C&C 源列出了尝试与 C&C 主机联系的设备。如果尝试向 C&C 主机发出出站请求,请求将被阻止和记录或只是记录,具体取决于配置。目前,您可通过 CLI 命令而非通过 Web 界面配置 C&C。
- 配置 C&C 配置文件。在此示例中,配置文件名称为
cc_profile
和威胁级别 8 及更高版本被阻止。
root@host# set services security-intelligence profile cc_profile category CC
root@host# set services security-intelligence profile cc_profile rule CC_rule match threat-level [8
9 10]
root@host# set services security-intelligence profile cc_profile rule CC_rule then action block drop
root@host# set services security-intelligence profile cc_profile rule CC_rule then log
root@host# set services security-intelligence profile cc_profile default-rule then action permit
- 使用
show services security-intelligence
CLI 命令。您的输出应该与此类似。
root@host# show services security-intelligence profile cc_profile
category CC;
rule CC_rule {
match {
threat-level [ 8 9 10 ];
}
then {
action {
block {
drop;
}
}
log;
}
}
default-rule {
then {
action {
permit;
}
log;
}
}
- 配置 C&C 策略,以指出步骤 1 中创建的配置文件。在此示例中,C&C 策略名称为
cc_policy
。
root@host# set services security-intelligence policy cc_policy CC cc_profile
- 使用
show services security-intelligence
CLI 命令。您的输出应该与此类似。
root@host# show services security-intelligence policy cc_policy
CC {
cc_profile;
}
[edit]
- 配置防火墙策略以包含 C&C 策略。此示例列出了信任到不信任的区域。
root@host# set security policies from-zone trust to-zone untrust policy p2 match source-address any destination-address any application any
root@host# set security policies from-zone trust to-zone untrust policy p2 then permit application-services security-intelligence-policy cc_policy
- 使用
show security policies
CLI 命令。它应该与此类似:
root@host# show security policies
...
from-zone trust to-zone untrust {
policy p2 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit {
application-services {
security-intelligence-policy cc_policy;
}
}
}
}
}
...
[edit]
- 提交更改。