Main Page

From Shield Series
Jump to: navigation, search

Contents

MatrixShield-Series Manual

Introduction

MatrixShield is a cost-effective gateway information security solution for individuals and organizations.


With the widespread of websites, applications, internet of things, and smart homes, information security becomes one of the major issues. First, it's impractical to control the quality of all software. Even if vulnerability is identified, a large portion of vulnerable codes can't be fixed or can't be mitigated before they are exploited. Many reasons can cause this issue. In case the codes are well maintained, it typically takes vendors much time to release correct patches. As shown in the following picture, there are many phases before a patch is published.

Window of Vulnerability[1]

Second, in many cases, users can't even modify source codes, because they don't have privilege to access sources codes. Some vendors simply don't respond to vulnerabilities as well.

The rules of the MatrixShield Series are not fixed. Instead, we provide update servers for users to prevent against modern attacks. The process of generating rules is as follows. We also provide tutorials to customize rules.

Process of Generating Rules


Understanding the pain and risk of users in worldwide, MatrixShield Series address these issues by helping users fight against attackers in the first line. For enterprises, MatrixShield Series can greatly enhance the layer of defense as well as protecting the intranets. For medium and small business, MatrixShield Series can play as a professional information security team. MatrixShield series protect and monitor the protected systems. All can control everything in the devices and trust the systems.

User Guide

All can install and configure MatrixShield Series as most routers.

You may use LAN or WiFi to connect to the administrator's interface to start. The default password of WiFi:1qaz2wsx.

The default internal IP address of administrator's page of MatrixShield Series is https://10.0.249.1:9995/.

The default username and password: user/matrixshield_testing.

You may access to it from local area network and change default settings there.

Prevention

The major function of MatrixShield Series is to defend against cyber attackers. By clicking Attack Prevention=>TIFF, you may set up the function in a minute.


First, click add to add new hosts to protect.

Add Hosts to TIFF-1


Second, choose HTTP or HTTPS, specify host name, proxy server, and the protected host. MatrixShield Series obtain IP addresses automatically. You could select the right machine to protect. If you are not sure how to choose the IP address of the proxy server, select ALL will work. The proxy server will be in front of the protected systems.

The protecting host is machine that you would like to protect.

TIFF-2

Third, check Enable Protection and Save.

Finally, you could see TIFF is running successfully.

Set up TIFF-3


The process is similar to setting up NAT.


It can avoid attackers from penetrating into servers like web servers, VPN servers, mail servers, etc. Internet of Things devices like smart phones can be protected as well. Via logs, we can check what kinds of attacks and their source IP are detected and blocked. The rules are not fixed. It is designed to protect against modern attacks. Therefore, we apply machine learning techniques to update rules. Users may click Rule Update, and the device will perform the update automatically as follows.

Update Rules


Users may configure advanced brute-force detection and prevention as well. The mechanism is implemented to trick attackers. After some times of login failure, our rule would record and block attackers. In the future, even if attackers finally try to login as correct credentials, they will be shown incorrect credentials by the protecting system.

Configure Advanced Brute Force Attack

Detection

Other Functions

VPN

Not only security functions, users may install all kinds of services. By configuring VPN, usrs may access to internal services from the gateway. The supported protocols include IPSec, L2TP, OpenVPN, and PPTP.

VPN Functions

Depending on users' OS, users may set up remote VPN connections to the MatrixShield Series.

Firewall

The MatrixShield Series include typical firewall and traffic shaper.


Firewall Rules

WIFI

The following options are common between all SSIDs/VAPs on the same wireless card.


Persist common settings:

 Enabling this preserves the common wireless configuration through interface deletions and reassignments.

Standard:

 The wireless standard to use for clients, such as 802.11g or 802.11b. Only the options supported by the installed card are displayed. 802.11g OFDM Protection Mode: For IEEE 802.11g, use the specified technique for protecting OFDM frames in a mixed 11b/11g network. May be left off in the network is not mixed.

Transmit power:

 Controls the output (transmit) power of the card. Typically only a few discrete power settings are available and the driver will use the setting closest to the specified value. 
 Not all adapters support changing the transmit power setting, and it may be limited by local regulations.

Channel:

 A list of channels supported by the installed wireless adapter, displayed in the following format: wireless standards - channel # (frequency @ max TX power / TX power allowed in reg. domain) 
 When running an access point, it is best to explicitly set a channel. Do not leave this on Auto!

Antenna settings:

 Diversity: Switch off and on the use of antenna diversity (normally only used if two antennas are connected), to allow both antenna to be used for both transmit and receive.
 Transmit/Receive Antenna: Allows manually specifying which antenna should be used to transmit and which is used to receive. The numbers may not line up with the numbers noted on the physical adapter.

Distance setting:

 This field can be used to tune ACK/CTS timers to fit the distance between AP and Client. It is measured in Meters and works only for Atheros based cards.

Regulatory settings:

 Specifies the locality in which the card is used, so that the card will comply with local laws and regulations for radio signals. Use of some channels and behaviors (such as the use of 802.11n) 
 requires an appropriate Regulatory Domain to be configured.

Regulatory domain:

 The governing body that controls transmission regulations in the region where the firewall is deployed, such as the FCC or ETSI.

Country:

 The country code and regulatory domain in which the card is used. Any country setting other than "Default" will override the regulatory domain setting.

Location:

 The physical location of the device. It's Indoor by default. Some regulatory bodies have different rules for Indoor vs Outdoor use.

News Release of Vulnerable Devices

There is a lo of news, which discloses the danger of vulnerable codes.

The first example shows centralized controller of a company exploited by attackers remotely.

Figure3.png


The second example shows web camera utilized by remote attackers.

[http://www.ettoday.net/news/20130312/173690.htm. ]

Research of HP indicates that 70% of IoT devices are vulnerable to attacks.

[http://www.achrnews.com/articles/127485-aug-28-2014-study-says-70-percent-of-internet-of-things-devices-vulnerable-to-attack ]

There is much more news about the threats of vulnerable software and devices.


Log

To trace potential problems and attacks, the MatrixShield Series provide logs, which could be viewed as diagrams and exported to syslog format. If necessary, generated logs could be used as forensic data.

The system would automatically analyze some useful data for users, for example, the origin of attacking countries, types of attacks, severity of attacks, etc. The logs are supported to be transferred to other machines.

Sample diagram to show TIFF log is as follows.

Log-NSIP.png
Log2.png
Log3.png

The MatrixShield Series provide diagram for other defending mechanisms like firewall as well.

Sample diagram to show log is as follows.

Log-Firewall.png

Future Release

In the near future, we will have advanced series with better computing performance. The new features will include malicious software detection and content filtering. Further complex detecting rules will be included in new versions as well.