Internet Security Systems Desktop Protector инструкция обслуживания

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

Идти на страницу of

Хорошее руководство по эксплуатации

Законодательство обязывает продавца передать покупателю, вместе с товаром, руководство по эксплуатации Internet Security Systems Desktop Protector. Отсутствие инструкции либо неправильная информация, переданная потребителю, составляют основание для рекламации в связи с несоответствием устройства с договором. В законодательстве допускается предоставлении руководства в другой, чем бумажная форме, что, в последнее время, часто используется, предоставляя графическую или электронную форму инструкции Internet Security Systems Desktop Protector или обучающее видео для пользователей. Условием остается четкая и понятная форма.

Что такое руководство?

Слово происходит от латинского "instructio", тоесть привести в порядок. Следовательно в инструкции Internet Security Systems Desktop Protector можно найти описание этапов поведения. Цель инструкции заключается в облегчении запуска, использования оборудования либо выполнения определенной деятельности. Инструкция является набором информации о предмете/услуге, подсказкой.

К сожалению немного пользователей находит время для чтения инструкций Internet Security Systems Desktop Protector, и хорошая инструкция позволяет не только узнать ряд дополнительных функций приобретенного устройства, но и позволяет избежать возникновения большинства поломок.

Из чего должно состоять идеальное руководство по эксплуатации?

Прежде всего в инструкции Internet Security Systems Desktop Protector должна находится:
- информация относительно технических данных устройства Internet Security Systems Desktop Protector
- название производителя и год производства оборудования Internet Security Systems Desktop Protector
- правила обслуживания, настройки и ухода за оборудованием Internet Security Systems Desktop Protector
- знаки безопасности и сертификаты, подтверждающие соответствие стандартам

Почему мы не читаем инструкций?

Как правило из-за нехватки времени и уверенности в отдельных функциональностях приобретенных устройств. К сожалению само подсоединение и запуск Internet Security Systems Desktop Protector это слишком мало. Инструкция заключает ряд отдельных указаний, касающихся функциональности, принципов безопасности, способов ухода (даже то, какие средства стоит использовать), возможных поломок Internet Security Systems Desktop Protector и способов решения проблем, возникающих во время использования. И наконец то, в инструкции можно найти адресные данные сайта Internet Security Systems, в случае отсутствия эффективности предлагаемых решений. Сейчас очень большой популярностью пользуются инструкции в форме интересных анимаций или видео материалов, которое лучше, чем брошюра воспринимаются пользователем. Такой вид инструкции позволяет пользователю просмотреть весь фильм, не пропуская спецификацию и сложные технические описания Internet Security Systems Desktop Protector, как это часто бывает в случае бумажной версии.

Почему стоит читать инструкции?

Прежде всего здесь мы найдем ответы касательно конструкции, возможностей устройства Internet Security Systems Desktop Protector, использования отдельных аксессуаров и ряд информации, позволяющей вполне использовать все функции и упрощения.

После удачной покупки оборудования/устройства стоит посвятить несколько минут для ознакомления с каждой частью инструкции Internet Security Systems Desktop Protector. Сейчас их старательно готовят или переводят, чтобы они были не только понятными для пользователя, но и чтобы выполняли свою основную информационно-поддерживающую функцию.

Содержание руководства

  • Страница 1

    TM Desktop Pr otector User Guide Ve r s i o n 3 . 5[...]

  • Страница 2

    Internet Security Systems, Inc. 6303 Barfiel d Road Atlanta, Georgi a 30328-4233 United States (404) 236 -2600 http://www.iss.net © Internet Securit y Systems, Inc. 1999 -2002. All right s reserv ed worldwide. Customers may make r easonable n umbers of copies of this publica tion for inte rnal use only . This public ation may no t otherwise be cop[...]

  • Страница 3

    iii Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v Convention s Used in this Guide . . . . . . . . . [...]

  • Страница 4

    iv Contents Appendix A : Operat ing Ta bs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 The Events T ab . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Страница 5

    v Preface Overview Introd uction This guide is designed to help you us e RealSecure Desktop Pr otector to protect your local system and yo ur network from unwanted intru sions. Scope This guide describes the features of RealSecure Desktop Protector and shows you how to use them. ● Chapter 1 explains how D esktop Protector protects your local syst[...]

  • Страница 6

    Pref ace vi Rela ted pub lica tio ns The following documents ar e available for download fr om the Internet Security Systems We b s i t e a t www.iss .net . ● For informati on about working wi th RealSecure Deskt op Protector on a corporate network, see the RealSecure ICEcap Manager User Guide. ● For answers to questio ns about Desk top Protect[...]

  • Страница 7

    Conventions Used in this Guide vii Conventions Used in this Guide Introd uction Thi s topic explain s the typogr aphic conventio ns used in th is guide to make informati on in procedur es and commands easier to r ecognize. In pro cedures The typographic conventions used in pr ocedures ar e sh own in the following table: Command conventions The typo[...]

