt can be used Allowed Networks restricts login to specific trusted networks listed here By default login is allowed from all networks Day Time Restrictions limits when an account can be used Login at...

Page 49: ...t in a disabled state you will retain easy access to audit information for that account 3 5 2 Maintenance Users Maintenance User accounts are used when the Bandura Cyber TIG is in System Maintenance M...

Page 50: ...assword Change Password allows you to change the password on your own account If you are unfamiliar with the Bandura Cyber TIG s password policy you may want to review the settings before creating a n...

Page 51: ...t computer both need ready access to network cabling for both the old and new networks Properly identify the Administrative Ethernet Network Port on the Bandura Cyber TIG as illustrated in the Physica...

Page 52: ...d a list of trusted management networks The Bandura Cyber TIG will accept ping requests from these networks and deny them from all others You can authorize access from both Internet Protocol version 4...

Page 53: ...es Tunnel Mode between the Bandura Cyber TIG and all the computers on a specific network This is done via a peer node which has two network ports one that connects to the Bandura Cyber TIG via an untr...

Page 54: ...ider before creating an IPsec connection Do not use Tunnel mode when your Bandura Cyber TIG is on the same network as your destination since your data will travel twice on the same network once encryp...

Page 55: ...ocol NDP of IPv6 are used to determine the Media Access Control MAC addresses of nodes on the same network segment as the Bandura Cyber TIG The Bandura Cyber TIG may know the internet address of a nod...

Page 56: ...ter the MAC address for that IPv6 address If you don t provide a static entry for that IPv6 address the Bandura Cyber TIG might not be able to establish the IPsec connection You can add an entry to th...

Page 57: ...due to wrong guesses and will fail at logging in even if the correct password is eventually guessed An account will automatically be unlocked after Lockout Time or another administrator can manually u...

Page 58: ...character from that number of groups A password group is one of the following sets of characters uppercase letters lowercase letters numbers and symbols Minimum Password Length sets the lower limits...

Page 59: ...the Bandura Cyber TIG is turned off Startup Mode will dictate what mode the Bandura Cyber TIG boots into Last Mode will boot the Bandura Cyber TIG into the mode enabled during the last shutdown 3 7 3...

Page 60: ...urces of threat intelligence commercial threat feeds open source threat feeds threat intelligence platforms and threat information from your own firewalls Bandura Cyber TIG allows you to enable or dis...

Page 61: ...he Bandura Cyber TIGs internal consistency checks failed Auto Update Failure Attempt to download new versions of HIPPIE data or PCELs failed Seeing this problem occasionally is not a problem but if th...

Page 62: ...the Banner Refused Text is displayed 3 7 8 HTTPS The Bandura Cyber TIG is normally managed through a standard browser for the World Wide Web This feature allows you to manage the Bandura Cyber TIG fr...

Page 63: ...Certificates Manage Public Key Certificates for secure communications on the Bandura Cyber TIG HTTP Access Limit administrative access to the Bandura Cyber TIG from only specific networks 62...

Page 64: ...vents wiretappers and eavesdroppers from deciphering your Bandura Cyber TIG communications and may be particularly useful when you access the Bandura Cyber TIG from a public network This security is p...

Page 65: ...d possibly expense Your Bandura Cyber TIG administration account must be assigned the Crypto Admin Role to make any changes in this section You can perform the following tasks from this menu Generate...

Page 66: ...ve its own Certificate Authority or you can purchase one from a commercial organization Please note that an authoritatively signed certificate may take some time to process For many uses a self signed...

Page 67: ...Country Two letter country name abbreviation Use SSL Country Codes listed here http www digicert com ssl certificate country codes htm State Spell out the full name of your state or province Location...

Page 68: ...jects security certs included A list of trusted CAs will be found pre installed in your web browser In Firefox select the menu items Tools Options Advanced View Certificates Authorities For Internet E...

Page 69: ...ificate You may want to save your Bandura Cyber TIG s public and private keys for safekeeping This may be useful in the future if you have to restore your Bandura Cyber TIG to its factory default sett...

Page 70: ...ient certificates signed by one specific Certificate Authority which you define in the Upload CA Certificate screen Networks change personnel change cryptographic keys may become compromised and event...

