Cytracom ControlOne: What does high, medium, and low mean in filtering services?

Topic

This article discusses the different security levels available when configuring security policies and content filtering in ControlOne. 

Environment

  • Cytracom ControlOne

Description

Within the ControlOne portal you may notice that within security policies you have the ability to set levels of filtering for "IPS", "DNS & Content Filtering" and "Blocked Applications". This article explains what these all mean.

 

IPS

  • High - Detects IPS events with severity low and medium following the recommended action of the signature, and detects IPS events with severity high and critical with an always block action (regardless of default signature behavior)
  • Medium - Detects IPS events with severity low, medium, high, and critical with recommended action of the signature
  • Low - Detects IPS events with severity high and critical with recommended action of the signature

Screen_Shot_2022-05-23_at_12.43.53_PM.png

DNS & Content Filtering

  • High - Blocks by DNS and URL/IP based websites that are in low and medium, and additionally blocks bandwidth consuming sites such as audio and video streaming, file sharing, and internet telephony
  • Medium - Blocks by DNS and URL/IP based websites on the low list, and additionally blocks potentially liable (discrimination, extremist, violence, hacking, drugs, and proxy avoidance) and adult material (gambling, dating, weapons, and drugs)
  • Low - Blocks by DNS and URL/IP based websites that are a security risk including phishing, malicious, and spam hosting based, and botnet connections

Screen_Shot_2022-05-23_at_12.44.03_PM.png

Blocked Applications

  • High - Application based filter that blocks time wasters such as social media apps, risky applications such as proxy, VPN and p2p file sharing programs, remote access tools, and unknown applications
  • Medium - Application based filter that blocks security risk applications such as VPN/proxies and p2p file sharing programs
  • Low - Application based filter that blocks risky applications such as p2p torrent applications

Screen_Shot_2022-05-23_at_12.44.11_PM.png

Custom for "DNS & Content Filtering" and "Blocked Applications"

Within "DNS & Content Filtering" and "Blocked Applications" there is a button next to "Custom" called Screen_Shot_2022-05-23_at_12.44.44_PM.png. When selecting the respective filtering service, a window will pop up to customize filtering/blocked applications.

Blocked DNS & Web Content for DNS & Content Filtering

Screen_Shot_2022-05-23_at_12.44.54_PM.png

Blocked Applications

Screen_Shot_2022-05-23_at_12.45.06_PM.png

When traversing and searching through the different options within the aforementioned windows, simply uncheck anything you would not want to be filtered and click the Save button. The custom filtering policy within the two respective categories will then be in place. 

Additional Resources

Still have questions? Click here to learn how to contact Cytracom Technical Support.

Was this article helpful?
1 out of 2 found this helpful