  • Страница 8

    Pref ace viii Getting T echnica l Support Introd uction IS S provides technical support through its W eb site and by email or telepho ne. The ISS We b site The Internet Security Systems (ISS) Res ource Center W eb site ( http:// www.i ss.net / suppor t/ ) provides dir ect access to much of the information you need. Y ou can find frequently asked qu[...]

  • Страница 9

    1 Chapter 1 Intr oduction to RealSecure Desktop Protector Overview Introd uction Rea lSecure Desktop Protector is a comprehensive security solutio n that helps you protect your system a nd your network from the fol lowing: ● theft of passwords, credit card information, person al files and mo re ● computer downtime and system crash es ● hacker[...]

  • Страница 10

    Chapter 1: Introd uction to Real Secur e Desktop Protec tor 2 inbound and outbound tra ffic on your system for suspiciou s activity . Desktop Protector blocks unautho rized activity wit hout affecting normal traffic. Intrus ion de tection RealSecure Desktop Protector contains an int rusion detection system that alerts you to attacks and blocks thre[...]

  • Страница 11

    Protectio n Levels 3 Pro tecti on Leve ls Introd uction Protection levels are pr e-designed sets of security settings developed for dif ferent types of W eb us e. Y ou can cho ose to have Desktop Protector block all communications wi th your system, some communications with your system, or no communications with your system. Y ou can change protect[...]

  • Страница 12

    Chapter 1: Introd uction to Real Secur e Desktop Protec tor 4 Adapti ve Protection Introd uction A daptive Protection automatically adapts each agent's security level according to the type of network connectio n it is using. For example, you can set Ada ptive Pr otection to use a more r estrictive security level when users are logged on over a[...]

  • Страница 13

    The Desktop Protecto r Firewall 5 The Desktop Protector Firewall Introd uction Desk top Protector automa tically stops mos t intrusions according to the protection level you have chos en, but you still may n otice activity that is n't explicitly block ed. Y ou can configure the Desktop Pr otector firewall to incr ease your protection. Y ou can[...]

  • Страница 14

    Chapter 1: Introd uction to Real Secur e Desktop Protec tor 6 Applic ation P rot ection Introd uction BlackICE protects your computer from unknown applications and from applications connecting to a network , such as the Internet. How the baseline works First, BlackICE creates a baseline record (also known as a checksum) of the applicati ons install[...]

  • Страница 15

    Application Cont rol 7 Applic atio n Cont rol Introd uction Rea lSecure Desktop Protector lets you cont r ol whic h applications and related processes can r un on you r syst em. So metime s a p rogr am may be in stall ed on y our sy stem withou t your knowledge. Many of th ese pr ograms are useful or harmless. However , some of these programs can p[...]

  • Страница 16

    Chapter 1: Introd uction to Real Secur e Desktop Protec tor 8 Communica tions Control Introd uction T o reduce security risks fr om po tential “ Tr o j a n h o r s e ” applications on you r system, RealSecur e Desktop Protector lets you choose which applicatio ns or pr ocesses can access a network, such a s the Internet or a local area network.[...]

  • Страница 17

    Desktop Pr otector Alert s 9 Desktop Protector Alerts Introd uction Y our dynamic firewall handles most al erts for you, but you can take ad ditional steps to make its responses even more effective. The information in this topic may help you determine which events merit your attention . Severity levels Some network events ar e more dan gerous than [...]

  • Страница 18

    Chapter 1: Introd uction to Real Secur e Desktop Protec tor 10 Response levels Desktop Protector r e ports how it respo nded to each event by showing a symbol. The symbol fo r a response can appea r two ways: ● as an icon beside the event ● as a m ark ove r the se verity level icon This table describes Des ktop Protector response level icons an[...]

  • Страница 19

    Col lect ing In form at ion 11 Collect ing Information Introd uction Wh en an intruder attempts to break into your system, R ealSecure Desktop Protector can track the intruder ’ s activities. Y ou can use this information to determin e what an intruder did to your comp uter . This section explains how to ga ther and use this informat ion. Back T [...]

  • Страница 20

    Chapter 1: Introd uction to Real Secur e Desktop Protec tor 12 Filtering Information Introd uction Y ou probably w on't need to inspect all the informatio n RealSecure Desktop Protector gathers abou t the Internet traffic that reaches your system. Y ou can use the co nfiguration tabs to control how much information app ears on the inform ation[...]

  • Страница 21

    13 Chapter 2 Using RealSecure Desktop Pr otector with ICEcap Manager Overview Introd uction Rea lSecure Desktop Protector interacts with the ICEcap ma nagement and reporting console to pr ovide enterprise-wide security monitoring and management. This chapter provides the backgr ound knowledge requir ed for setting up connections between Desktop Pro[...]

