Access the Versa Director for ActiveCore (Answered)

Versa Director is a portal some ActiveCore customers use to view their ActiveCore service and features. Please see below to learn how to access Versa Director and its functions.

Please note: at this time, you will still need to call into Comcast Business (800) 741-4141 to make changes to these functions.

1. Sign in to My Account.
2. On the Overview page, select ActiveCore from your Subscribed Services.
   
   
   
   
3. Click Management Portal. This will open Versa Director.
   
   

The Comcast Business SD-WAN uCPE is equipped with a Stateful Firewall, which provides the following level of Security: 

• Denial of Service (DoS) protection
• Volumetric traffic rules which looks for abnormal amounts of traffic that can indicate an attack is happening
• Identify embedded control information in protocols to help facilitate two-way communication between devices, such as FTP and SIP
• IPsec encryption and tunnel services
• Application visibility – when the device has an application identification engine or deep packet inspection engine

Comcast Business customers with Unified Security will be provided a NextGen Firewall, which includes the Stateful Firewall level of security and includes additional features and capabilities:

• Application traffic monitoring and statistics
• Access by application type
• Access by user or group by using Active Directory or Lightweight Directory Access Protocol (LDAP) integration
• Forwarding by application type using policy-based forwarding
• Ability to permit or deny traffic based on:
  • Regions or countries
  • IP reputation or location
  • URL categories, strings, or reputations

Traffic moving through the network can have IP addresses that are associated with a bad reputation, which could a cause security risk to your network. To block IP addresses based on IP address reputation and IP address metadata such as geolocation, you can configure IP address filtering profiles and then associate them with security policy.

IP address filters are based on the following IP address attributes:

• IP reputation— You can create IP-filtering profiles with the following predefined IP reputations:
  • BotNets
  • Denial of service
  • Phishing
  • Proxy
  • Reputation
  • Scanners
  • Spam sources
  • Web attacks
  • Windows exploits
• Geolocation—Versa Networks provides a list of predefined regions that you can use to create IP-filtering profiles based on geolocation.

You can define IP-filtering profiles to filter traffic based on the IP address attributes. Each IP-filtering profile object can specify the following:

• Allow lists for IP addresses
• Deny lists for IP addresses
• DNS reverse lookup configurations
• Rules for geolocation-based actions
• Rules for IP reputation–based actions

You can match the IP address based on the following match criteria:

• Destination IP address
• Source IP address
• Source and destination IP address
• Source or destination IP address

You can enforce the following actions when a session's IP address matches the conditions in an IP-filtering profile:

• Allow
• Alert
• Drop packet
• Drop session
• Reset

You can also configure custom actions in an IP-filtering profile.

Domain Name System (DNS) filtering allows the user to control access to websites, webpages, and IP addresses, to provide protection from malicious websites, such as known malware and phishing sites.

You can create a DNS-filtering profile and then associate it with an access policy. In a DNS-filtering profile you can configure the following components to use to filter DNS requests:

• Deny lists—Define the URLs and IP addresses of DNS requests that access is blocked and define the action to take when a URL or an IP address matches the list. Deny lists are sometimes referred to blacklists.
• Allow lists—Define the URLs and IP addresses of DNS requests to which to explicitly allow access. Allow lists are sometimes referred to as whitelists.
• Query-based actions—Define rules for DNS operation codes (opcodes), which are the commands that are sent to.
• DNS servers to have them perform an action.
• Reputation-based actions—Define how to handle DNS requests from newly observed website domains.
• Detection of DNS tunneling—Define parameters for identifying DNS tunneling, which is a type of cyberattack that encodes the data from other programs or protocols in DNS queries and responses. An attacker can create a command-and-control channel with the infected device, extract data (information) from the infected device, and then insert malware or other data into the infected device using only DNS query and DNS response.

With Unified Security, you can use file filtering to reduce the risk of attacks from unwanted and malicious files, decreasing an attacker's ability to attack your organization by protecting against virus and vulnerabilities that are associated with various types of files. File filtering is performed based on the file type and the hash of the file.

The antivirus software scans files received or transmitted in live traffic. When the last byte of a file is transmitted, the antivirus software extracts the file and scans it for viruses.

• You can scan the following types of traffic:
  • Web traffic sent using FTP and HTTP
  • Email traffic sent use IMAP, MAPI, POP3, and SMTP

The following table lists the types of files that the antivirus software can scan.

• The antivirus profile is then applied to all traffic that matches the policy rule. 
• The antivirus software provides predefined antivirus profiles, and you can configure custom antivirus profiles. 
  • For predefined antivirus profiles, the maximum scannable file size is 512 KB. 
  • For custom antivirus profiles, the user can configure the maximum scannable file size.

To protect a network against security vulnerabilities, the Unified Security (Versa UTM) capabilities include intrusion detection and prevention (IDP). 

IDP is a preemptive approach to network security that identifies potential threats and responds to them based on user-defined policy. IDP comprises two components:

• Intrusion detection system (IDS) is the process of examining the network for indications of vulnerabilities and for detecting inappropriate or anomalous activity.
• Intrusion prevention system (IPS) is the process of stopping vulnerabilities by responding to inappropriate or anomalous activity. Responses can include dropping data packets and disconnecting connections that are transmitting unauthorized data.

With URL filtering, you can create filters that prevent access to specific URLs, allowing you to control web-browsing activity within your organization. Uncontrolled access to internet websites can expose an organization to security risks, such as threat propagation, loss of data, and lack of compliance. 

Unified Security devices categorize and continuously update URL information, including URL categories and reputations. Unified Security devices create a local database that can store up to 20 million URLs. In addition, Versa supports a cloud-based URL database that contains more than 31 billion URLs. You can configure real-time cloud lookup to determine URL categories and reputations in the cloud-based URL database.

Unified Security devices classify URLs into 82 predefined categories, and you can create custom URL categories and associate them with reputations. Both predefined and custom URL categories are used to create policies that restrict access to websites based on the URL's category and reputation.

You can find the main configuration components related to a your security policy by clicking the gear icon (services) Services NextGen Firewall hierarchy of the configuration, depending on which type of services are enabled in the template workflow.

• Navigate to Administration > Appliances and locate the appliance in the appliance list. Click the appliance name to open the Appliance Context mode of the device. From the Appliance Context mode of the device, click the Configuration tab to open the configuration of the device.
• Navigate to the Services > Next Gen Firewall > Security hierarchy of the configuration and select Policies.

When security services are enabled in a workflow, 2 default policy rules are created to allow traffic from the local site to remote destinations and to allow SD-WAN traffic from remote sites to enter the local device through the SD-WAN tunnels.

Additional rules can be added, based on the individual customer needs and specifications. These rules can, and often need to, be arranged in an order that will not conflict with the business traffic priorities.

After creating these rules, you can test them by using an internet browser to test situations that are both supported and unsupported by those rules.

Your device needs to be configured to remove packets from the queues and to forward them out the interface. There are 4 major traffic classes: Network Control, Expedited Forwarding, Assured Forwarding, and Best Effort. Each of these traffic classes has 4 queues. You will create a scheduler for each major traffic class that:

• Defines how much interface bandwidth each traffic class will have for transmitting traffic; and
• Defines which queues to pull traffic from when the traffic class is granted access to the interface

Monitoring of these policies will be conducted in a Tableau view. For more information, please see Tableau for ActiveCore Unified Security.