What is Plume Guard?
When enabled, Plume Guard protects your network by preventing access to malicious websites that can harm the devices on your network, without impacting the performance of your browsing experience. There are three components to Guard:
|
- Guard events can be accessed from the Home screen.
- The Guard events screen lets you view the last 30 days of events and can be filtered at the network, profile level, and based on timeframe (24 hours, 7 days, 30 days).
- Network level Guard settings can also be accessed from the App settings screen.
Online Protection
Online protection uses a constantly updating database of websites known to contain:
- Malware and Botnets
- Phishing and fraud
- Spyware and Adware,
- Spam URLs
- Keyloggers and monitoring
- Proxy avoidance and Anonymizers.
NOTE: Online Protection and Adblocking can be set at the device or person level.
Outbound IP Protection and Intrusion Prevention
In addition to protecting the network based on DNS lookups, Online Protection also has another feature that protects devices from connecting to harmful IP addresses.
This feature blocks both incoming (Intrusion Protection) and outbound (Outbound Protection) device connections to known harmful IP addresses.
Outbound IP Protection and Intrusion Prevention is enabled by turning on Online Protection as long as you have compatible hardware with the proper firmware connected as the gateway node.
Managing Security Events
Tapping on Guarding Home brings up a list with a graphic showing all blocked events.
The list contains 30 days worth of data and the tapping on the graphic will highlight the number of events during that day.
You can also filter by the type of event.
- A brief description under each event provides more information on why it was blocked and which device was trying to access it.
- Tapping an event in the list gives you the option of unblocking that domain.
- Depending on the level it is was blocked at, you are given the option to unblock it for the person, device, or everyone.
- UP to 50 entries in total can be manually whitelisted.
Advanced IoT™ Protection
Advanced IoT™ protection studies device behavior.
The cloud knows which domains supported smart home devices are supposed to regularly access. If the supported device tries to access a previously unknown domain, it is immediately quarantined and a notification is sent to the user.
While in quarantine the device will maintain internet connectivity, but will be placed in the Internet Only zone so it cannot infect other local network devices.
- Once the device is blocked, a message will appear below it, indicating that it has been restricted to Internet Only access.
- Tapping on the device brings up further details on why it was blocked, including the URL it was trying to access. A link in the description allows the users to search the web for more information from the manufacturer.
- The user has the choice to remove the device or quarantine the device for an hour so it can be tested.
- If the event is due to a recent firmware update or feature update on the device that now requires access to a previously unknown domain, the device can be unquarantined permanently.
Enabling Remote Access Protection
When enabled, Remote Access Protection automatically monitors incoming connections into the home.
From the Guard settings, Remote Access Protection can be enabled at 2 different levels:
- Block only high-risk incoming connections.
- Block all incoming connections.
Remote Access Protection Notifications
You are notified to review the blocked incoming connection.
The notification varies slightly depending on the level of Remote Access Protection set.
Approving a Connection
Once a Remote Access Protection event occurs, expand the event to the details, including the IP of the server attempting to connect. There are two immediate options available to allow the connection:
- Approve connection - Used to approve the connection of that specific IP to that device.
- Approve all connections - Used to approve all remote connections to that device. This is typically used for online gaming where multiple connections are needed.
Once chosen a secondary option will then be chosen:
- Approve until end of day
- Approve for 30 days
Approved connections are added to the Approved list in Guard and are automatically removed at the end of the chosen period.
Adblocking
Enabled at the network, person, or device level.
Adblocking blocks known advertising servers, although the websites will continue to be displayed without certain ads.
Manually Approving Content
You can approve (whitelist) domains or IP Addresses the have been blocked by Content Access, Online Protection, or Ad Blocking if you are the account owner or if you have been granted Admin status on your Plume network. Up to 50 entries in total can be manually approved for each location. These can be applied at the network, person, or device level.
Device level settings supersede person and network level settings.
Tapping on Manage security events in the person, device or Guard pages, lets you manually approve a blocked site from the Protected list or enter in a specific domain or IP address in the Approve list.
NOTE: IP Addresses can only be approved if Outbound IP Protection and Intrusion Prevention has been enabled.
Manually Blocking Content
Admins can manually block (blacklist) domains or IP Addresses that have not been blocked by Content Access, Online Protection, or Ad Blocking. Up to 50 entries can be manually blocked in total.
Device level settings supersede person settings which supersede network level settings.
Tapping on Manage security events in the person, device, or Guard pages, lets you manually block a specific domain or IP address by entering it in the Block list.
NOTE: IP Addresses can be only blocked if Outbound IP Protection and Intrusion Prevention has been enabled.
Privacy Mode
- Turning on Privacy Mode turns off all DNS sampling. There is also an option to delete the security event history.
- Enabling this mode will disable all Guard and Content Access features.
- Device typing accuracy will also be impacted by turning the feature on.