Chapter 17 Reputation Filter
USG FLEX H Series User’s Guide
275
Negative
Reputation
These are sites that have bad reputation and associate with suspicious activities, such as
spam, virus, and/or phishing.
Scanners These are sites that run unauthorized system vulnerabilities scan to look for vulnerabilities in
website visitors’ devices.
Spam Sources These are sites that have been promoted through spam techniques.
TOR Proxies These are sites that act as the exit nodes in a Tor (The Onion Router) network.
Tor is a service that keep users anonymous in the Internet and make users’ Internet activities
untraceable. Tor hides user’s real IP addresses by encrypting data and transmitting the
encrypted data in a chain of selected nodes acting as intermediaries. Each node can only
decrypt the data sent from the node before it. The first node that receives the encrypted
data is called the entry node. The last node is the last intermediary that the encrypted data
will go through before it arrives at the destination.
Web Attacks These are sites that launch web attacks, such as SQL injection, cross site scripting, iframe
injection, and brute force attack.
SQL injection (SQLI) is an attack that attackers insert malicious SQL (Structured Query
Language) code into a web application database query. Attackers can then access, add,
modify, or delete data in users’ databases.
Cross site scripting (XSS) is an attack that attackers injects malicious scripts to websites or
web applications in the form of HTML or JavaScript code. The scripts execute when users
visit the infected web page or perform the infected web applications. XSS will cause failures
to encrypt traffic, cookie stealing, identity impersonation, and phishing.
Iframe injection is an attack that attackers injects malicious iframe (inline frame) tags to
websites. The malicious iframe tag downloads malware to the devices of the infected
websites’ visitors, and steal users’ sensitive information. An iframe tag is an HTML tag that is
used to embed contents from another source in a website, but attackers misuse this feature.
Brute force attack is an attack that attackers attempt to gain access to websites or device
via a succession of different passwords.
Phishing These are sites that are used for deceptive or fraudulent purposes (e.g. phishing), such as
stealing financial or other user account information. These sites are most often designed to
appear as legitimate sites in order to mislead users into entering their credentials.
Types of Cyber
Threats Coming From
The Internet And
Local Networks
These are packets that come from or go to the Internet and local networks and are known
to pose a security threat to users or their computers.
Botnets A botnet is a network consisting of computers that are infected with malware and remotely
controlled. The infected computers will contact and wait for instructions from a command
and control (C&C) server. An attacker can control the botnet by setting up a C&C server
and then sending commands to the infected computers. Alternatively, a peer-to-peer
network approach is used. The infected computer scans and communicates with the peer
devices in the same botnet to share commands or malware sent by the C&C server. These
are botnet sites including command-and-control (C&C) servers.
Test IP Threat Category
IP to test Enter an IPv4 address of a website, and click the Query button to check if the website
associates with suspicious activities that could pose a security threat to users or their
computers.
Apply Click Apply to save your changes.
Reset Click Reset to return the screen to its last-saved settings.
Table 137 Security Service > Reputation Filter > IP Reputation
LABEL DESCRIPTION
To Next Page
Loading...