Page 71: ...rk Node Manager The Bandura Cyber TIG simultaneously supports two versions of SNMP the simple Community based SNMPv2c and the more complex SNMPv3 which includes the security features of device authent...

Page 72: ...TECHGUARD Bandura Cyber TIG MIB bypassChange 3 7 9 1 General Settings This is where you add information that will identify the Bandura Cyber TIG and its administrator to your network manager These va...

Page 73: ...ching the internet address is allowed access to the Bandura Cyber TIG s management data as long as they have the right authentication as defined under the SNMP Users menu If you do not provide a list...

Page 74: ...and coordinated with the computers in your organization The Bandura Cyber TIG supports NTP version 3 Enter the IPv4 or IPv6 Internet address of your organization s NTP server or if one isn t available...

Page 75: ...following parameters in SMTP Enable SMTP Alerts SMTP Host The hostname or IP address of the mail server SMTP Port The port of the mail server typically 25 or 587 for SMTP or 465 for SMTPS SMTP Protoc...

Page 76: ...System Providers The System Providers page gives you the following information Name Description URL Last Updated Current Key Current Certificate You can also generate and upload a new Key File or Ser...

Page 77: ...filters internet packets at line speeds This technology allows you to rapidly determine the country of origin of internet traffic The allocation of Internet addresses worldwide is decentralized with...

Page 78: ...Site https support banduracyber com This website requires registration and you need your devices serial number and registration code to access the firmware updates This information can be found in Sys...

Page 79: ...of last activity You can view an audit trail of administrative activities or logout another administrator Here are the available actions for Active Sessions View Show an audit trail of the administrat...

Page 80: ...front of the device THE Bandura Cyber TIG WILL BE IN BYPASS MODE WHILE TURNED OFF AND WILL NOT FILTER PACKETS Press the power switch on the front of the device to turn the Bandura Cyber TIG back on I...

Page 81: ...ich is a monitor and keyboard attached to the Bandura Cyber TIG or a text terminal program connected to the serial port The Bandura Cyber TIG will also enter Maintenance Mode if it fails a Self Test 3...

Page 82: ...IG The information included is Registration Code Serial Number License Start Time License Expiration Time Max Alerts Max DCEL Providers Max DCEL Sources Max Exception List Max Exceptions Max Groups In...

Page 83: ...on your web browser Microsoft Internet Explorer Do you want to save this file or find a program online to open it Click the save button and select a destination for the configuration file Mozilla Fir...

Page 84: ...de Console when the Bandura Cyber TIG has entered Maintenance Mode The Maintenance Mode Console is a menu driven interface that requires special authentication to enter The Maintenance Mode Console is...

Page 85: ...nality of the Maintenance Mode Console The user must answer yes to a confirmation prompt 2 Display Admin Interface Settings This will display all current admin interface settings including the IP addr...

Page 86: ...Alarms on the Bandura Cyber TIG that have not been acknowledged or closed This can be used to determine why the Bandura Cyber TIG has entered Maintenance Mode 3 Reboot This will reboot the Bandura Cyb...

Page 87: ...roblems may make your Bandura Cyber TIG inaccessible and require the use of the Recovery Console to restore your Bandura Cyber TIG The Recovery Console is a low level control program which can restore...

Page 88: ...R Restart Bandura Cyber TIG This will reboot the Bandura Cyber TIG When the device is restarted select Bandura Cyber TIG from the menu to initialize the appliance You can now remove the monitor and ke...

Page 89: ...k mask default gateway and DNS Server to use on the Administration Interface All items are required to be specified for the network connection to work If a mistake is made the settings can be changed...

Page 90: ...Cyber TIG the IPv4 packet log the IPv6 packet log and the message log The Administrator is able to clear log records from the log file reinitialize the log files and overwrite the log files with eith...

Page 91: ...1 Reinstall Current Firmware This is used reinstall the current firmware on the Bandura Cyber TIG 2 Download Latest Firmware This is used to download the latest firmware from the Bandura Cyber TIG su...

Page 92: ...is to make the Internet work better by producing high quality relevant technical documents that influence the way people design use and manage the Internet http www itu int rec T REC X 509 en Internat...

Page 93: ...Missouri Maryland 1 855 765 4925 www banduracyber com 92...