- Table of Contents
-
- 03-Monitor
- 01-Application analysis center
- 02-Blacklist logs
- 03-Single-packet attack logs
- 04-Scanning attack logs
- 05-Flood attack logs
- 06-Threat logs
- 07-Reputation logs
- 08-URL filtering logs
- 09-File filtering logs
- 10-Data filtering logs
- 11-Security policy logs
- 12-IPCAR logs
- 13-Sandbox logs
- 14-NAT logs
- 15-SSL VPN user access logs
- 16-SSL VPN access resource logs
- 17-Terminal status
- 18-DLP logs
- 19-Zero trust policy logs
- 20-Application audit logs
- 21-System logs
- 22-Configuration logs
- 23-Traffic logs
- 24-Load balancing logs
- 25-TopN traffic
- 26-Security policy hit analysis
- 27-TopN threats
- 28-TopN URL filtering statistics
- 29-TopN file filtering statistics
- 30-Attack defense statistics
- 31-Server load balancing statistics
- 32-Outbound link load balancing statistics
- 33-Transparent DNS proxy statistics
- 34-Connection rate ranking
- 35-DLP statistics
- 36-TopN traffic trends
- 37-Security policy hit trend analysis
- 38-TopN threat trends
- 39-TopN URL filtering trends
- 40-TopN file filtering trends
- 41-Link trend
- 42-Routing policy trends
- 43-Virtual server trend
- 44-Server farm trends
- 45-Real server trend
- 46-Domain Requested Times Trend
- 47-TopN file filtering trends
- 48-Online SSL VPN users trend
- 49-Botnet analysis
- 50-Asset security
- 51-Threat case management
- 52-Report settings
- 53-Session list
- 54-LB session information
- 55-DNS cache information
- 56-User information center
- 57-IPv4 online users
- 58-IPv6 online users
- 59-MAC authentication online users
- 60-Terminal status
- 61-Asset scan
- 62-Ping
- 63-Tracert
- 64-Packet capture
- 65-Webpage Diagnosis
- 66-Diagnostic Info
- 67-Packet trace
- 68-Load balancing test
- 69-IPsec diagnosis
- 70-Risk analysis
- 71-Content moderation logs
- 72-Content security top
- Related Documents
-
Title | Size | Download |
---|---|---|
70-Risk analysis | 30.42 KB |
Risk analysis
This help contains the following topics:
Introduction
This feature scans devices in an IPv4 or IPv6 address range to find whether the following risks exist on these devices:
· Specific TCP or UDP ports are opened.
· IPS profile not configured.
· WAF profile not configured.
· Weak passwords.
You can enhance the device security based on the scan result.
Table 1 shows the measure to be taken for each risk type.
Table 1 Measure for each risk type
Risk type |
Measure |
Open TCP or UDP ports |
Configure dropping packets destined for the ports. |
IPS profile not configured |
Configure an IPS profile. |
WAF profile not configured |
Configure a WAF profile. |
Weak passwords |
Configure a strong password. |
Restrictions and guidelines
· For an IPv4 address range to be scanned, each of the four section of the start address must be greater than the corresponding section of the end address. Otherwise, no scanning results can be obtained.
· For an IPv6 address range to be scanned, the start address must be greater than the end address. Otherwise, no scanning results can be obtained.
· To obtain accurate scanning results, do not modify the security policy configuration during the scanning process.
· If you perform a security policy import or export operation after a scanning task is completed, it is recommended that you perform the scanning task again and then perform bulk risk management.
Configure risk analysis
1. Click the Monitor tab.
2. In the navigation pane, select Diagnosis Center > Risk Analysis.
3. Select an address type. Options are IPv4 and IPv6.
4. Configure an IP address range.
5. Select or enter TCP port numbers.
6. Select or enter UDP port numbers.
7. Choose whether to enable weak password scanning. After enable this function, click Configure to configure the scanning range and scanning mode.
8. Click Scan.
During the scanning progress, you can minimize the scanning progress window and perform operations on other pages. To view risk analysis results, select one or more entries in the Scanning records area, and then click Search.
9. Click Bulk risk management.
10. Select an address type and a security policy to display related risks.
11. Select the risks requiring management, and click Risk management.
12. Configure a security policy to deal with the risks, as shown in Table 2.
Table 2 Security policy configuration items
Parameter |
Description |
Management mode |
Specify a management mode: · Create security policy—Create a new policy based on the policy template. · Edit security policy—Edit the existing policy based on the policy template. |
Name |
Enter the policy name. Policies of the same type cannot have the same policy name. |
Address type |
Specify an address type: IPv4 or IPv6. |
Policy template |
Select a policy template. As a best practice, select the security policy associated with the risks. |
Source zone |
Configure source security zones as filtering criteria for the security policy. |
Source IP/MAC address |
Configure source IP or MAC addresses as filtering criteria for the security policy. Source MAC addresses are supported as filtering criteria for only IPv4 security policies. |
Destination IP |
Configure destination IP addresses as filtering criteria for the security policy. |
Service |
Configure services as filtering criteria for the security policy. |
Action |
Specify an action: · Permit—Allows packets matching the filtering criteria to pass through. · Deny—Drops packets matching the filtering criteria to pass through. |
Content security |
Configure content security settings. If a profile is specified, the system performs DPI on matching packets. |
13. Click OK.