Dome Playbook: Off-Premise Users

1

We want to create a playbook for our MSPs so that they can deliver their customers the best line of services using Dome Products and with ease.

Use this thread for telling us your use cases and we will deliver you stepwise, easy to follow playbook entries.

Example:

Use Case: My customers have technicians/sales team on the field who are using their company provided laptops off premises. Even off-premise, I need to report their web usage, apply company web access policy and prevent advanced threats. Last year one of the sales agents got affected by a ransomware seed through a rogue access point at the airport and on his return, it spread through the entire network. Also while off-premise, one of the employee accessed some flagged websites using his company laptop which caused me legal issues.

How-to:

Using Dome Shield

  • Login to C1 Portal and open Dome Shield
  • Go to Configure > Objects > Roaming Devices and download the agent
  • Install the agent into designated laptops while they're at your office network (for detailed how to setup see: https://forum.mspconsortium.com/forum/products/other-comodo-products/comodo-dome/12714-how-to-setup-dome-shield)
  • Go to Security rules and click Create Security Rule by selecting all threat categories.
  • Go to Category rules and click Create Category Rule by selecting Legal Liability sites
  • Go to Policy and click Add New Policy
  • Select all your Roaming Agents and Security/Category Rules created in step 4 and 5.
  • Hit Create.
Result: All your roaming users on and off premise are going to be blocked for Legal Liability and Advanced Threat domains traffic. Botnet callbacks, phishing attempts, malware domains will be stopped(plus 24 additional threat types as well). You will see users violating these policies using Reporting function on Dome Shield.

Using Dome Secure Web Gateway(Standard)

  • Login to C1 Portal and open Dome Secure Web Gateway (if you don't have it enabled go to App Store first)
  • Go to Administration > Traffic Forwarding > Dome Agent and hit Add Configuration
  • Toggle on “Disable if GW is Unreachable” and “Protect Hosts File”
  • Download the Configuration created and the Dome Agent
  • Install the agent into designated laptops
  • Go to Authentication Configuration > User Management and add credentials for your roaming users
  • Go to Configuration > Web Content Policy > URL Filtering and click New URL Policy
  • Select Legal Liability websites and Enable Safe Search Enforcement
  • Go to Advanced Threat Protection and toggle on all Advanced Threat categories
  • Go to Policy and click New Policy
  • From “Select Location”, select “Roaming Users” and select the URL Filtering rule created in step 7.
  • Toggle on Containment and hit Save.
  • Go to Reporting and hit Custom then Create New Report(you can call it Roaming User Activity)
  • Hit Add Graph and give it a name
  • Select Data Set > Web Access Events > Blocked Traffic and group by User
  • Add Filter for Locations and type “roaming” into textbox next to it.

Result: All your roaming users are protected against Zero-Day Malware including cryptolockers, ransomware, botnet seeds and further using Containment and Valkyrie. All risky IP addresses and domains trying to access your roaming users are blocked including rogue access points. Access to Legal Liability sites and explicit search engine queries are blocked. And users violating these policies will be presented in Reporting plus you will get automatic emails.

Lets talk about your use cases.