  • Страница 22

    Chap ter 2 : Us ing Re alSec ure De sktop Protecto r wit h ICEc ap Ma nager 14 How ICEcap Ma nager W orks W ith RealS ecure Desktop Pro tector Introd uction ICEcap Ma nager interacts with agents in two ways: ● Collecting a nd managing informati on. As each Re alSecure agent detects even ts, it forwar ds information about those event s to the ICEc[...]

  • Страница 23

    How ICEcap Manager Works With RealSecure Deskto p Protector 15 locally ins talled. Silent D esktop Protector installations are always completely ICEcap- controlled. For more in formation a bout silent agent installation s, see the RealSe cure ICEcap Manage r Use r Guide . This table summarizes the levels of control ICEcap Ma nager can exert over an[...]

  • Страница 24

    Chap ter 2 : Us ing Re alSec ure De sktop Protecto r wit h ICEc ap Ma nager 16 How ICEcap Ma nager Handles In format ion Introd uction T o help organi ze information, ICE cap Manager categori zes agents and the events they rep o r t i n t o accoun ts and groups . T o report an event, a RealSecur e agent must be ass igned to a gr oup withi n an ICEc[...]

  • Страница 25

    T r ansmitting D ata to I CEcap Manager 17 T r ansm itting Data to ICEca p Manager Introd uction Desk top Protector must be able to tra nsmit data a cr oss you r network to t he ICEcap server . Agents can repo rt to the ICEcap server by one of thr ee methods: ● over the Internet ● over a V irtual P rivate Netw ork ● through a proxy server Rep[...]

  • Страница 26

    Chap ter 2 : Us ing Re alSec ure De sktop Protecto r wit h ICEc ap Ma nager 18 Installi ng Desktop Protector Remot ely Introd uction In a ddition to mana ging event informa tion, ICEcap Manag er can install De sktop Protector software on remote systems. This can include systems with the Local Console or “ silent ” installatio ns that include on[...]

  • Страница 27

    Using ICEcap Manager to Control RealSecu re Agents 19 Using IC Ecap Ma nager to Con trol R ealSe cure Agen ts Introd uction ICE cap Manager mana ges agents by apply ing policies to groups of agents. Any configuratio n change made to a group is distributed to al l the members of that group. This reduces the effort r equired to support remotely insta[...]

  • Страница 28

    Chap ter 2 : Us ing Re alSec ure De sktop Protecto r wit h ICEc ap Ma nager 20[...]

  • Страница 29

    21 Chapter 3 Setting Up RealSecure Desktop Pro tector Overview Introd uction Thi s chapter provides instructions for in stalling and con figuring RealSecure Deskt op Protector locally . For informat ion about insta lling Desktop Protector from ICEcap Manager , see the RealSecur e ICEcap Manager User Guide . In this ch apter This chapter contai ns t[...]

  • Страница 30

    Chapter 3: Setting Up RealSec ure Desk top Pr otector 22 Instal ling Real Secure Deskt op Protector Introd uction Thi s topic gives instructio ns for installing D esktop Protector. Local or remote installation Y ou can install R ealSecure Desktop Protector locall y at your agent compu ter or r emotely from RealSecure ICEcap Man ager . In most cases[...]

  • Страница 31

    Installing RealSecure Desktop Protector 23 8. Read the End User Licen se Agreement. ■ If you accept the End User License Agr eement, click I Accept , and then go to Step 9 . ■ If you do not accept the End User License Agreement, click I De cline . The setup program exits. 9. Enter the license key pr ovided by your ICEcap admini strator . Each a[...]

  • Страница 32

    Chapter 3: Setting Up RealSec ure Desk top Pr otector 24 Stoppi ng Des ktop Protect or Introd uction Wh en you quit the Desktop Protector applicatio n, Desktop Protector does not stop monitorin g your system. T o stop Desktop Protector from monitoring for int rusions and to stop protecting your s ystem against u nknown or m odified applicatio ns, y[...]

  • Страница 33

    Stoppin g Desktop Protector 25 Stopping Desktop Protec tor fro m the control panel (W indows 2000 ) T o stop Deskto p Protector from the W indo ws 2000 cont rol panel: 1. Click Start Æ Settings Æ Control Panel . 2. Do uble-click Administrative T ool s . 3. Do uble-click Services . The Services window appears . 4. In the right pane, right-click Bl[...]

  • Страница 34

    Chapter 3: Setting Up RealSec ure Desk top Pr otector 26 Restarting Desk top Protector Introd uction Y ou can restart RealS ecur e Desktop P rotector after you have stopped it, or you can let Desktop Protector restart automa tically when you r estart yo ur computer . Note: Opening the Desktop Pro tector window does not make Deskto p Pr otector resu[...]

