Description of ThreatSTOP predefined policies.

We have seven predefined lists that users can choose if they do not wish to have to create their own policies. The lists are ones that we recommend for customers who do not need their own custom user data - either as block or allow lists - and want to protect against certain classes of threat. The list are described below in rough order of size with the largest at the top. If you are unsure of your firewall’s capacity you should probably choose either TSServer or TSDesktop depending on what sort of things you have behind it.

TSAll-CNEE

This policy contains all our standard mode blockers (Basic, Botnets, Unix Server and Advanced) as well as blocking the countries in our Eastern Europe (Russia, Ukraine, Romania, Latvia, Moldova) and China blocklists.

TSAll-CN

This policy contains all our standard mode blockers (Basic, Botnets, Unix Server and Advanced) as well as blocking the country of China.

TSAll

This policy contains all our standard mode blockers (Basic, Botnets, Unix Server and Advanced). This policy should be used if do not wish to block any countries but do want every sort of threat blocked.

TSServer

This policy contains our standard mode blocker lists designed to protect servers (Basic and Unix Server). This policy should be used if you have only servers’ to protect and have limited resources on your firewall.

TSDesktop

This policy contains our standard mode blockers designed to protect client devices against botnets (Basic and Botnets, Unix Server and Advanced). This policy should be used if you have only servers’ to protect and have limited resources on your firewall.

TSBasic

This policy the blocker lists of for our community users. This policy should only be used by non-community users if you have a firewall with very limited resources.

TSVOIP-PBX

This policy contains our expert mode blocklists designed to protect VOIP gateways and IP PBXes against SIP crackers and other similar attacks. It should be used only in an environment where you are protecting such a device and nothing else.

A10geoEE

Blocks certain countries in Eastern Europe that are frequently used for malicious purposes. Organizations that do not do business with Eastern Europe may want to apply this policy so as to prevent any communication with those nations. Currently consists of Russia, Ukraine, Romania, Latvia, and Moldova.

A10scan

Blocks IP addresses known to be scanning for vulnerabilities, password cracking and so on. It is intended to protect internet facing servers from abuse.

NOTE: Because one of the known attack vectors against these devices is to use google’s search engines as a proxy this policy will block access to Google and may block other search engines.