Internet Security Systems Desktop Protector manual
- Ver online ou baixar oubaixar o manual
- 126 páginas
- 1.15 mb
Ir para a página of
Manuais similares
-
Computer Hardware
Internet Security Systems 3.5
126 páginas 1.15 mb -
Car Stereo System
Internet Security Systems GX5108
2 páginas 0.74 mb -
Network Card
Internet Security Systems MX1004
2 páginas 0.19 mb -
Computer Hardware
Internet Security Systems Desktop Protector
126 páginas 1.15 mb -
Switch
Internet Security Systems PROVENTIA GX5108
2 páginas 0.78 mb
Bom manual de uso
As regras impõem ao revendedor a obrigação de fornecer ao comprador o manual com o produto Internet Security Systems Desktop Protector. A falta de manual ou informações incorretas fornecidas ao consumidor são a base de uma queixa por não conformidade do produto com o contrato. De acordo com a lei, pode anexar o manual em uma outra forma de que em papel, o que é frequentemente utilizado, anexando uma forma gráfica ou manual electrónicoInternet Security Systems Desktop Protector vídeos instrutivos para os usuários. A condição é uma forma legível e compreensível.
O que é a instrução?
A palavra vem do latim "Instructio" ou instruir. Portanto, no manual Internet Security Systems Desktop Protector você pode encontrar uma descrição das fases do processo. O objetivo do manual é instruir, facilitar o arranque, a utilização do equipamento ou a execução de determinadas tarefas. O manual é uma coleção de informações sobre o objeto / serviço, um guia.
Infelizmente, pequenos usuários tomam o tempo para ler o manual Internet Security Systems Desktop Protector, e um bom manual não só permite conhecer uma série de funcionalidades adicionais do dispositivo, mas evita a formação da maioria das falhas.
Então, o que deve conter o manual perfeito?
Primeiro, o manual Internet Security Systems Desktop Protector deve conte:
- dados técnicos do dispositivo Internet Security Systems Desktop Protector
- nome do fabricante e ano de fabricação do dispositivo Internet Security Systems Desktop Protector
- instruções de utilização, regulação e manutenção do dispositivo Internet Security Systems Desktop Protector
- sinais de segurança e certificados que comprovam a conformidade com as normas pertinentes
Por que você não ler manuais?
Normalmente, isso é devido à falta de tempo e à certeza quanto à funcionalidade específica do dispositivo adquirido. Infelizmente, a mesma ligação e o arranque Internet Security Systems Desktop Protector não são suficientes. O manual contém uma série de orientações sobre funcionalidades específicas, a segurança, os métodos de manutenção (mesmo sobre produtos que devem ser usados), possíveis defeitos Internet Security Systems Desktop Protector e formas de resolver problemas comuns durante o uso. No final, no manual podemos encontrar as coordenadas do serviço Internet Security Systems na ausência da eficácia das soluções propostas. Atualmente, muito apreciados são manuais na forma de animações interessantes e vídeos de instrução que de uma forma melhor do que o o folheto falam ao usuário. Este tipo de manual é a chance que o usuário percorrer todo o vídeo instrutivo, sem ignorar especificações e descrições técnicas complicadas Internet Security Systems Desktop Protector, como para a versão papel.
Por que ler manuais?
Primeiro de tudo, contem a resposta sobre a construção, as possibilidades do dispositivo Internet Security Systems Desktop Protector, uso dos acessórios individuais e uma gama de informações para desfrutar plenamente todos os recursos e facilidades.
Após a compra bem sucedida de um equipamento / dispositivo, é bom ter um momento para se familiarizar com cada parte do manual Internet Security Systems Desktop Protector. Atualmente, são cuidadosamente preparados e traduzidos para sejam não só compreensíveis para os usuários, mas para cumprir a sua função básica de informação
Índice do manual
-
Página 1
TM Desktop Pr otector User Guide Ve r s i o n 3 . 5[...]
-
Página 2
Internet Security Systems, Inc. 6303 Barfiel d Road Atlanta, Georgi a 30328-4233 United States (404) 236 -2600 http://www.iss.net © Internet Securit y Systems, Inc. 1999 -2002. All right s reserv ed worldwide. Customers may make r easonable n umbers of copies of this publica tion for inte rnal use only . This public ation may no t otherwise be cop[...]
-
Página 3
iii Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v Convention s Used in this Guide . . . . . . . . . [...]
-
Página 4
iv Contents Appendix A : Operat ing Ta bs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 The Events T ab . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]
-
Página 5
v Preface Overview Introd uction This guide is designed to help you us e RealSecure Desktop Pr otector to protect your local system and yo ur network from unwanted intru sions. Scope This guide describes the features of RealSecure Desktop Protector and shows you how to use them. ● Chapter 1 explains how D esktop Protector protects your local syst[...]
-
Página 6
Pref ace vi Rela ted pub lica tio ns The following documents ar e available for download fr om the Internet Security Systems We b s i t e a t www.iss .net . ● For informati on about working wi th RealSecure Deskt op Protector on a corporate network, see the RealSecure ICEcap Manager User Guide. ● For answers to questio ns about Desk top Protect[...]
-
Página 7
Conventions Used in this Guide vii Conventions Used in this Guide Introd uction Thi s topic explain s the typogr aphic conventio ns used in th is guide to make informati on in procedur es and commands easier to r ecognize. In pro cedures The typographic conventions used in pr ocedures ar e sh own in the following table: Command conventions The typo[...]