  • Страница 35

    Restarting Desktop Protector 27 3. Do uble-click Services . The Services window appears . 4. In the right pane, right-click Black ICE , and then s elect Start . Desktop Protector resumes monitoring incoming tra ffic. The r ed line disappear s fr om the Desktop Protector icon. 5. In the right pane, right-click RapApp , and then sele ct Start . Deskt[...]

  • Страница 36

    Chapter 3: Setting Up RealSec ure Desk top Pr otector 28 Uninstalli ng Desktop Protect or Introd uction Y ou can remove Desktop Protector from your computer us ing the W in dows Add/Re move Programs Utility or the Bla ckICE Agentremove utility . Impo rt ant: Use the agentre move .exe utility only if you are unable to remove Deskt op Protector thr o[...]

  • Страница 37

    Uninstalling Desktop Protector 29 7. Do you want to remove the remaining in trusion files and d elete the directory? ■ If yes , click Ye s . ■ If no , click No . 8. Click Fin ish . The system removes Desktop Protector f r om yo ur system. Uninstalling Desk top Protec tor using th e agentr emo ve.exe utility T o r emove Desk top Protector using [...]

  • Страница 38

    Chapter 3: Setting Up RealSec ure Desk top Pr otector 30[...]

  • Страница 39

    31 Chapter 4 Configuring RealSecure Desktop Pro tector Overview Introd uction Thi s chapter pr o vides the pro cedures to configure R ealSecure Desktop Pr otector for your specific conditions. These pr ocedures ar e designed to be performed in sequence. In this ch apter This chapter incl udes the following topics : To p i c P a g e Connectin g to I[...]

  • Страница 40

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 32 Connecting to IC Ecap Manager Introd uction Rea lSecure Desktop Protector interacts with ICEcap Ma nager managemen t and reporting console to pr ovide enterprise-wide security monitoring and management. If ICEcap Manager appli cation has gran ted local control, you can use the ICEcap tab to[...]

  • Страница 41

    Connecting to ICE cap Manager 33 ■ OK: The local RealSecure agent is successfully exchanging information with ICEcap Manager . ■ Auth en tica tio n Fail ure : The agent may have an incorrect acco unt name or passwor d. Re-enter the a ccount, gr oup, and passwor d values and tes t again. If this erro r persists, check with your ICEcap administra[...]

  • Страница 42

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 34 Setting Y our Protecti on Level Introd uction Protection levels are pr edesigned sets of security settings developed for differ ent types of W eb us e. Y ou can cho ose to have Desktop Protector block all communications wi th your system, some communications with your system, or no communic[...]

  • Страница 43

    Using A daptive Pr otection 35 Using Ad aptive Protecti on Y ou ca n set up your firewall to switch protection levels automa tically when it de tects a connection with a remote computer . T o do this, choose one of the procedures in this to pic. Setting adaptive protec tion from insi de th e corp orate network T o switch to the T rusting protection[...]

  • Страница 44

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 36 Note: This can be a single static IP ad dress or a set of add r esse s that the con ference host provides. 6. Click OK . Y our firewall is configu r ed to sw itch to Cautious w hen you connect to yo ur corporate network from your remote location.[...]

  • Страница 45

    Blocki ng Intrusions 37 Blocking In trusions Introd uction Desk top Protector identifies and stops most intrusions accor ding to your preset protection level, but you may still notice activity that isn't explicitly blocked. This to pic explains how to handle int rusions from a particular address or intrusions th at use a particular protoc ol. [...]

  • Страница 46

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 38 Blocking a Port If you don't have a specific in truder in mind but you are concerned about intrusion attempts usin g a particular internet protocol, yo u can block the port that protocol uses . Adding a port entry to your fir ewall ensures that no traf fic from any IP address can enter[...]

  • Страница 47

    T rusting I ntrud ers 39 T r usting Intruders Introd uction Wh en an address is trusted, Desk top Protector assum es all commu nication from that addres s is authorized and e xcludes the addres s from any intrusion detection. T rusting ensures that Desktop Protector does not block systems whose i ntrusions may be useful to you . Y ou ca n ch oose t[...]

  • Страница 48

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 40 Ignoring Events Y ou ca n configure RealSecure Desktop Protector to ignore events that are not a threat to your syste m. Note: Ignoring an event is differ ent from tr usting an intruder . Ignoring disregar ds certain kinds of events. When an event type is ignored, Desktop Protector does not[...]

  • Страница 49

    Ignoring Events 41 For more in form at ion, se e “ The Prompts T ab ” on page 83.[...]

  • Страница 50

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 42 W orking with the Appl icatio n Protectio n Baseli ne Introd uction Wh en you insta ll RealSecu re Desktop Protector, it creates a bas eline recor d (also known a s a checksum) of the applications insta lled on your computer . De sktop Protector uses this informatio n to prevent any unautho[...]

