[Ended] Round 4 | Technical Document Scavenger Hunt
  

Sangfor Jojo Lv5Posted 2024-Sep-30 10:53




Dear members,
We are excited to announce the launch of our Technical Document Scavenger Hunt! This activity aims to encourage all users to dive deeper into our newly published technical document in the Knowledge Base, enhancing your understanding and engagement with the material.

By participating, you'll not only sharpen your skills but also have the chance to collaborate and share insights with fellow users.

We hope this scavenger hunt will not only enrich your knowledge but also spark engaging discussions. Happy hunting, and may the best reader win!


1. Activity Rules                                                                                                                     

1)  All community users are invited to participate in the scavenger hunt.
2)  There will be a total of 4 questions related to the Sangfor Managed Cloud Services aDR Deployment Guide
3)  Participants must submit their answers via the designated platform by October 7th.
4)  Winners will be announced next Tuesday on the community platform.


2. Activity Duration                                                                                                               

Oct. 1st - Oct. 7th


3. How to Participate                                                                                                                                                                                                                  
1) Browse the Questions:
We have provided a list of questions based on the content of the document. Your goal is to find the
answers within the text.

2) Read the Document:
Start by simply reading the catalog. Taking your second reading thoroughly with the given questions
which will make you read more efficiently.

3) Use the Search Function:
Most digital documents have a search feature. Use keywords from the questions to quickly locate
relevant sections.

4) Submit Your Answers:
Once you have your answers, post them in the designated thread by the deadline.

5) Collaborate:
Feel free to discuss your findings in the forum and win 100 coins. Sharing thoughts and interpretations can lead to a deeper understanding and may help others in their search.



4.  Rewards                                                                                                                             

Correct Answers: 100 coins for each correct answer.

All Correct: An additional 100 coins for those who answer all questions correctly.


5. Scavenger Hunt Questions                                                                                               

Q1: Please list at least three actions that can be executed after the number of new connections exceeds the specified threshold.
Q2: In this version, users do not need to update the mapping between IP addresses and domain names manually, is it right or false?
Q3: Which two detection methods can be used to detect the "Unauthorized outbound access"?
Q4: What is the normal condition for the upgrade process?


Read this document:
SANGFOR_NSF_V8.0.95_Version Release Notes


6. How to Reply This Post                                                                                                   

Answer the above four questions starting with the following format which will make us work efficiently.

Q1: xxxxx
Q2: xxxxx
Q3: xxxxx
Q4: xxxxx

--------------------------------------------------------------------------------------------------------------------------------------

7. Answers Announced                                                                                                                    
1. Giving alerts, discarding sessions, and blocking IP addresses can be executed
2. Right
3. immediate detection and scheduled detection.
4. at least 40% of the total CPU and memory are available, and the network is connected.

Recommended Reading                                                                                                          


Congratulations to the following participants on getting coins!


Sheikh_Shani Lv2Posted 2024-Oct-06 19:32
  
Q # 1
1. Trigger an alert notification to the system administrator to inform them of the increased number of new connections exceeding the threshold, allowing for timely intervention to mitigate potential risks and optimize network performance.

2. Implement an automatic traffic analysis to identify the source of the excessive new connections and apply specific firewall rules or access control policies to restrict or block suspicious traffic patterns, enhancing network security and maintaining optimal operation.

3. Utilize load balancing algorithms to distribute the load of incoming connections across multiple servers or network resources in order to prevent overload on any single component, ensuring consistent availability and performance even during peak connection periods.

Q # 2
In the SANGFOR_NSF_V8.0.95 version, users do not need to update the mapping between IP addresses and domain names manually. This statement is true. The SANGFOR Next-Generation Firewall V8.0.95 version comes with enhanced features that automate the process of mapping IP addresses to domain names without requiring manual intervention from users. This advancement in the software eliminates the need for users to constantly update this mapping, saving time and effort in network management tasks. With this automated feature, users can ensure that their network resources are efficiently utilized without the hassle of manual updates, enhancing overall network performance and efficiency.

Q # 3
- Network Behavior Analysis (NBA): This method monitors network traffic to identify unusual patterns that may indicate unauthorized outbound access. By analyzing traffic behavior, NBA can detect potential security threats and alert administrators ¹.
- User Entity Behavior Analytics (UEBA): UEBA focuses on monitoring user activity to identify suspicious behavior. By analyzing user behavior, UEBA can detect unauthorized outbound access attempts and alert administrators.

Additionally, you can also consider implementing:
- Intrusion Detection Systems (IDS): IDS can detect unauthorized access attempts by monitoring network traffic for malicious activity ¹.
- Anomaly-based Detection: This method identifies unusual traffic patterns that deviate from established baselines.