-
Página 8
Pref ace viii Getting T echnica l Support Introd uction IS S provides technical support through its W eb site and by email or telepho ne. The ISS We b site The Internet Security Systems (ISS) Res ource Center W eb site ( http:// www.i ss.net / suppor t/ ) provides dir ect access to much of the information you need. Y ou can find frequently asked qu[...]
-
Página 9
1 Chapter 1 Intr oduction to RealSecure Desktop Protector Overview Introd uction Rea lSecure Desktop Protector is a comprehensive security solutio n that helps you protect your system a nd your network from the fol lowing: ● theft of passwords, credit card information, person al files and mo re ● computer downtime and system crash es ● hacker[...]
-
Página 10
Chapter 1: Introd uction to Real Secur e Desktop Protec tor 2 inbound and outbound tra ffic on your system for suspiciou s activity . Desktop Protector blocks unautho rized activity wit hout affecting normal traffic. Intrus ion de tection RealSecure Desktop Protector contains an int rusion detection system that alerts you to attacks and blocks thre[...]
-
Página 11
Protectio n Levels 3 Pro tecti on Leve ls Introd uction Protection levels are pr e-designed sets of security settings developed for dif ferent types of W eb us e. Y ou can cho ose to have Desktop Protector block all communications wi th your system, some communications with your system, or no communications with your system. Y ou can change protect[...]
-
Página 12
Chapter 1: Introd uction to Real Secur e Desktop Protec tor 4 Adapti ve Protection Introd uction A daptive Protection automatically adapts each agent's security level according to the type of network connectio n it is using. For example, you can set Ada ptive Pr otection to use a more r estrictive security level when users are logged on over a[...]
-
Página 13
The Desktop Protecto r Firewall 5 The Desktop Protector Firewall Introd uction Desk top Protector automa tically stops mos t intrusions according to the protection level you have chos en, but you still may n otice activity that is n't explicitly block ed. Y ou can configure the Desktop Pr otector firewall to incr ease your protection. Y ou can[...]
-
Página 14
Chapter 1: Introd uction to Real Secur e Desktop Protec tor 6 Applic ation P rot ection Introd uction BlackICE protects your computer from unknown applications and from applications connecting to a network , such as the Internet. How the baseline works First, BlackICE creates a baseline record (also known as a checksum) of the applicati ons install[...]
-
Página 15
Application Cont rol 7 Applic atio n Cont rol Introd uction Rea lSecure Desktop Protector lets you cont r ol whic h applications and related processes can r un on you r syst em. So metime s a p rogr am may be in stall ed on y our sy stem withou t your knowledge. Many of th ese pr ograms are useful or harmless. However , some of these programs can p[...]
-
Página 16
Chapter 1: Introd uction to Real Secur e Desktop Protec tor 8 Communica tions Control Introd uction T o reduce security risks fr om po tential “ Tr o j a n h o r s e ” applications on you r system, RealSecur e Desktop Protector lets you choose which applicatio ns or pr ocesses can access a network, such a s the Internet or a local area network.[...]
-
Página 17
Desktop Pr otector Alert s 9 Desktop Protector Alerts Introd uction Y our dynamic firewall handles most al erts for you, but you can take ad ditional steps to make its responses even more effective. The information in this topic may help you determine which events merit your attention . Severity levels Some network events ar e more dan gerous than [...]
-
Página 18
Chapter 1: Introd uction to Real Secur e Desktop Protec tor 10 Response levels Desktop Protector r e ports how it respo nded to each event by showing a symbol. The symbol fo r a response can appea r two ways: ● as an icon beside the event ● as a m ark ove r the se verity level icon This table describes Des ktop Protector response level icons an[...]
-
Página 19
Col lect ing In form at ion 11 Collect ing Information Introd uction Wh en an intruder attempts to break into your system, R ealSecure Desktop Protector can track the intruder ’ s activities. Y ou can use this information to determin e what an intruder did to your comp uter . This section explains how to ga ther and use this informat ion. Back T [...]
-
Página 20
Chapter 1: Introd uction to Real Secur e Desktop Protec tor 12 Filtering Information Introd uction Y ou probably w on't need to inspect all the informatio n RealSecure Desktop Protector gathers abou t the Internet traffic that reaches your system. Y ou can use the co nfiguration tabs to control how much information app ears on the inform ation[...]
-
Página 21
13 Chapter 2 Using RealSecure Desktop Pr otector with ICEcap Manager Overview Introd uction Rea lSecure Desktop Protector interacts with the ICEcap ma nagement and reporting console to pr ovide enterprise-wide security monitoring and management. This chapter provides the backgr ound knowledge requir ed for setting up connections between Desktop Pro[...]
-
Página 22
Chap ter 2 : Us ing Re alSec ure De sktop Protecto r wit h ICEc ap Ma nager 14 How ICEcap Ma nager W orks W ith RealS ecure Desktop Pro tector Introd uction ICEcap Ma nager interacts with agents in two ways: ● Collecting a nd managing informati on. As each Re alSecure agent detects even ts, it forwar ds information about those event s to the ICEc[...]
-
Página 23
How ICEcap Manager Works With RealSecure Deskto p Protector 15 locally ins talled. Silent D esktop Protector installations are always completely ICEcap- controlled. For more in formation a bout silent agent installation s, see the RealSe cure ICEcap Manage r Use r Guide . This table summarizes the levels of control ICEcap Ma nager can exert over an[...]
