SSH proxy or SMB proxy?

ArthurArthur
in Firebox - Proxies

Any preference? Some users think an SMB proxy would go further in preventing ransomware attacks (e.g. WannaCry, NotPetya, etc.). Other potential enterprise customers that would like to work with us, would prefer an SSH proxy that obviously does not share the weakness of an unverified SSH host key:

http://phoneboy.org/2015/07/29/lies-damn-lies-and-inspecting-ssh-traffic-securely/

Comments

  • Brent_LandonBrent_Landon WatchGuard Representative

    Hello Arthur,

    We don't currently have a proxy designed around SSH so likely we'd need a new support case if this were a feature request that the customer wanted fulfilled as I couldn't find anything in our request database that matches this.

    There is a feature request to allow GAV/APT to apply to SMB traffic and that is still open. The request number for this is RFE92541 so we'd want a separate support case for this. We'd want to flag this case with that request number for tracking.

    Ultimately, the best way to catch ransomware on ports which we can't apply a proxy to is to enable IPS (intrusion prevention services), as well as application control.

    See the following KB on how to best protect the device with a baseline configuration. I would enable IPS on all outbound policies as well as application control.

    https://watchguardsupport.secure.force.com/publicKB?type=KBArticle&SFDCID=kA2F0000000QBnRKAW&lang=en_US

    Let me know if this helps.

    Kind regards,

    Brent Landon

Sign In to comment.