  • Страница 51

    Wor king with t he Application Pro tection Baseline 43 3. Repeat for every warning message that appears. The number of messages you see depends on ho w many files the appli cation runs. BlackI CE will not display the warning me ssages again unless the application cha nges. Build ing your baseline o ver time Desktop Protector can learn your applicat[...]

  • Страница 52

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 44 Adding file types to the baselin e If you know of ap plication files o n your system that h ave differ ent extension s, you can add those extensions befor e crea ting your baseline. T o search fo r additional f ile types: 1. On the Des ktop Protector T ool s menu, select Advanced A pplicati[...]

  • Страница 53

    Wor king with t he Application Pro tection Baseline 45 Disabling Application Protec tion T o permanently prevent Desktop Protector fr om monitoring your system for unauthorized a pplications, follow this procedure: 1. On the T o ols menu, select Edi t BlackICE Settin gs , and then select the Applicatio n Control tab. 2. Clear Enable Applicat ion Pr[...]

  • Страница 54

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 46 Configuring Co mmunications Co ntrol Introd uction Wh en you set your commun ications control prefere nces, you esta blish a rule for RealSecur e Desktop Pr otector to fo llow whenever an appl ication trie s to access a ne twork without yo ur approval. Y ou have the option of termina ting t[...]

  • Страница 55

    Configuring C ommunications Control 47 For more information about setting your Communications Control pr eferences, see “ The Communica tions C ontrol T ab ” on page 8 6.[...]

  • Страница 56

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 48 Contr oll ing Even t Notif icat ion Introd uction Y ou m ay find that yo u want regular access to more or less inf ormation than R ealSecure Desktop Protector sh ows by defau lt. Y o u can use the Desktop Pr otector configuration t abs to control the followin g: ● how much informatio n ap[...]

  • Страница 57

    Cont rolli ng Ev ent No tifi cati on 49 4. Click OK . For more information about setting your notification pref erences, see “ The Notifications Ta b ” on page 81 . Freezi ng the Ev ents list Freezing the Events lis t stops Desktop Protector from refreshing the tab informatio n until you unfreeze it. However , freezing does not stop the m onito[...]

  • Страница 58

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 50 Back T racing Introd uction Rea lSecure Desktop Protector can track an intruder ’ s activities to help yo u determine what an intruder did to your computer . This topic explains h ow to gather and use this informatio n. How does back tracing wor k? Back tracing is the process of tracing a[...]

  • Страница 59

    Back T racing 51 want as much inf ormation about the intruder as possible. However , intruders can detect and block a dir ect trace. Wher e is the back tracing information? Back tracing in formation appears in two places: ● in the informatio n pane of the Intruder tab ● in standard text files in the Hosts folder in the dir ecto ry where Desktop[...]

  • Страница 60

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 52 Collecting Evidence Files Introd uction Rea lSecure Desktop Protector can capture network traffic attributed to an intrusion and place that information into an evidence file. Desktop Pr otector captures and deco des each packet coming into the system, so it ca n generate files that contain [...]

  • Страница 61

    Collecting Evidence Files 53 3. Click OK . For more information about setting yo ur evidence logging preferences, see “ The Evidence Log T ab ” on page 74.[...]

  • Страница 62

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 54 Collecting Packet Logs Introd uction Pa cket logging records all the packets that ent er your system. This can be usef ul if you need more detailed info rmation than evidence logs contain. Where are my packet log files? Desktop Protector packet log files ar e stored in the installation dire[...]

  • Страница 63

    Collectin g Packet Logs 55 For more information about choosing your packet logg ing settings, see “ The Packet Log Ta b ” on page 72 .[...]

  • Страница 64

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 56 Responding to Application Protection Alerts Introd uction Prog rams can star t withou t your knowl edge. T he Appli cation Pr otecti on com ponent may be triggered when you start a new program through the Star t menu or by clicking a shortcut, but it may a lso be triggered by a pr ogram tha[...]

  • Страница 65

    Exporting Desktop Protecto r Data 57 Exportin g Deskto p Protector Data Introd uction Y ou m ay want to export RealSecure Desktop Protector data into a spreadsheet pr ogram or word pr ocessor to lo ok at the intrusion a ctivity on your system. Proce dure To e x p o r t d a t a : 1. Copy or cut th e selected information to place it on the clipboard.[...]

  • Страница 66

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 58[...]

  • Страница 67

    TM Appendixes[...]

  • Страница 68

    [...]

  • Страница 69

    61 Appe ndix A Operating T abs Overview Introd uction Thi s appendix describes the operating tabs . RealSecure Desktop Protector gathers information a nd pr esents it on the Events tab, the Int ruders tab and the History tab. In this appe ndix This appendix contains the follo wing topics: Ta b P a g e The E vents T ab 62 The Intruders T ab 65 The H[...]

