Scribd Logo
Upload

Welcome to Scribd!

  • NE - 12 - Outbound Threats

    Uploaded by

    Roberth
    2 views3 pages

    Original Title

    NE _ 12 - Outbound Threats

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    2 views3 pages

    NE - 12 - Outbound Threats

    Uploaded by

    Roberth

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    15/9/22, 15:15 NE | 12 - Outbound Threats

    AED Training
    Outbound Threats
    Overview
    Description

    In this lab you will identify threats that are generated from within your network, and then you will take
    action to block that outbound threat.

    Objectives

    After completing this lab exercise, you will be able to:


    View indicators of an outbound threat from within your network.

    Use the AED outbound threat filter to block the outbound threat viewed.
    Monitor the effectiveness of your mitigation.

    Estimated Completion Time

    The estimated completion time for this lab is 30 minutes.

    Lab Topology

    Please ensure you read each step carefully before performing the required task in the order described.

    If you are asked for your [POD] number in this lab, use the number that is part of your NE
    username.

    Example: Username NE312 <=> [POD] = 312

    Monitoring AED Indicators for a DDoS Attack


    The outbound threat filter prevents malicious traffic from leaving your network. Unlike the protection groups,
    which protect specific hosts, the single outbound threat filter protects all of the outbound IPv4 traffic that
    passes through AED.

    1. Skip to Step 3 if a tab to the AED web UI is open. If not, then from your NETSCOUT Experience user
    dashboard click on the AED link to open a new tab to the web UI.

    2. Login to your AED web UI with your NETSCOUT Experience user credentials.

    Username: NE102

    Password: Kinemumo4^

    or

    Username: admin

    https://portal.ne.netscout.com/dashboard/lab_guide/448/45085/ 1/3
    15/9/22, 15:15 NE | 12 - Outbound Threats

    Password: Welcome123

    3. Go to the AED's Summary page, click either the NETSCOUT | Arbor Edge Defense logo or
    the Summary menu item, either options will load the Summary page.

    4. Ensure that the Deployment Mode on your AED is set to Active and the Protection Level is set to Low
    (globaly and for every PG).

    5. Ask the instructor to start the attack outbound from your network.

    6. Review the indicators of your AED for any DDoS attack:

    On the Summary page view the ATLAS Threat Categories section of the page.

    Additionally view the Outbound Threat Filter page for more details, go to Protect > Outbound
    Protection > Outbound Threat Filter.

    View Blocked Host log if/where appropriate, Explore > Blocked Hosts, then change the Traffic
    Direction = Outbound

    Identify an action or protection that should mitigate the attack.

    Record the attack details and your observations here:

    7. What is the Traffic Vector value for AIF Outbound and what policy does this represent? Does this
    indicator match the outbound threat that you identified?

    1. Go to Explore > Blocked Hosts


    2. Click the Outbound Traffic Direction Selector

    3. Click Search button

    4. You might want to change the Time to -5m or -1h

    8. Ask your instructor to stop the attack and ensure that the Deployment Mode is set to Active and the
    Protection Level is set to Low.

    9. Good work!

    You have successfully viewed the indicators of an outbound threat generating from within your
    network and took action to block that threat.

    10. Please notify the instructor that you have completed this lab exercise.

    If you would like a copy of this lab select either the Print or the Save Page As (Control-S) menu
    options from your browser’s dropdown menu.

    Depending on which browser you are using, to access these menu options select either:

    Select "File" from the your browser's menu, then choose either:

    1.) Print > Print to PDF


    2.) Save Page As > Web Page Complete.

    Or select the three dot vertical ellipsis, then choose either:

    1.) Print > Print to PDF


    2.) Save Page As > Web Page Complete.

    Or select the three line hamburger menu button, then choose either:

    https://portal.ne.netscout.com/dashboard/lab_guide/448/45085/ 2/3
    15/9/22, 15:15 NE | 12 - Outbound Threats

    1.) Print > Print to PDF


    2.) Save Page As > Web Page Complete.

    Select whichever method that works best with your browser.

    This completes the lab exercise for the quick installation script for your AED. For more information about the
    configuration settings for your AED's installation, refer to the AED Quick Start Card / Installation
    Guide and/or the Arbor Edge Defense User Guide.

    © Copyright 2022 NETSCOUT, Inc. All rights reserved

    https://portal.ne.netscout.com/dashboard/lab_guide/448/45085/ 3/3

    You might also like