Skip to main content
How do I configure my BTnet Security settings? | BT Business
not-authored-help-and-support

How do I configure my BTnet Security settings?

If you’ve chosen the BTnet Security optional extra, you can update your settings using the BTnet Security settings form.

BTnet Security comes ready with settings to suit many customers, which are shown in green below.

To help you select the right BTnet Security service for your business, simply use the information below when filling in the form.

Want to add BTnet Security? Contact your account manager or view the BTnet page

 

Security Option

Description

Available Settings

Default option shown in
bold green

Layer 3 Firewall

Outbound rules

You can create custom rules for outbound traffic if you want, these would be added manually. You would need to tell us the protocol, source, source port, destination, destination port information and whether you want to allow/deny that access.

No default settings, custom config on request

Security appliance services

ICMP ping is enabled for any remote IP addresses by default. But you can change this and specify only specific IP addresses if you would prefer.

Any

Layer 7 Firewall

Firewall rules

This allows you to block pre-defined categories of applications. There is then the ability to block everything for that category or be more specific by domain name, IP, port, hostname or country. Available categories are shown below:

  • Blogging
  • Email
  • File Sharing
  • Gaming
  • News
  • Online backup
  • Peer-to-peer (P2P)
  • Social web & photo sharing
  • Sports
  • Video & music
  • VoIP & video conferencing
  • Web file sharing
  • Software & anti-virus updates
  • Security
  • Productivity
  • Remote monitoring & management
  • Business management
  • Health care
  • Web payments
  • Databases & cloud services
  • Advertising
  • HTTP hostname....
  • Port...
  • Remote IP range...
  • Remote IP range & port....

The default categories we have blocked are below, but you can add more from the list shown if you like.

  • Peer-to-peer (P2P) all
  • Web file sharing all

Advanced Malware Protection (AMP)

Mode

AMP protects you against malware and we don’t expect you’d ever want to turn it off. However, you can do so if you wish.
  • Enabled
  • Disabled

Whitelisted URLS

In case you need to whitelist certain URL’s from being scanned by the AMP system.

Add manually on request

Whitelisted Files

In case you need to whitelist certain files from being scanned by the AMP system.

Add manually on request

Intrusion Detection and Prevention

Mode

Switch between detection and prevention settings. BT recommends this is always kept on to protect against known threats and patterns. You can change it to detection only if you would prefer.
  • Detection
  • Prevention
  • Disabled

Ruleset

Allows you to configure how the intrusion detection and prevention operates, depending on how strict you would like it to be. There are 3 available modes, with the middle ‘balanced’ setting being our recommended default:
Connectivity:  Contains rules from the current year and the previous two years for vulnerabilities with a CVSS score of 10.
Balanced:  Contains rules that are from the current year and the previous two years, are for vulnerabilities with a CVSS score of 9 or greater, and are in one of the following categories:

  • Malware-CNC:  Rules for known malicious command and control activity for identified botnet traffic. This includes call home, downloading of dropped files, and ex-filtration of data.
  • Blacklist:  Rules for URIs, user agents, DNS hostnames, and IP addresses that have been determined to be indicators of malicious activity
  • SQL Injection:  Rules that are designed to detect SQL Injection attempts.
  • Exploit-kit:  Rules that are designed to detect exploit kit activity.

Security:  Contains rules that are from the current year and the previous three years, are for vulnerabilities with a CVSS score of 8 or greater, and are in one of the following categories:

  • Malware-CNC:  Rules for known malicious command and control activity for identified botnet traffic. This includes call home, downloading of dropped files, and ex-filtration of data.
  • Blacklist:  Rules for URIs, user agents, DNS hostnames, and IP addresses that have been determined to be indicators of malicious activity
  • SQL Injection:  Rules that are designed to detect SQL Injection attempts.
  • Exploit-kit:  Rules that are designed to detect exploit kit activity.
  • App-detect:  Rules that look for and control the traffic of certain applications that generate network activity.
  • Connectivity
  • Balanced
  • Security

Whitelisted Rules

To allow certain rules related to the intrusion detection and prevention system.

Add manually on request

Content Filtering

Blocked category selection

Content can be blocked by category to protect your users and stop certain sites being accessed There is a very wide range of categories available to choose from and we have defaulted to the list shown which we feel will be useful to most businesses as a starter. If you would like to add any more then please let us know.

The available categories include (subject to change):

  • Abortion
  • Abused Drugs
  • Adult and Pornography
  • Alcohol and Tobacco
  • Auctions
  • Bot Nets
  • Cheating (academic)
  • Computer and Internet info
  • Computer and Internet security
  • Confirmed SPAM sources
  • Content Delivery Networks
  • Cult and Occult
  • Dating
  • Dynamically Generated Content
  • Educational Institutions
  • Entertainment and Arts
  • Fashion and Beauty
  • Financial Services
  • Gambling
  • Games
  • Government
  • Gross
  • Hacking
  • Hate and Racism
  • Health and Medicine
  • Home and Garden
  • Hunting and Fishing
  • Illegal
  • Image and Video search
  • Individual Stock advice and tools
  • Internet communications
  • Internet Portals
  • Job Search
  • Keyloggers and monitoring
  • Kids
  • Legal
  • Local information
  • Malware sites
  • Marijuana
  • Military
  • Motor vehicles
  • Music
  • News and Media
  • Nudity
  • Online Greeting cards
  • Open HTTP proxies
  • Parked domains
  • Pay to surf
  • Peer to Peer
  • Personal storage
  • Personal sites and Blogs
  • Philosophy and Political advocacy
  • Phishing and Other Frauds
  • Proxy avoidance and anonymizers
  • Questionable
  • Real estate
  • Recreation and hobbies
  • Reference and research
  • Religion
  • SPAM URL’s
  • Search engines
  • Sex education
  • Shareware and Freeware
  • Shopping
  • Social networking
  • Society
  • Sports
  • Spyware and Adware
  • Streaming media
  • Swimsuits & intimate apparel
  • Training and tools
  • Translation
  • Travel
  • Unconfirmed SPAM sources
  • Violence
  • Weapons
  • Web advertisements
  • Web hosting
  • Web based email

The following categories are BLOCKED by default:

  • Adult and Pornography
  • Bot Nets
  • Confirmed SPAM sources
  • Gross
  • Hacking
  • Hate and Racism
  • Illegal
  • Keyloggers and Monitoring
  • Malware Sites
  • Nudity
  • Parked Domains
  • Peer to Peer (P2P)
  • Phishing and Other Frauds
  • Proxy Avoid and Anonymizers
  • SPAM URLs
  • Spyware and Adware

 

URL list size

Block the full list of sites in each category, or just the ‘top sites’
  • Full list
  • Top sites

URL blocking - Blocked patterns

In case you need to blacklist certain sites which would otherwise be allowed by the content filtering controls active.

Add manually on request

URL blocking whitelist

In case you need to whitelist certain sites which would otherwise be blocked by the content filtering controls active.

Add manually on request

The available configuration options are subject to change and will be updated here where applicable. Please see www.bt.com/terms for the BTnet Security service schedule and Terms and Conditions.

More help with configuring your BTnet service

How do I configure Wi-Fi and Guest Wi-Fi settings for BTnet?

How do I configure LAN settings for BTnet?

Did this help?

Additional support