-
Página 24
Chap ter 2 : Us ing Re alSec ure De sktop Protecto r wit h ICEc ap Ma nager 16 How ICEcap Ma nager Handles In format ion Introd uction T o help organi ze information, ICE cap Manager categori zes agents and the events they rep o r t i n t o accoun ts and groups . T o report an event, a RealSecur e agent must be ass igned to a gr oup withi n an ICEc[...]
-
Página 25
T r ansmitting D ata to I CEcap Manager 17 T r ansm itting Data to ICEca p Manager Introd uction Desk top Protector must be able to tra nsmit data a cr oss you r network to t he ICEcap server . Agents can repo rt to the ICEcap server by one of thr ee methods: ● over the Internet ● over a V irtual P rivate Netw ork ● through a proxy server Rep[...]
-
Página 26
Chap ter 2 : Us ing Re alSec ure De sktop Protecto r wit h ICEc ap Ma nager 18 Installi ng Desktop Protector Remot ely Introd uction In a ddition to mana ging event informa tion, ICEcap Manag er can install De sktop Protector software on remote systems. This can include systems with the Local Console or “ silent ” installatio ns that include on[...]
-
Página 27
Using ICEcap Manager to Control RealSecu re Agents 19 Using IC Ecap Ma nager to Con trol R ealSe cure Agen ts Introd uction ICE cap Manager mana ges agents by apply ing policies to groups of agents. Any configuratio n change made to a group is distributed to al l the members of that group. This reduces the effort r equired to support remotely insta[...]
-
Página 28
Chap ter 2 : Us ing Re alSec ure De sktop Protecto r wit h ICEc ap Ma nager 20[...]
-
Página 29
21 Chapter 3 Setting Up RealSecure Desktop Pro tector Overview Introd uction Thi s chapter provides instructions for in stalling and con figuring RealSecure Deskt op Protector locally . For informat ion about insta lling Desktop Protector from ICEcap Manager , see the RealSecur e ICEcap Manager User Guide . In this ch apter This chapter contai ns t[...]
-
Página 30
Chapter 3: Setting Up RealSec ure Desk top Pr otector 22 Instal ling Real Secure Deskt op Protector Introd uction Thi s topic gives instructio ns for installing D esktop Protector. Local or remote installation Y ou can install R ealSecure Desktop Protector locall y at your agent compu ter or r emotely from RealSecure ICEcap Man ager . In most cases[...]
-
Página 31
Installing RealSecure Desktop Protector 23 8. Read the End User Licen se Agreement. ■ If you accept the End User License Agr eement, click I Accept , and then go to Step 9 . ■ If you do not accept the End User License Agreement, click I De cline . The setup program exits. 9. Enter the license key pr ovided by your ICEcap admini strator . Each a[...]
-
Página 32
Chapter 3: Setting Up RealSec ure Desk top Pr otector 24 Stoppi ng Des ktop Protect or Introd uction Wh en you quit the Desktop Protector applicatio n, Desktop Protector does not stop monitorin g your system. T o stop Desktop Protector from monitoring for int rusions and to stop protecting your s ystem against u nknown or m odified applicatio ns, y[...]
-
Página 33
Stoppin g Desktop Protector 25 Stopping Desktop Protec tor fro m the control panel (W indows 2000 ) T o stop Deskto p Protector from the W indo ws 2000 cont rol panel: 1. Click Start Æ Settings Æ Control Panel . 2. Do uble-click Administrative T ool s . 3. Do uble-click Services . The Services window appears . 4. In the right pane, right-click Bl[...]
-
Página 34
Chapter 3: Setting Up RealSec ure Desk top Pr otector 26 Restarting Desk top Protector Introd uction Y ou can restart RealS ecur e Desktop P rotector after you have stopped it, or you can let Desktop Protector restart automa tically when you r estart yo ur computer . Note: Opening the Desktop Pro tector window does not make Deskto p Pr otector resu[...]
-
Página 35
Restarting Desktop Protector 27 3. Do uble-click Services . The Services window appears . 4. In the right pane, right-click Black ICE , and then s elect Start . Desktop Protector resumes monitoring incoming tra ffic. The r ed line disappear s fr om the Desktop Protector icon. 5. In the right pane, right-click RapApp , and then sele ct Start . Deskt[...]
-
Página 36
Chapter 3: Setting Up RealSec ure Desk top Pr otector 28 Uninstalli ng Desktop Protect or Introd uction Y ou can remove Desktop Protector from your computer us ing the W in dows Add/Re move Programs Utility or the Bla ckICE Agentremove utility . Impo rt ant: Use the agentre move .exe utility only if you are unable to remove Deskt op Protector thr o[...]
-
Página 37
Uninstalling Desktop Protector 29 7. Do you want to remove the remaining in trusion files and d elete the directory? ■ If yes , click Ye s . ■ If no , click No . 8. Click Fin ish . The system removes Desktop Protector f r om yo ur system. Uninstalling Desk top Protec tor using th e agentr emo ve.exe utility T o r emove Desk top Protector using [...]
-
Página 38
Chapter 3: Setting Up RealSec ure Desk top Pr otector 30[...]
-
Página 39
31 Chapter 4 Configuring RealSecure Desktop Pro tector Overview Introd uction Thi s chapter pr o vides the pro cedures to configure R ealSecure Desktop Pr otector for your specific conditions. These pr ocedures ar e designed to be performed in sequence. In this ch apter This chapter incl udes the following topics : To p i c P a g e Connectin g to I[...]
-
Página 40
Chapter 4 : Configuring RealS ecure D esktop Pr otector 32 Connecting to IC Ecap Manager Introd uction Rea lSecure Desktop Protector interacts with ICEcap Ma nager managemen t and reporting console to pr ovide enterprise-wide security monitoring and management. If ICEcap Manager appli cation has gran ted local control, you can use the ICEcap tab to[...]