To effectively detect unauthorized outbound access, it's essential to combine these methods and regularly monitor network activity.

Q # 4

The normal condition for the upgrade process involves ensuring that a proper backup of the existing configuration and data is taken before initiating the upgrade. It is crucial to verify the compatibility of the new version with the existing hardware and software components to prevent any potential conflicts. Additionally, conducting thorough testing in a controlled environment prior to deploying the upgrade in the production environment is a recommended best practice. Adequate resources such as time, personnel, and communication channels should be allocated to facilitate a smooth transition during the upgrade process. Proper documentation of the upgrade steps and any potential issues encountered, along with a rollback plan in case of unforeseen circumstances, is essential for effective risk management. Finally, engaging with vendor support and relevant user communities for guidance and assistance during the upgrade can help address any challenges that may arise, ensuring a successful and efficient upgrade process.




Rendy Rinaldy Lv1Posted 2024-Oct-02 15:15
  
Q1. Alert generation, Connection throttling or rate limiting, Blocking or dropping connections.
Q2. true.
Q3. Traffic analysis and Signature-based detection
Q4. No active errors in the system before the upgrade, Sufficient resource availability, Stable network connection for downloading and applying the upgrade.
Anas Trust Lv1Posted 2024-Oct-02 12:52
  
Q1 : giving alerts, discarding sessions, and blocking IP addresses
Q2 : yes it is right
Q3 : immediate detection and scheduled detection
Q4 :
Clarence Roque Lv1Posted 2024-Oct-02 08:50
  
Q1:  If the number of new connections exceeds the specified threshold, actions such as giving alerts, discarding sessions, and blocking IP addresses can be executed.
Q2: Right/True
Q3: 1. Detection objects: multiple NICs, wireless NICs, and 4G/5G NICs.
       2. Detection methods: immediate detection and scheduled detection.
Q4: The upgrade process may take about 20 minutes under normal conditions (at least 40% of the total CPU and memory are available, and the network is connected)
ilham Lv1Posted 2024-Oct-01 11:04
  
Q1: giving alerts, discarding sessions, blocking IP adress
Q2: it is right
Q3: immediate detection and scheduled detection
Q4: The upgrade process may take about 20 minutes under normal conditions (at least 40% of the total CPU and memory are available, and the network is connected).
Enrico Vanzetto Lv4Posted 2024-Sep-30 20:50
  
Q1: If the number of new connections exceeds the specified threshold, actions such as giving alerts, discarding sessions, and blocking IP addresses can be executed
Q2: Right, DDNS policies can be configured to automatically map a user's dynamic IP address to a permanent domain name. Users do not need to update the mapping between IP addresses and domain names manually.
Q3: 1. Detection objects: multiple NICs, wireless NICs, and 4G/5G NICs. 2. Detection methods: immediate detection and scheduled detection.
Q4: Normal condition when at least 40% of the total CPU and memory are available, and the network is connected
Zonger Lv5Posted 2024-Sep-30 19:41
  
Q1: Block new connections, Redirect traffic to a designated server, Trigger an alert or notification.

Q2: True

Q3: Stateful Inspection & Behavioral Analysis

Q4: Backups, Testing, Staged Rollout, Monitoring & Verification.
CLELUQMAN Lv4Posted 2024-Sep-30 17:22
  
Q1: If the number of new connections exceeds the specified threshold, actions such as giving alerts, discarding sessions, and blocking IP addresses can be executed.

Q2: RIGHT

Q3: detected by scanning the NIC information and checking WLAN and WWAN services.

Q4: The upgrade process may take about 20 minutes under normal conditions (at least 40% of the total CPU and memory are available, and the network is connected).
Ghostlying Lv2Posted 2024-Sep-30 17:22
  
Q1: giving alerts, discarding sessions, and blocking IP addresses
Q2: correct, users do not need to update the mapping between IP addresses and domain names manually.
Q3: Detection objects (multiple NICs, wireless NICs, and 4G/5G NICs) and Detection methods (immediate detection & scheduled detection)
Q4: at least 40% of the total CPU and memory are available, and the network is connected
pmateus Lv2Posted 2024-Sep-30 16:11
  
Q1: Add a static route in the main router of the MCS SCP platform. Add a Tunnel Route for aDR customer in the VPN device of MCS. Implement Tunnel NAT feature to resolve subnet conflicts
Q2: False
Q3: By IP address and By Domain Name
Q4:  The normal condition for the upgrade process is that the on-premises SCP version must be 6.10,  and HCI must also be version 6.10 to support aDR between the MCS site and the on-premises site​