Port Restriction alerts you of traffic flow between your device and a single Port or a list of Ports. You specify the Ports or Port ranges for whitelist alerting or blacklist alerting.
Example of whitelist alerting
For whitelist alerting, you select either send or receive and “any port other than the following ports”. The following is an example of when whitelist alerting would be useful.
- A diabetes monitoring company tracks patient's blood sugar information by way of monitoring devices. They need these monitoring devices to communication with a specific server and port so the information is routed to and can be viewed on their Web application. If the device is communicating on the wrong port, notification is needed so that the company is aware that they should ensure the information is processed as expected.
Examples of blacklist alerting
For blacklist alerting, you select send or receive to “the following ports”. The following are examples of when blacklist alerting would be useful.
- A credit card transaction company received news that a virus is being transferred over a certain port. If there are communications with any of their devices on this port, they need to be alerted so that they can take action to protect their devices.
- A trucking company has tablets in its trucks. If a driver accesses a Web site using their tablet, they would like to be alerted.
Setting a Port Restriction
Click to watch a short video or use the following instructions for setting a Port Restriction.
- Select Rules from the Dashboard navigator to open the Rules page.
- Click Create Rule.The Create Rule page is displayed.
- Enter a name for the new Rule.
- Select the Severity level (Low, Medium, High, or Critical). The default is Medium.
- Click Add Conditions.
- Click Port Restriction and click Continue.
- Select either any port other than the following ports (whitelisting) or the following ports (blacklisting).
- Select either sends or receives (that is sends to or receives traffic from the specified Ports).
- Enter the port number that you want to restrict. You can enter a range (for example, 25-30 restricts Ports 25 through 30).
- If you have more than one Port to restrict, you can click Add Another Port.
- If you have multiple Ports to restrict and want to add them from a spreadsheet, change to simple input view to copy from the spreadsheet and paste them into the Ports field.
- Click Continue.
- Click Continue again. The Port or Ports that you specified are displayed on the page along with your restriction of send or receive, and whether traffic is allowed or blocked.
- Verify the ports are as you need. If changes are necessary, click Back to make changes.
- Click Save.
Once Conditions are saved, they are displayed in a list in the Conditions section of the Create a Rule page.
Several Condition types are available. Adding at least one Condition is required.
Note: Duplicates of the same Condition within a Rule are not allowed. Refer to Following Rule Condition Restrictions for a list of all restrictions.
You can be notified when an alert is triggered by selecting Add Action and adding one or more e-mail addresses. If you need help, refer to Receiving e-mail notifications about Alerts.
When the Condition and e-mail addresses have been added, click Create Rule.
- SecurityPro checks whether a name for the Rule has been entered. If a name has not been entered, the Rule is not created and the Rule name field is highlighted in red. Enter a Rule name and click Create Rule to create the Rule.
- If a Severity Level for this Rule has not been selected, it defaults to Medium.
Once created, the new Rule is added to the list on the Rules page.
You can now assign this Rule to a Group. For help, refer to Assigning a Rule to a Group.
Important! SecurityPro only monitors your devices to notify you when your Device is not behaving as expected. It does not resolve this behavior. You must take action to resolve your Device’s behavior and then acknowledge within SecurityPro that you have done so.