-
Página 41
Connecting to ICE cap Manager 33 ■ OK: The local RealSecure agent is successfully exchanging information with ICEcap Manager . ■ Auth en tica tio n Fail ure : The agent may have an incorrect acco unt name or passwor d. Re-enter the a ccount, gr oup, and passwor d values and tes t again. If this erro r persists, check with your ICEcap administra[...]
-
Página 42
Chapter 4 : Configuring RealS ecure D esktop Pr otector 34 Setting Y our Protecti on Level Introd uction Protection levels are pr edesigned sets of security settings developed for differ ent types of W eb us e. Y ou can cho ose to have Desktop Protector block all communications wi th your system, some communications with your system, or no communic[...]
-
Página 43
Using A daptive Pr otection 35 Using Ad aptive Protecti on Y ou ca n set up your firewall to switch protection levels automa tically when it de tects a connection with a remote computer . T o do this, choose one of the procedures in this to pic. Setting adaptive protec tion from insi de th e corp orate network T o switch to the T rusting protection[...]
-
Página 44
Chapter 4 : Configuring RealS ecure D esktop Pr otector 36 Note: This can be a single static IP ad dress or a set of add r esse s that the con ference host provides. 6. Click OK . Y our firewall is configu r ed to sw itch to Cautious w hen you connect to yo ur corporate network from your remote location.[...]
-
Página 45
Blocki ng Intrusions 37 Blocking In trusions Introd uction Desk top Protector identifies and stops most intrusions accor ding to your preset protection level, but you may still notice activity that isn't explicitly blocked. This to pic explains how to handle int rusions from a particular address or intrusions th at use a particular protoc ol. [...]
-
Página 46
Chapter 4 : Configuring RealS ecure D esktop Pr otector 38 Blocking a Port If you don't have a specific in truder in mind but you are concerned about intrusion attempts usin g a particular internet protocol, yo u can block the port that protocol uses . Adding a port entry to your fir ewall ensures that no traf fic from any IP address can enter[...]
-
Página 47
T rusting I ntrud ers 39 T r usting Intruders Introd uction Wh en an address is trusted, Desk top Protector assum es all commu nication from that addres s is authorized and e xcludes the addres s from any intrusion detection. T rusting ensures that Desktop Protector does not block systems whose i ntrusions may be useful to you . Y ou ca n ch oose t[...]
-
Página 48
Chapter 4 : Configuring RealS ecure D esktop Pr otector 40 Ignoring Events Y ou ca n configure RealSecure Desktop Protector to ignore events that are not a threat to your syste m. Note: Ignoring an event is differ ent from tr usting an intruder . Ignoring disregar ds certain kinds of events. When an event type is ignored, Desktop Protector does not[...]
-
Página 49
Ignoring Events 41 For more in form at ion, se e “ The Prompts T ab ” on page 83.[...]
-
Página 50
Chapter 4 : Configuring RealS ecure D esktop Pr otector 42 W orking with the Appl icatio n Protectio n Baseli ne Introd uction Wh en you insta ll RealSecu re Desktop Protector, it creates a bas eline recor d (also known a s a checksum) of the applications insta lled on your computer . De sktop Protector uses this informatio n to prevent any unautho[...]
-
Página 51
Wor king with t he Application Pro tection Baseline 43 3. Repeat for every warning message that appears. The number of messages you see depends on ho w many files the appli cation runs. BlackI CE will not display the warning me ssages again unless the application cha nges. Build ing your baseline o ver time Desktop Protector can learn your applicat[...]
-
Página 52
Chapter 4 : Configuring RealS ecure D esktop Pr otector 44 Adding file types to the baselin e If you know of ap plication files o n your system that h ave differ ent extension s, you can add those extensions befor e crea ting your baseline. T o search fo r additional f ile types: 1. On the Des ktop Protector T ool s menu, select Advanced A pplicati[...]
-
Página 53
Wor king with t he Application Pro tection Baseline 45 Disabling Application Protec tion T o permanently prevent Desktop Protector fr om monitoring your system for unauthorized a pplications, follow this procedure: 1. On the T o ols menu, select Edi t BlackICE Settin gs , and then select the Applicatio n Control tab. 2. Clear Enable Applicat ion Pr[...]
-
Página 54
Chapter 4 : Configuring RealS ecure D esktop Pr otector 46 Configuring Co mmunications Co ntrol Introd uction Wh en you set your commun ications control prefere nces, you esta blish a rule for RealSecur e Desktop Pr otector to fo llow whenever an appl ication trie s to access a ne twork without yo ur approval. Y ou have the option of termina ting t[...]
-
Página 55
Configuring C ommunications Control 47 For more information about setting your Communications Control pr eferences, see “ The Communica tions C ontrol T ab ” on page 8 6.[...]
-
Página 56
Chapter 4 : Configuring RealS ecure D esktop Pr otector 48 Contr oll ing Even t Notif icat ion Introd uction Y ou m ay find that yo u want regular access to more or less inf ormation than R ealSecure Desktop Protector sh ows by defau lt. Y o u can use the Desktop Pr otector configuration t abs to control the followin g: ● how much informatio n ap[...]
-
Página 57
Cont rolli ng Ev ent No tifi cati on 49 4. Click OK . For more information about setting your notification pref erences, see “ The Notifications Ta b ” on page 81 . Freezi ng the Ev ents list Freezing the Events lis t stops Desktop Protector from refreshing the tab informatio n until you unfreeze it. However , freezing does not stop the m onito[...]
