0
(0)

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). Copyright © 1998-2020 The OpenSSL Project. All rights reserved.

This product includes cryptographic software written by Eric Young ([email protected]). Copyright © 1995-1998 Eric Young ([email protected]). All rights reserved.

For details on the latest release of F-Secure ThreatShield, see the change log on F-Secure Community.

Note: ThreatShield cannot be used in isolated network environments because license activation requires a working internet connection.

Major features
  • Web Security (HTTP)
  • Advanced Web Security (HTTPS)
  • Advanced Threat Detection with SandViper
  • Advanced Threat Detection with file content type detection
  • Web Content Control with Active Directory integration
  • Email Security (SMTP)
  • Email quarantine management
  • File Transfer Security (FTP)
  • Automated product upgrades
System requirements
Supported 64-bit Linux operating systems:

  • CentOS 7.2 – 7.x
  • RHEL 7.2 – 7.x
  • Debian 9.2 – 9.x
  • Ubuntu 16.04.4 – 16.04.x

Minimum hardware requirements:

  • x86_64 compatible CPU (2Ghz or faster recommended)
  • At least 4 GB of RAM per proxy service (HTTP(S)/SMTP/FTP) for 200 simultaneous connections
  • At least 5 GB of free disk space
  • Installed files need at least 1.5 GB of free disk space and the running system needs significantly more space for quarantined messages, temporary files, logs, and other similar files.
Package prerequisites
Debian based systems:

curl libcurl3 libsasl2-modules-gssapi-mit libssh2-1 libfuse2 libpam-modules libwrap0 openssh-server python zlib1gRed Hat based systems:

curl cyrus-sasl-gssapi fuse-libs libcurl libssh2 openssh-server pam policycoreutils-python python tcp_wrappers-libs zlib

Licensing
Until further notice, no sales allowed outside Australia, EU, Canada, Japan, New Zealand, Norway, Switzerland, Liechtenstein, and United States of America.

Trial license can be requested from F-Secure Sales at https://www.f-secure.com/ThreatShield.

Installation
Follow these steps:

  1. Install the prerequisites for your operating system.
  2. Select the package for your distribution (RPM for Red Hat and DEB for Debian-based systems). Run the following command with root privileges to install the package:
    • Red Hat based systems:rpm -i f-secure-threatshield-6.0.6-1.x86_64.rpm
    • Debian based systems:dpkg -i f-secure-threatshield_6.0.6-1_amd64.deb
  3. Activate the installation:/opt/f-secure/threatshield/bin/activate \
    –licensekey XXXX-XXXX-XXXX-XXXX-XXXX \
    –certificate /root/certificate.pem \
    –key /root/key.pem

You can specify a HTTP proxy using the following environment variables before calling the activate command. The proxy settings are saved and used when the product communicates with F-Secure-hosted services.

export FSECURE_HTTP_PROXY_HOST=example.proxy.com export FSECURE_HTTP_PROXY_PORT=8080The server certificate and signing key that are used by the Admin UI web server are required. For testing purposes, you can create them using OpenSSL with the following example command:

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pemThe latest version is downloaded and started when ready. Accept the license terms during the installation.

After the installation is complete, F-Secure ThreatShield Web UI is accessible on HTTPS port 9012 with admin/admin as default credentials.

Configuration notes
Active Directory integration requires a Kerberos configuration file (krb5.conf), which is imported in the AD settings wizard. The file must include at least the following settings:

[libdefaults] default_realm = EXAMPLE. COM [realms] EXAMPLE. COM = { kdc = kerberos.example.com admin_server = kerberos.example.com }Consult your operating system documentation for the full list of available Kerberos client-side configuration options.

Known issues
  • The activate command requires absolute file paths for the web server certificate and signing key files. (CSLP-3039)
  • By default, the enabled proxy services listen (bind) to all interfaces according to “Server hostname” setting. The listening interface can be explicitly configured by setting the Server hostname value with the syntax “hostname%interface”. For example, 123.123.123.123%eth0. (CSLP-2580)
  • Web UI is enabled for all network interfaces. We recommend that you configure the system firewall to deny access from any untrusted interface. (CSLP-2931)
  • Web UI allows you to configure the same port number for more than one service. If you do so, the service will not start. Open Dashboard to verify the enabled services and port numbers. (CSLP-2953)
  • Web UI cannot be used to change any settings when the browser is set up to use Web security. Exclude the host in the Web security scanning settings or connect to the Web UI directly to solve this issue. (CSLP-2973)
  • Web UI: Advanced Threat Analysis settings do not appear to be disabled for the Basic license, but enabling the setting does not turn on the Advanced Threat Analysis unless you have the Premium license. (CSLP-2979)
  • Dashboard becomes slow after it has been running for one hour in the foreground browser tab. Close the tab and reopen the UI to solve this issue. (CSLP-2972)
  • In the Dashboard statistics, excluded and failed scan results are double counted as clean results. (CSLP-3044)
  • Active Directory integration requires that the AD server has Global Catalog enabled. SAMAccountName and displayName attributes must be replicated to the Global Catalog. (CSLP-2829)
  • Active Directory test button is not working when you specify a group search base. We recommend that you test the connection before you enter a group search base value. The Web Content Control feature is not affected even if the test button does not work. (CSLP-2988)
  • The connection test in the Active Directory configuration wizard fails even with correct inputs. As a workaround, complete the wizard and press the “Test” button in the Active Directory configuration page. (CSLP-3051)
  • Web security does not show the proper block page template when HTTPS connection is disallowed by Web Content Control. Instead, the proxy service refuses the connection. (CSLP-3000)
  • Setting for transparent proxy mode for Web security is missing in Web UI. The detailed instructions how to configure transparent proxy mode are available in the Admin Guide. (CSLP-3050)
  • When transparent proxy mode is enabled, the https traffic (port 443) should be forwarded to the proxy only if HTTPS security is enabled and configured. Otherwise, the proxy will fail to process the https traffic. (CSLP-3052)

Source : Official F-Secure Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 17 times, 1 visits today)