Attacks

Karl

I have a TZ370, and I have set it up using the information in the guides to enable Stealth Mode and Randomize the IP ID, yet my system is under attack approximately every 10 seconds around the clock. Is there any other steps I can take to hide my net? Stealth mode and IP randomizing is not working? If this continues, at some point, We're concerned that someone will gain access to our network?

Saravanan

Hi @Karl,

Thank you for visiting SonicWall Community.

Could you please ensure to enable all security services on the SonicWall? Providing you a couple of KB articles for reference w.r.t enabling security services on the SonicWall.

https://www.sonicwall.com/support/knowledge-base/how-to-enable-the-security-services/170504349078273/

https://www.sonicwall.com/support/knowledge-base/common-configurations-to-protect-against-ransomware/170530131904077/

Along with the above KB article provided instructions, please make sure to have WAN to LAN or WAN to DMZ or WAN to any custom Zone access rules are set to deny except for the few accesses that you need to allow. You can also modify the deny rule with action Discard.

Please make sure flood protections are enabled on the SonicWall.

https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-the-sonicwall-to-mitigate-ddos-attacks/170505822443506/

Please let us know how it goes.

TKWITS

Welcome to the 'wild west' that is the internet. Cybersecurity is no joke. Nothing is plug and play. You have to define your policies and procedures to mitigate what are risks. Implement the policies and adjust to how well they are working. Continually refine.

A good start is reading up on NIST CSF.

https://en.wikipedia.org/wiki/NIST_Cybersecurity_Framework

A quick thing you can implement, if you have Security Services subscription, is GeoIP filtering. Figure out what countries traffic is required to/from and block the rest. Then enable GeoIP filtering on your access rules.