-
Página 58
Chapter 4 : Configuring RealS ecure D esktop Pr otector 50 Back T racing Introd uction Rea lSecure Desktop Protector can track an intruder ’ s activities to help yo u determine what an intruder did to your computer . This topic explains h ow to gather and use this informatio n. How does back tracing wor k? Back tracing is the process of tracing a[...]
-
Página 59
Back T racing 51 want as much inf ormation about the intruder as possible. However , intruders can detect and block a dir ect trace. Wher e is the back tracing information? Back tracing in formation appears in two places: ● in the informatio n pane of the Intruder tab ● in standard text files in the Hosts folder in the dir ecto ry where Desktop[...]
-
Página 60
Chapter 4 : Configuring RealS ecure D esktop Pr otector 52 Collecting Evidence Files Introd uction Rea lSecure Desktop Protector can capture network traffic attributed to an intrusion and place that information into an evidence file. Desktop Pr otector captures and deco des each packet coming into the system, so it ca n generate files that contain [...]
-
Página 61
Collecting Evidence Files 53 3. Click OK . For more information about setting yo ur evidence logging preferences, see “ The Evidence Log T ab ” on page 74.[...]
-
Página 62
Chapter 4 : Configuring RealS ecure D esktop Pr otector 54 Collecting Packet Logs Introd uction Pa cket logging records all the packets that ent er your system. This can be usef ul if you need more detailed info rmation than evidence logs contain. Where are my packet log files? Desktop Protector packet log files ar e stored in the installation dire[...]
-
Página 63
Collectin g Packet Logs 55 For more information about choosing your packet logg ing settings, see “ The Packet Log Ta b ” on page 72 .[...]
-
Página 64
Chapter 4 : Configuring RealS ecure D esktop Pr otector 56 Responding to Application Protection Alerts Introd uction Prog rams can star t withou t your knowl edge. T he Appli cation Pr otecti on com ponent may be triggered when you start a new program through the Star t menu or by clicking a shortcut, but it may a lso be triggered by a pr ogram tha[...]
-
Página 65
Exporting Desktop Protecto r Data 57 Exportin g Deskto p Protector Data Introd uction Y ou m ay want to export RealSecure Desktop Protector data into a spreadsheet pr ogram or word pr ocessor to lo ok at the intrusion a ctivity on your system. Proce dure To e x p o r t d a t a : 1. Copy or cut th e selected information to place it on the clipboard.[...]
-
Página 66
Chapter 4 : Configuring RealS ecure D esktop Pr otector 58[...]
-
Página 67
TM Appendixes[...]
-
Página 68
[...]
-
Página 69
61 Appe ndix A Operating T abs Overview Introd uction Thi s appendix describes the operating tabs . RealSecure Desktop Protector gathers information a nd pr esents it on the Events tab, the Int ruders tab and the History tab. In this appe ndix This appendix contains the follo wing topics: Ta b P a g e The E vents T ab 62 The Intruders T ab 65 The H[...]
-
Página 70
Appe nd ix A : Ope rat ing T abs 62 The Events T a b Introd uction The Events tab summarizes all intrusion and system events on your computer . The tab columns sh ow the time, type, and severity of an event; the intruder's na me and IP address; how Desktop Protector has responded to the event, and other in formation. Customizi ng information T[...]
-
Página 71
The Events T ab 63 Optiona l column s on the Event s tab This table describes opt ional columns that yo u can add to the Events tab. T o add an optional column, right-click any column head ing and select Co lumns... This column ... Contain s this inf ormation... TCP Flag s Data in th e pac ke t header sp ecifying th e intended treat ment of the pac[...]
-
Página 72
Appe nd ix A : Ope rat ing T abs 64 Shortcut comma nds on the Event s tab This table describes the commands available by right-clicking an item on the Event tab: Butt ons on the Event s tab This table describes the but tons that appear on the Intruders tab: This comma nd... Has thi s effect.. . Ignore Ev ent T o ignore an e vent, right -clic k an e[...]
-
Página 73
The Intruders T ab 65 The Intruders T ab Introd uction The Int ruders tab displays al l the informatio n RealSecure Desktop Protector has collected about all th e intruders who have ini tiated events on your sys tem. This informa tion helps you determine the severity and location of each intruder . Sorting By default, the intruder list is sorted fi[...]
-
Página 74
Appe nd ix A : Ope rat ing T abs 66 Optiona l column s on the Intr uders tab This table describes the o ptional columns yo u can add to the Intruders tab. For informatio n about addin g optional colum ns to the display , see “ Showing an d hidin g columns ” on page 49. Butt ons on the Intrud ers tab This table describes the but tons that appear[...]
-
Página 75
The His tory T ab 67 The History T ab Introd uction The Hi story tab graphs netw ork and intrusion activity on your system. Note: For detailed informa tion about activi ty on the Events gra ph, click the graph near the marker that shows the tim e you ar e interested in. The Events tab appears, with the intrusion closes t to that time hi ghlighted. [...]
-
Página 76
Appe nd ix A : Ope rat ing T abs 68 Histo ry tab butto ns This table desc ribes the buttons on the Hi story tab: This button ... Has this effect... Close Closes th e main Des ktop Protec tor windo w . The detection a nd protectio n engine re mains a ctiv e. Help Displays the Help . T able 19: History tab buttons[...]
