fbpx

Use Case: Automating Firewall Management – Microsoft Office 365 Cloud Access

 

BackBox Use Case

Over the last few years, more and more organizations are migrating to cloud services replacing on premise solutions. CRM, Storage, Messaging and Collaboration are just a few examples for services that are popular in the public cloud.

One of the largest service providers is Microsoft offering a wide range of services and applications including:

  • Mail

  • Calendar

  • SharePoint

  • One Drive

  • Skype

  • Office

  • Teams

  • And many more

The Challenge:

Security administrators are challenged with the task of allowing access to these services and need to be able to both configure the security policy to support connectivity and be able to monitor the access.

The challenge is even greater when some of these services are not supported by the major proxy and content filters and specific access rules need to be deployed to bypass the proxy servers.

Microsoft, as a service provider, regularly publishes a list of the IP V4 addresses, IP V6 addresses, FQDN’s and URLs in order to help organizations build the appropriate access policy. The current list consists of 670 IP V4 addresses, 386 IP V6 addresses and 667 FQDNs and URLs.

The Automated BackBox Solution:

Given the ability of BackBox to import and parse the XML list from Microsoft, and the existing communication between the BackBox server and the Firewall Management, BackBox provides the ability to complete the task of populating the Firewall Management with all the required elements to build the accurate security policy.

BackBox will not only automate the process of creating these elements but also build them within the Firewall Management platform in a granular grouping manner, allowing the Security Administrator to build the policy based on the corporate usage of the different applications.

Unless automated, the task of creating all these network nodes in the firewall management solution and maintaining new updates is both prone to human error and very time consuming. On average, creating a single element in a Firewall Management system will take no more than a few seconds. However, creating over 1,700 of them will take many hours if not days, and introduces significant risk associated with human error. In addition, with every new update from Microsoft, the challenge exists in understanding which elements were added.

EXAMPLE:

<product name="SPO">
<addresslist type="URL">
<address>*.log.optimizely.com</address><address>*.sharepoint.com</address><address>*-files.sharepoint.com</address><address>*-my.sharepoint.com</address><address>*-myfiles.sharepoint.com</address><address>*.sharepointonline.com</address><address>*.svc.ms</address><address>*.search.production.us.trafficmanager.net</address><address>*.search.production.emea.trafficmanager.net</address><address>*.search.production.apac.trafficmanager.net</address><address>accounts.accesscontrol.windows.net</address><address>admin.onedrive.com</address><address>cdn.sharepointonline.com</address><address>click.email.microsoftonline.com</address><address>g.live.com</address><address>login.microsoftonline.com</address><address>Mobile.pipe.aria.microsoft.com</address><address>nexus.officeapps.live.com</address><address>officeclient.microsoft.com</address><address>odc.officeapps.live.com</address><address>Oneclient.sfx.ms</address><address>privatecdn.sharepointonline.com</address><address>prod.msocdn.com</address><address>provisioningapi.microsoftonline.com</address><address>publiccdn.sharepointonline.com</address><address>skydrive.wns.windows.com</address><address>spoprod-a.akamaihd.net</address><address>static.sharepointonline.com</address><address>ssw.live.com</address><address>storage.live.com</address><address>storage.live.com</address><address>watson.telemetry.microsoft.com</address></addresslist>

<addresslist type="IPv6">
<address>2620:1ec:a92::150/128</address><address>2620:1ec:4::150/128</address><address>2620:1ec:6::129/128</address><address>2a01:111:f402::/48</address><address>2801:80:1d0:1400::/54</address></addresslist>

<addresslist type="IPv4">
<address>13.107.6.150/31</address><address>13.107.6.168/32</address><address>13.107.9.150/31</address><address>13.107.9.168/32</address><address>40.108.0.0/19</address><address>40.108.128.0/17</address><address>52.104.0.0/14</address><address>104.146.0.0/19</address><address>104.146.128.0/17</address><address>134.170.200.0/21</address><address>134.170.208.0/21</address><address>191.232.0.0/23</address><address>191.235.0.0/20</address></addresslist></product>
 

BackBox Implementation of the Firewall Management Platform:

Group – BackBox_O365_NetworkObjects
Group – BackBox_O365_Net_Group_SPO_IPv4
Network Element – BackBox_O365_Net_Object_SPO_IPv4_13.107.6.168
Group – BackBox_O365_Net_Group_SPO_IPv6
Network Element – BackBox_O365_Net_Object_SPO_IPv6_2620:1ec:4::150/128

Group – BackBox_O365_URLS
Group – BackBox_O365_URL_Group_SPO
URL Element – BackBox_O365_URL_Object_SPO _*.sharepointonline.com

Within the BackBox Task Automation feature, automating the task for entering all the information provided by Microsoft (including over 1,700 element and dozens of groups) takes between 6-10 minutes. Organizations can now be rest assured that all access requirements to Microsoft cloud services are regularly maintained and accurate with minimal effort from the firewall administrators.

By | 2019-02-10T05:37:19+00:00 July 11th, 2018|Blog, Product, Use Case Series|

USERS

Need help? BackBox Engineers are standing by.
SUPPORT PORTAL

PARTNERS

Possible opportunity? Register new deals here.
PARTNER PORTAL

EVERYONE

Looking for something else? Contact us.
CONTACT US