Protocol Restriction alerts you about traffic flow over specific protocols. The supported protocols are TCP, UDP, and ICMP.
Following are examples of when the Protocol Restriction condition is useful.
If your device is sending or receiving transmissions such as e-mails, images, or documents, you are using TCP. If another protocol is attempting these transmissions, you need to be alerted to prevent the risk of losing packets of information.
For example, a business uses a device to record video and upload it to a secure server. In this case, each packet of information is important. If the transmission switched to UDP, the potential loss of data packets, footage, or information could occur.
When speed is more important than error checking and loss of data packets is unimportant, UDP is used.
For example, a business not interested in lost data packets, such as a company testing their new mobile gaming platform. Using another protocol, such as TCP would cause a lag in data stream and decrease optimization of game performance. Checking of packets or error checking is not needed for this type of transmission.
ICMP is an error-reporting protocol. It exchanges status information such as request and reply messages for utilities. This protocol is primarily used for diagnostic or control purposes or generated in response to errors in IP operations.
If a device is attempting to communicate by way of a transport protocol, diagnostics could not successfully be run on the device to determine whether packets are being sent successfully, or how long packets take to be sent and received between two devices. In other words, the echo request could be implemented, but the echo reply message would not be received because the device was using the wrong protocol to reply.
Setting a Protocol Restriction
You select at least one protocol to be alerted when traffic flow occurs from either of the other protocols.
For example, if you only want to receive traffic flow from TCP, you select TCP. If traffic occurs between your device and UDP or ICMP, an alert is triggered.
- Select Rules from the Dashboard navigator to open the Rules page.
- Click Create Rule.
- Enter a name for the new Rule.
- Select the Severity level (Low, Medium, High, or Critical). The default is Medium.
- Click Add Conditions.
- Click Protocol Restriction and click Continue.
- Select the protocol or protocols that you want to permit traffic flow to or from. For example, if you select TCP, only traffic flow for TCP is allowed. Traffic flow through another protocol would trigger an Alert.
- Click Continue.
- Click Continue again.
- Verify your selection. If a change is necessary, click Back to change your selection.
- Click Save.
Once Conditions are saved, they are displayed in a list in the Conditions section of the Create a Rule page.
Several Condition types are available. Adding at least one Condition is required.
Note: Duplicates of the same Condition within a Rule are not allowed. Refer to Following Rule Condition Restrictions for a list of all restrictions.
You can be notified when an alert is triggered by selecting Add Action and adding one or more e-mail addresses. If you need help, refer to Receiving e-mail notifications about Alerts.
When the Condition and e-mail addresses have been added, click Create Rule.
- SecurityPro checks whether a name for the Rule has been entered. If a name has not been entered, the Rule is not created and the Rule name field is highlighted in red. Enter a Rule name and click Create Rule to create the Rule.
- If a Severity Level for this Rule has not been selected, it defaults to Medium.
Once created, the new Rule is added to the list on the Rules page.
You can now assign this Rule to a Group. For help, refer to Assigning a Rule to a Group.
Important! SecurityPro only monitors your devices to notify you when your Device is not behaving as expected. It does not resolve this behavior. You must take action to resolve your Device’s behavior and then acknowledge within SecurityPro that you have done so.