SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsThis paper focuses upon the layered use of the Watchguard Live Security System (LSS) proxy services to mitigate the risks of, and reduce exposure to, viral outbreaks and data compromises. The key to properly configuring LSS proxy services without hampering system function is a strong understanding of organizational policies and these risks. A discussion of the effects and ramifications of using proxied services on the Watchguard and methods of minimizing these effects and weaknesses of the approach are included. The configuration of commonly used stateful proxy filters on the current Watchguard Firebox II and III appliances using LSS 6.2 SP1 are described. Watchguard released 7.0 during the writing of this paper; changes in this version are not covered. Other Watchguard appliances are not discussed since they lack proxy services or vendor support. Emphasis is placed upon the use of content filters and egress policies that enhance defenses against viral code and support AUPs. Defenses that effectively reduce the impact from new attacks using exploits such as those used by Nimda, Klez, and other blended threats are presented. Other functionality of the Firebox is included for comparative purposes; details of those functions are not topics for this paper.