If you are using Barracuda Forensics & Incident Response and want to evaluate how it integrates with Barracuda Content Shield (BCS), follow this guide for basic configuration. For more about options to configure in BCS, see Barracuda Content Shield Overview. To convert your BCS free trial to a licensed subscription, see Converting Your Trial Subscription to a Valid License.
Step 1. Configure BCS DNS Based Filtering
The first step is to register your egress IP address with BCS. If you are unsure of your egress IP address, you can use a site like whatismyip.com to determine what it is. Navigate to the DNS filtering page using the left navigation menu and select ADD LOCATION. Follow steps in the wizard to complete adding the location.
Configure the IP address, either automatically or manually, in the Getting Started screen as shown below:
- Use the Manual setting if your ISP provides a static IP address that does not change. Click Start, and follow the prompts in the wizard.
- Use the Automatic setting if your ISP provides a dynamic IP address. Click Start, and follow the prompts in the wizard. In this case, you must install the Dynamic IP updater on a single machine that permanently resides within the environment. This allows the BCS service to be updated automatically when your IP address changes. The final step of the wizard provides links to download the Dynamic IP updater and installer key.
See How to Configure DNS Filtering Policies for details.
Step 2. Create Filtering Policies to Work With Barracuda Forensics & Incident Response
- In the Add Location screen of the wizard as shown below, in the Category Policy drop-down, select Custom. This clears all categories.
- Next, select the following categories from the Security section as the default policy to integrate with your Barracuda Forensics & Incident Response service. Then click Next.
- Malicious Sites
- Phishing & Fraud
- Suspicious Sites
See How to Configure DNS Filtering Policies for more information.
- After you click Next, you have the opportunity to create any block or allow exceptions to your category policy. You can block or allow specific domains (ex: google.com) or subdomains (ex: mail.google.com). There is no need to specify protocols like HTTP or leading with www. Exceptions take precedence over category policies and can be set to block or allow.
- The final step shows the DNS servers, as shown below, that you will provide to all of the clients on the network being filtered. Barracuda recommends initially setting these DNS servers manually on the systems you are going to test policy with. After you are satisfied with your policy, these DNS servers can be added to your DHCP server, which can then pass out connecting to your network. Or, if you have your own internal DNS server, you can set that up as a conditional forwarder. This allows your DNS server to resolve any internal resources and forward any requests to the BCS service for external resources and filtering based on your set policy. See How to Configure Barracuda DNS Nameservers for Barracuda Content Shield for details.
How Barracuda Forensics & Incident Response Can Automatically Update your BCS Policies
After you have performed this basic configuration of your BCS account, you can set Barracuda Forensics & Incident Response to trigger new DNS filtering exceptions when it detects links in emails that were identified as part of an incident. The Barracuda Forensics & Incident Response wizard includes a section where the administrator can choose to block all user web traffic for domains contained in these links as part of incident remediation. For BCS, this means that new exceptions to block web traffic for these domains will be created for every DNS location configured on the DNS Filtering page.
Step 3. Evaluate Agent-Based Protection at the Endpoint
As stated above, to provide DNS-based filtering for clients that are outside of the network, you must install the Barracuda Content Shield (BCS) Suite on endpoint computers. The suite is an agent that can enable the BCS Plus features on endpoints, including Advanced Filtering Policies. For more information, see Barracuda Content Shield Suite 30 Day Evaluation Setup.