  • Страница 70

    Appe nd ix A : Ope rat ing T abs 62 The Events T a b Introd uction The Events tab summarizes all intrusion and system events on your computer . The tab columns sh ow the time, type, and severity of an event; the intruder's na me and IP address; how Desktop Protector has responded to the event, and other in formation. Customizi ng information T[...]

  • Страница 71

    The Events T ab 63 Optiona l column s on the Event s tab This table describes opt ional columns that yo u can add to the Events tab. T o add an optional column, right-click any column head ing and select Co lumns... This column ... Contain s this inf ormation... TCP Flag s Data in th e pac ke t header sp ecifying th e intended treat ment of the pac[...]

  • Страница 72

    Appe nd ix A : Ope rat ing T abs 64 Shortcut comma nds on the Event s tab This table describes the commands available by right-clicking an item on the Event tab: Butt ons on the Event s tab This table describes the but tons that appear on the Intruders tab: This comma nd... Has thi s effect.. . Ignore Ev ent T o ignore an e vent, right -clic k an e[...]

  • Страница 73

    The Intruders T ab 65 The Intruders T ab Introd uction The Int ruders tab displays al l the informatio n RealSecure Desktop Protector has collected about all th e intruders who have ini tiated events on your sys tem. This informa tion helps you determine the severity and location of each intruder . Sorting By default, the intruder list is sorted fi[...]

  • Страница 74

    Appe nd ix A : Ope rat ing T abs 66 Optiona l column s on the Intr uders tab This table describes the o ptional columns yo u can add to the Intruders tab. For informatio n about addin g optional colum ns to the display , see “ Showing an d hidin g columns ” on page 49. Butt ons on the Intrud ers tab This table describes the but tons that appear[...]

  • Страница 75

    The His tory T ab 67 The History T ab Introd uction The Hi story tab graphs netw ork and intrusion activity on your system. Note: For detailed informa tion about activi ty on the Events gra ph, click the graph near the marker that shows the tim e you ar e interested in. The Events tab appears, with the intrusion closes t to that time hi ghlighted. [...]

  • Страница 76

    Appe nd ix A : Ope rat ing T abs 68 Histo ry tab butto ns This table desc ribes the buttons on the Hi story tab: This button ... Has this effect... Close Closes th e main Des ktop Protec tor windo w . The detection a nd protectio n engine re mains a ctiv e. Help Displays the Help . T able 19: History tab buttons[...]

  • Страница 77

    69 Appe ndix B Configuration T abs Overview Introd uction Y ou can cont r ol some aspects of the way RealSecu r e Desktop Protector works by changin g the settings on the configuration tabs. In this Appe ndix This appendix con tains the followi ng topics: To p i c P a g e The Fire wall T ab 70 Th e Packe t L og T a b 72 The E viden ce Log T ab 74 T[...]

  • Страница 78

    Appendi x B: Config uration T abs 70 The Firewall T ab Introd uction U se the Firewall tab to choose how tig htly Desktop P rotector controls access to your system. Note: If your computer is reporting intrusion events to ICEcap Manager and local configuratio n editing has been di sabled, you cann ot set any options on th e Firewall tab from the loc[...]

  • Страница 79

    The Firewall T ab 71 Desktop P rotector rejects or blocks co mmunicati ons on p ort 139. On W indow s 2000, th is setting also af fects port 445. Allow NetBIOS Neighbo rhood Select this optio n to allow your system to appear in the Network Nei ghborhood of other computers. Clear thi s opti on to h ide a c ompute r fr om the Netw ork Ne ighbor hood.[...]

  • Страница 80

    Appendi x B: Config uration T abs 72 The Packet Log T ab Introd uction The Pa cket Log tab allows you to configure the RealSecure Desktop Protector packet logging featu res. When packet logging is enabl ed, Desktop Protector recor ds all th e network traffic that passes through yo ur system. Packet logs or evidence logs? Because they contain a r ec[...]

  • Страница 81

    The Packet Log T ab 73 Pack et Log ta b button s This table describes the but tons that appear on the Pack et Log tab. This b utton... Has this effe ct... OK Clic k to sa ve y our chang es and re tur n to t he main De sktop Prot ecto r wi ndow . Cancel Clic k to dis card y our chan ges and return to the Deskt op Prot ecto r wi ndow . Apply Clic k t[...]

  • Страница 82

    Appendi x B: Config uration T abs 74 The Evidence Log T a b Introd uction Wh en your system is attacked, RealSecur e Desktop Pr otector can capture evidence files that recor d network traf fic from the intruding system. E vidence files recor d the specific packet that set off a protection r espon se. This can be a good way to in vestigate intrusion[...]