-
Página 77
69 Appe ndix B Configuration T abs Overview Introd uction Y ou can cont r ol some aspects of the way RealSecu r e Desktop Protector works by changin g the settings on the configuration tabs. In this Appe ndix This appendix con tains the followi ng topics: To p i c P a g e The Fire wall T ab 70 Th e Packe t L og T a b 72 The E viden ce Log T ab 74 T[...]
-
Página 78
Appendi x B: Config uration T abs 70 The Firewall T ab Introd uction U se the Firewall tab to choose how tig htly Desktop P rotector controls access to your system. Note: If your computer is reporting intrusion events to ICEcap Manager and local configuratio n editing has been di sabled, you cann ot set any options on th e Firewall tab from the loc[...]
-
Página 79
The Firewall T ab 71 Desktop P rotector rejects or blocks co mmunicati ons on p ort 139. On W indow s 2000, th is setting also af fects port 445. Allow NetBIOS Neighbo rhood Select this optio n to allow your system to appear in the Network Nei ghborhood of other computers. Clear thi s opti on to h ide a c ompute r fr om the Netw ork Ne ighbor hood.[...]
-
Página 80
Appendi x B: Config uration T abs 72 The Packet Log T ab Introd uction The Pa cket Log tab allows you to configure the RealSecure Desktop Protector packet logging featu res. When packet logging is enabl ed, Desktop Protector recor ds all th e network traffic that passes through yo ur system. Packet logs or evidence logs? Because they contain a r ec[...]
-
Página 81
The Packet Log T ab 73 Pack et Log ta b button s This table describes the but tons that appear on the Pack et Log tab. This b utton... Has this effe ct... OK Clic k to sa ve y our chang es and re tur n to t he main De sktop Prot ecto r wi ndow . Cancel Clic k to dis card y our chan ges and return to the Deskt op Prot ecto r wi ndow . Apply Clic k t[...]
-
Página 82
Appendi x B: Config uration T abs 74 The Evidence Log T a b Introd uction Wh en your system is attacked, RealSecur e Desktop Pr otector can capture evidence files that recor d network traf fic from the intruding system. E vidence files recor d the specific packet that set off a protection r espon se. This can be a good way to in vestigate intrusion[...]
-
Página 83
The Evidence Log T ab 75 Eviden ce Log tab button s This table describes the but tons that appear on the Evidence Log tab. This button ... Has this effect... OK Click to sav e your c hanges a nd return to the m ain Deskt op Pro tecto r wi ndow . Cancel Click to discard your changes and return to the Desktop Pro tecto r wi ndow . Apply C lick to sav[...]
-
Página 84
Appendi x B: Config uration T abs 76 The Back T race T ab Introd uction B ack tracing is the process of tracing a network conn ection to its origin . When somebody connects to your system over a network such as the Internet, your system and the intruder's system exchange packets . Before an intr uder's packets reach your sy stem, they tra[...]
-
Página 85
The Intr usion D etection T ab 77 The In trusion Det ectio n T ab Introd uction The In trusion Detection tab al lows you to control the IP addresses or intrusions the Desktop Protector engine tru sts or ignores. For informati on about trusting an d ignoring, see “ T rusting Intruders ” on page 39 and “ Igno ring Even ts ” on pa ge 40. Intru[...]
-
Página 86
Appendi x B: Config uration T abs 78 The ICEcap T ab Introd uction The ICEcap tab allo ws you t o manuall y control how RealS ecure Desktop Protector reports intrusion informat ion to an ICEcap server . Wh en ICEcap reporting is enabled, all events are r eported to an ICEcap server for enterprise-wide repo rting and analysis. For more information, [...]
-
Página 87
The ICEcap T ab 79 Last Statu s Sho ws the resul t of RealSec ure Desktop Protector ’ s last a ttemp t to chec k in with th e ICEcap se r v er , at the time displa ye d in the Time field. One o f these res ults app ears: • OK : Y ou r compute r is com municat ing normally with ICEcap Manag er . • A uthenticati on Fail ure : The age nt wa s un[...]
-
Página 88
Appendi x B: Config uration T abs 80 ICE cap tab button s This table describes the but tons that appear on th e ICEcap tab. This b utton... Has this effect... OK Clic k to sa ve y our changes and return to the m ain Desk top Protector wi ndow . Cancel Click to d iscard y our changes an d return to the D esktop Protector wi ndow . Apply Clic k to sa[...]
-
Página 89
The No tifi cati ons T ab 81 The Noti ficati ons T ab Introd uction The No tifications tab allow s you to control some interface and notificatio n functions. Notificat ion settin gs This table describes the s ettings you can configure on the Notificatio ns tab: For more information about cho osing you r notification settin gs, see “ Contr ollin g[...]
-
Página 90
Appendi x B: Config uration T abs 82 Notificati ons tab button s This table describes the but tons that appear on the Notif ications tab. This b utton... Has this effect... OK Clic k to sa ve y our changes and return to the m ain Desk top Protector wi ndow . Cancel Click to d iscard y our changes an d return to the D esktop Protector wi ndow . Appl[...]
-
Página 91
The Prompts T ab 83 The Prom pts T a b Introd uction The Prompts tab enables you to choose the level of feedback you want fr om the RealSecure Desktop Protector user interface. Prompts tab settin gs This table describes the s ettings on the Prompts tab: This setting... Has this effec t... Show Confirm Dialog s Select this option t o hav e Desktop P[...]
