Cyber Shield

Background

Cyber Shield, a part of OpenVPN Cloud, provides Domain Name System (DNS) content filtering to protect your VPN users from malicious and suspicious websites, even when internet traffic isn’t transported through the VPN. You can choose to simply monitor the number of domain name resolutions that fall into these content categories, or you can take security a step further and enable blocking. DNS-based filtering lets you block domain name resolutions for those websites that fall into undesirable or unsafe categories. Specific domain names can be added to allow and block lists. Cyber Shield provides data reporting on the number of observed and blocked domain name queries originating from your users. You can drill down and investigate exactly which user-devices generated the DNS requests that were flagged with a particular content category. CSV report with the details of the observed/blocked domain names can be received via email.

Cyber Shield provides you with a built-in Intrusion Detection System (IDS) as well as an Intrusion Protection System (IPS). When traffic filtering monitoring is turned ON, Shield will act as an IDS and will monitor the traffic flowing through OpenVPN Cloud in order to provide you with detailed statistics on traffic it has identified as malware, intrusion activity, denial of service, and other types of threats. Once presented with statistics on the type of traffic detected and the number of times that type of traffic was detected, you can drill down and investigate exactly which user-device generated that traffic. To nip threats in the bud, you can use Shield to protect your network by blocking certain types of traffic. When you configure specific threat categories or threat priorities of traffic types to block, Shield will drop the packets of traffic matching those of the blocked categories/priorities and provide statistics on those blocked events. We recommend blocking Priority Critical (Level 1) traffic which identifies traffic generated due to malware, trojans, worms, and certain intrusion activity. IDS/IPS capability is especially useful when OpenVPN Cloud provides an egress route for all internet traffic.


Configuring Cyber Shield

Configuring Cyber Shield Domain Filtering

Ensuring that specific domains are always accessible using the Allow List

Creating a custom domain filtering category using the Block List

Interaction between blocked and allowed domain names

Configuring Cyber Shield Traffic Filtering for Monitoring Threats

Configuring Cyber Shield Traffic Filtering for Blocking Threats


Analyzing Data Generated by Cyber Shield

Cyber Shield Top-10 Dashboard

Cyber Shield - Observed Domains Trend Analysis

Cyber Shield - Blocked Domains Trend Analysis

Cyber Shield - Blocked Threat Traffic Trend Analysis

Cyber Shield - Observed Threat Traffic Trend Analysis


Investigating the sources of categorically flagged or blocked DNS queries

Cyber Shield Drill-Down Investigation

Cyber Shield Investigation Report

Running a detailed report for monitored or blocked domains