  • Страница 83

    The Evidence Log T ab 75 Eviden ce Log tab button s This table describes the but tons that appear on the Evidence Log tab. This button ... Has this effect... OK Click to sav e your c hanges a nd return to the m ain Deskt op Pro tecto r wi ndow . Cancel Click to discard your changes and return to the Desktop Pro tecto r wi ndow . Apply C lick to sav[...]

  • Страница 84

    Appendi x B: Config uration T abs 76 The Back T race T ab Introd uction B ack tracing is the process of tracing a network conn ection to its origin . When somebody connects to your system over a network such as the Internet, your system and the intruder's system exchange packets . Before an intr uder's packets reach your sy stem, they tra[...]

  • Страница 85

    The Intr usion D etection T ab 77 The In trusion Det ectio n T ab Introd uction The In trusion Detection tab al lows you to control the IP addresses or intrusions the Desktop Protector engine tru sts or ignores. For informati on about trusting an d ignoring, see “ T rusting Intruders ” on page 39 and “ Igno ring Even ts ” on pa ge 40. Intru[...]

  • Страница 86

    Appendi x B: Config uration T abs 78 The ICEcap T ab Introd uction The ICEcap tab allo ws you t o manuall y control how RealS ecure Desktop Protector reports intrusion informat ion to an ICEcap server . Wh en ICEcap reporting is enabled, all events are r eported to an ICEcap server for enterprise-wide repo rting and analysis. For more information, [...]

  • Страница 87

    The ICEcap T ab 79 Last Statu s Sho ws the resul t of RealSec ure Desktop Protector ’ s last a ttemp t to chec k in with th e ICEcap se r v er , at the time displa ye d in the Time field. One o f these res ults app ears: • OK : Y ou r compute r is com municat ing normally with ICEcap Manag er . • A uthenticati on Fail ure : The age nt wa s un[...]

  • Страница 88

    Appendi x B: Config uration T abs 80 ICE cap tab button s This table describes the but tons that appear on th e ICEcap tab. This b utton... Has this effect... OK Clic k to sa ve y our changes and return to the m ain Desk top Protector wi ndow . Cancel Click to d iscard y our changes an d return to the D esktop Protector wi ndow . Apply Clic k to sa[...]

  • Страница 89

    The No tifi cati ons T ab 81 The Noti ficati ons T ab Introd uction The No tifications tab allow s you to control some interface and notificatio n functions. Notificat ion settin gs This table describes the s ettings you can configure on the Notificatio ns tab: For more information about cho osing you r notification settin gs, see “ Contr ollin g[...]

  • Страница 90

    Appendi x B: Config uration T abs 82 Notificati ons tab button s This table describes the but tons that appear on the Notif ications tab. This b utton... Has this effect... OK Clic k to sa ve y our changes and return to the m ain Desk top Protector wi ndow . Cancel Click to d iscard y our changes an d return to the D esktop Protector wi ndow . Appl[...]

  • Страница 91

    The Prompts T ab 83 The Prom pts T a b Introd uction The Prompts tab enables you to choose the level of feedback you want fr om the RealSecure Desktop Protector user interface. Prompts tab settin gs This table describes the s ettings on the Prompts tab: This setting... Has this effec t... Show Confirm Dialog s Select this option t o hav e Desktop P[...]

  • Страница 92

    Appendi x B: Config uration T abs 84 The Ap plicat ion Control T ab Introd uction U se the Application Control tab to pr event unautho rized applications from starting on your syste m. Enable Application Protec tion When Enable Appl ication Protect ion is selected, Desktop Protector monitors your system for unauthori zed applications. Th is option [...]

  • Страница 93

    The App lic atio n C ont rol T ab 85 Application Cont rol tab butt ons This table describes the but tons that appear on th e Application Control tab. This b utton... Has this eff ect... OK Click to sa v e you r changes and return to the main Deskto p Pro tect or wi ndow . Cancel Click to discard y our changes and return to the D esktop Pro tect or [...]

  • Страница 94

    Appendi x B: Config uration T abs 86 The Co mmunic ation s Contr ol T ab Introd uction Use the Communications Control tab to pr event programs on your system fr o m contacting a network withou t your knowledge. Enable Application Protec tion When Enable Applicati on Protection is selected, the RealSecure Desktop Pr otector Application Protection co[...]

  • Страница 95

    The Communications Control T ab 87 Cancel Click to discard your changes and ret urn to the Desk top Pro tect or wi ndow . Apply Clic k to sa ve y our cha nges and keep the curren t tab open . Help Dis pla ys the onli ne Help f or this tab . This button ... Has this effec t...[...]

  • Страница 96

    Appendi x B: Config uration T abs 88[...]

  • Страница 97

    89 Appe ndix C Advanced Fir ewall Settings Overview Introd uction Y ou ca n use the Advanced Firewall Settings window to bloc k intruders or ports or to configure Desktop Protector to dynamically switch protection levels. ● When you block an intruder , RealSecure Desktop Protector creates an IP a ddress entry in your firewall that pr events all t[...]