-
Página 92
Appendi x B: Config uration T abs 84 The Ap plicat ion Control T ab Introd uction U se the Application Control tab to pr event unautho rized applications from starting on your syste m. Enable Application Protec tion When Enable Appl ication Protect ion is selected, Desktop Protector monitors your system for unauthori zed applications. Th is option [...]
-
Página 93
The App lic atio n C ont rol T ab 85 Application Cont rol tab butt ons This table describes the but tons that appear on th e Application Control tab. This b utton... Has this eff ect... OK Click to sa v e you r changes and return to the main Deskto p Pro tect or wi ndow . Cancel Click to discard y our changes and return to the D esktop Pro tect or [...]
-
Página 94
Appendi x B: Config uration T abs 86 The Co mmunic ation s Contr ol T ab Introd uction Use the Communications Control tab to pr event programs on your system fr o m contacting a network withou t your knowledge. Enable Application Protec tion When Enable Applicati on Protection is selected, the RealSecure Desktop Pr otector Application Protection co[...]
-
Página 95
The Communications Control T ab 87 Cancel Click to discard your changes and ret urn to the Desk top Pro tect or wi ndow . Apply Clic k to sa ve y our cha nges and keep the curren t tab open . Help Dis pla ys the onli ne Help f or this tab . This button ... Has this effec t...[...]
-
Página 96
Appendi x B: Config uration T abs 88[...]
-
Página 97
89 Appe ndix C Advanced Fir ewall Settings Overview Introd uction Y ou ca n use the Advanced Firewall Settings window to bloc k intruders or ports or to configure Desktop Protector to dynamically switch protection levels. ● When you block an intruder , RealSecure Desktop Protector creates an IP a ddress entry in your firewall that pr events all t[...]
-
Página 98
Appendi x C: Advanced Firewall Settin gs 90 The Firewall Rules T ab Introd uction Use the IP Address ta b to create, modify and delete fir ewall settings fo r IP addres ses and ports. Add an d remove addresses or po rts from the firewall list as ne cessary to mo dify and protect your syst em. Caution: This firewall editor is intended only for users[...]
-
Página 99
The Firewall Rules T ab 91 Butt ons The following table describes the buttons on the IP Addr ess tab: Shortcut menu These commands ar e available when you right-click an item in the firewall list: Note: The Accept and Reject settings produce differ ent shortcut option s. This b utton... Has this effect... Options T o be notifie d when De sktop Prot[...]
-
Página 100
Appendi x C: Advanced Firewall Settin gs 92 The Local A daptive Protectio n T a b Use this tab to conf igure your firewall to switch protection levels dyna mically . When your firewall detects a conn ection, and you r computer is using one of the IP ad dresses specified on this tab, yo ur firewall automatically sw itches to the appropriate protecti[...]
-
Página 101
The Remote Adaptive Protection T ab 93 The Remote Adaptive Protection T ab When your firewall detects a connection w ith a r emote system that is using one of the IP addresses specified on th is tab, your firewall automa tically switches to the appropriate pr otect ion l evel. Option s This table describes the optio ns available on the Ad aptive Pr[...]
-
Página 102
Appendi x C: Advanced Firewall Settin gs 94 The Add Firewall Entry Dialog Introd uction Use this dialog to create or change fir ewall settings that block or accept IP addresses. Add Firew all Entry dialog s etting s The Add Fir ewall Entry dialog feat ures the se fields: This field... Contains... Name The desc riptiv e name f or the filter . It is [...]
-
Página 103
The Add Firewall Entry Dialog 95 Add Firew all Entry dialog button s The Add Fir ew all Entry dialog has these button s: This b utton... Has this effect... Add Clic k to creat e the fire wall entry . Cancel Closes the windo w without sa ving the setti ng. T able 32: Add Firewall Settings dialog buttons[...]
-
Página 104
Appendi x C: Advanced Firewall Settin gs 96 The Modify Firewall Entr y Dialog Introd uction U se this dialog to chang e a firewall setting that you have set up previous ly . Modify Firew all Entr y dial og settin gs The Modify Fir ewall Entry dialog features these fields: This field... Contains... Name The desc riptiv e name f or the filter . It is[...]
-
Página 105
The Modify Fi rewall Entry Dialog 97 Modify Firew all Entr y dialog button s The Modify Firewall Entry dialog has th ese buttons: This b utton... Has this effect... Add Clic k to creat e the fire wall entry . Cancel Closes the windo w without sa ving the setti ng. T able 34: Modify Firewall Settings dialog buttons[...]
-
Página 106
Appendi x C: Advanced Firewall Settin gs 98[...]
-
Página 107
99 Appe ndix D Advanced Application Protection Settings Overview Introd uction The A dvanced Applicatio n Settings win dow lets you control which applicat ions can start on your system and which a pplications can co nnect to a network, such as the Internet. ● For informat ion about co ntrolling application s on your sy stem, see “ W orking w it[...]
-
Página 108
Appendi x D: Advanced Ap plication P rotection Settin gs 100 Advanced Applicatio n Settings window menu commands The Advanced Application Pr otection Settings window features these menus: This comma nd... Has this eff ect... File men u Run Bas eline Ex ecutes t he choices you hav e made on the Baseline tab . Sav e Changes R ecords th e setting s yo[...]
-
Página 109
The Kno wn Appl icat ion s T ab 101 The Known Ap plicat ions T ab Introd uction The K nown Applicati ons tab shows the application files Desktop Protector has detected on your sys tem. If an applicati on not on th is list attempts to start, Deskto p Protector alerts you or autom atically closes th e application , depending on the option s you selec[...]
-
Página 110
Appendi x D: Advanced Ap plication P rotection Settin gs 102 The Baseline T ab Introd uction The B aseline tab allows you to control how RealSecure Desktop Protector inspects you r system for applicatio n files. The s ystem tree pane The system tr ee pane shows the drives and dir ectories RealSecure Desktop Pr otector has found on your system. T o [...]
-
Página 111
The Checksum Extensions Dialog 103 The Checksum Extensions Dialog Introd uction The Ch ecksum Extensi ons dialog enables you to cust omize the appl ication fi le types that RealSecur e Desktop Protector lists when it inspects your system. Desktop Protector determines which f iles are included in the baseline from the file name' s extension (th[...]
-
Página 112
Appendi x D: Advanced Ap plication P rotection Settin gs 104[...]
-
Página 113
105 Appe ndix E The Main Menu Overview Introd uction The Main Menu appears above the information tabs. This Appen dix explains how to use the menu optio ns to control the appearance and operation of Des ktop Protector features. In this Appe ndix This Appendix contains the following topics: To p i c P a g e The File Menu 106 The E dit Me nu 107 The [...]
-
Página 114
Appendi x E: The Main Menu 106 The File Menu Introd uction Use the File menu to contr ol the essential operations of RealSecure Desktop Pr otector. Print... Print sends information from Desktop Protector to your default printer . T o print informati on about an event or intruder: 1. On the Events or Intruders tab, select an event or intruder . 2. C[...]
-
Página 115
The Edit Menu 107 The Edit Menu Introd uction U se the Edit menu to manipulate the in trusion records that RealSecur e Deskto p Pr otector gathers. For more informatio n about ways you can use Desktop Protector data, see “ Bac k Tr a c i n g ” on page 50. Cut T o cut an event or in truder: ● On the Events or Intruders tab, click an event or i[...]
-
Página 116
Appendi x E: The Main Menu 108 The V iew Menu Introd uction Use the V iew menu to choose what items ar e displayed, and how , on the Events and Intruders lists. Fre eze Stops Desktop Prot ector from refr eshing the tab information. For more information, see “ Freezing the Events list ” on page 49. Filter b y Event Severity Filters the types of [...]
-
Página 117
The T ools Menu 109 The T ools Menu Introd uction The T ools menu enables you to configure the application by editing the settings; edit the Advanced Fir ewall settings; start or stop the BlackICE engine; clear the event list; or cha nge ot her pref erenc es. Edit BlackICE Settings... Displays the configurati on tabs that con trol the operation of [...]
-
Página 118
Appendi x E: The Main Menu 110 The Help Menu Introd uction The Help menu offers links to the Help, the ISS W eb site, an d information about Desktop Protector. BlackICE Help To p i c s Displays th e Desktop Protector online Hel p. Onlin e Supp ort Starts your W eb browser and points it to a collecti on of frequently asked question s (F AQ) about De[...]
-
Página 119
The System T ra y Menu 111 The System T ray Menu Introd uction The sy stem tray menu provides a qu ick way to access some key Desktop Protector functions. Y ou ca n see this menu by right-clicking the Desk top Protector icon in the lo wer right corner of your screen. View BlackICE Event s Opens the Desktop Protector user interface to the Events lis[...]
-
Página 120
Appendi x E: The Main Menu 112[...]
-
Página 121
113 Index a acc eptin g even ts 39 adap tive protec tion 4 , 92 – 93 adding an entr y 94 addresses blocking and accepting 37 Advanced Applicat ion Control Settings window 1 02 Advanced Fire wall Settings win dow 90 advICE library 110 aler ts choosing 48 , 81 , 83 interpreting 9 responding t o 43 – 44 , 50 , 56 anti- viru s 6 Application Control[...]
-
Página 122
Index 114 e Edit menu 107 events accepting 39 , 96 blocking 37 , 96 clearing 48 , 109 deleting 48 filter ing 12 , 48 , 108 find ing 107 freez ing 4 9 , 108 ignoring 40 notific ation 48 Events tab 62 Evidence Log tab 74 evidence logs 11 , 48 clearing 48 , 52 , 109 collecting 52 exe files 103 f File menu 106 filterin g events 12 , 48 , 108 find ing a[...]
-
Página 123
Inde x 115 clearing 48 , 54 , 109 collecting 54 Paranoid protection leve l 3 , 70 port s, blocking 40 prerequisites installation 22 printing information 64 , 66 , 91 , 106 profile see base line 1 Prompts t ab 83 prot ection level choosing 34 effect on applicat ions 3 setting dynamically 4 , 92 – 93 r respondi ng to ale r ts 50 response levels 10 [...]
-
Página 124
Index 116[...]
-
Página 125
117 Internet Security Syste ms, I nc. Softw are License Agreement THIS SOFTW ARE IS LICENSED , NOT S OLD. BY INST ALLING THIS SOFT W AR E, Y OU A GREE T O ALL OF THE PR O V ISIONS OF THIS SOFTW ARE LICENSE A GREEMEN T (“LI CENSE”). IF Y OU ARE NOT WILLING T O BE BOUND BY THIS LICENSE, RETURN ALL COPIES OF THE SOFTW ARE A ND LICENSE KEYS T O ISS[...]
-
Página 126
Chapter 0 : 118 13. No High Ris k Use - Licensee a cknowledges that the Soft ware is not fault to lerant and i s not desig ned or intended for use in haz ardous environ ments requ iring fail-saf e operat ion, including, but not limited to, aircraft navigation, air traffic contr ol systems, weapon syst ems, lif e-supp or t systems, nuclear f aciliti[...]