  • Страница 98

    Appendi x C: Advanced Firewall Settin gs 90 The Firewall Rules T ab Introd uction Use the IP Address ta b to create, modify and delete fir ewall settings fo r IP addres ses and ports. Add an d remove addresses or po rts from the firewall list as ne cessary to mo dify and protect your syst em. Caution: This firewall editor is intended only for users[...]

  • Страница 99

    The Firewall Rules T ab 91 Butt ons The following table describes the buttons on the IP Addr ess tab: Shortcut menu These commands ar e available when you right-click an item in the firewall list: Note: The Accept and Reject settings produce differ ent shortcut option s. This b utton... Has this effect... Options T o be notifie d when De sktop Prot[...]

  • Страница 100

    Appendi x C: Advanced Firewall Settin gs 92 The Local A daptive Protectio n T a b Use this tab to conf igure your firewall to switch protection levels dyna mically . When your firewall detects a conn ection, and you r computer is using one of the IP ad dresses specified on this tab, yo ur firewall automatically sw itches to the appropriate protecti[...]

  • Страница 101

    The Remote Adaptive Protection T ab 93 The Remote Adaptive Protection T ab When your firewall detects a connection w ith a r emote system that is using one of the IP addresses specified on th is tab, your firewall automa tically switches to the appropriate pr otect ion l evel. Option s This table describes the optio ns available on the Ad aptive Pr[...]

  • Страница 102

    Appendi x C: Advanced Firewall Settin gs 94 The Add Firewall Entry Dialog Introd uction Use this dialog to create or change fir ewall settings that block or accept IP addresses. Add Firew all Entry dialog s etting s The Add Fir ewall Entry dialog feat ures the se fields: This field... Contains... Name The desc riptiv e name f or the filter . It is [...]

  • Страница 103

    The Add Firewall Entry Dialog 95 Add Firew all Entry dialog button s The Add Fir ew all Entry dialog has these button s: This b utton... Has this effect... Add Clic k to creat e the fire wall entry . Cancel Closes the windo w without sa ving the setti ng. T able 32: Add Firewall Settings dialog buttons[...]

  • Страница 104

    Appendi x C: Advanced Firewall Settin gs 96 The Modify Firewall Entr y Dialog Introd uction U se this dialog to chang e a firewall setting that you have set up previous ly . Modify Firew all Entr y dial og settin gs The Modify Fir ewall Entry dialog features these fields: This field... Contains... Name The desc riptiv e name f or the filter . It is[...]

  • Страница 105

    The Modify Fi rewall Entry Dialog 97 Modify Firew all Entr y dialog button s The Modify Firewall Entry dialog has th ese buttons: This b utton... Has this effect... Add Clic k to creat e the fire wall entry . Cancel Closes the windo w without sa ving the setti ng. T able 34: Modify Firewall Settings dialog buttons[...]

  • Страница 106

    Appendi x C: Advanced Firewall Settin gs 98[...]

  • Страница 107

    99 Appe ndix D Advanced Application Protection Settings Overview Introd uction The A dvanced Applicatio n Settings win dow lets you control which applicat ions can start on your system and which a pplications can co nnect to a network, such as the Internet. ● For informat ion about co ntrolling application s on your sy stem, see “ W orking w it[...]

  • Страница 108

    Appendi x D: Advanced Ap plication P rotection Settin gs 100 Advanced Applicatio n Settings window menu commands The Advanced Application Pr otection Settings window features these menus: This comma nd... Has this eff ect... File men u Run Bas eline Ex ecutes t he choices you hav e made on the Baseline tab . Sav e Changes R ecords th e setting s yo[...]

  • Страница 109

    The Kno wn Appl icat ion s T ab 101 The Known Ap plicat ions T ab Introd uction The K nown Applicati ons tab shows the application files Desktop Protector has detected on your sys tem. If an applicati on not on th is list attempts to start, Deskto p Protector alerts you or autom atically closes th e application , depending on the option s you selec[...]

  • Страница 110

    Appendi x D: Advanced Ap plication P rotection Settin gs 102 The Baseline T ab Introd uction The B aseline tab allows you to control how RealSecure Desktop Protector inspects you r system for applicatio n files. The s ystem tree pane The system tr ee pane shows the drives and dir ectories RealSecure Desktop Pr otector has found on your system. T o [...]

  • Страница 111

    The Checksum Extensions Dialog 103 The Checksum Extensions Dialog Introd uction The Ch ecksum Extensi ons dialog enables you to cust omize the appl ication fi le types that RealSecur e Desktop Protector lists when it inspects your system. Desktop Protector determines which f iles are included in the baseline from the file name' s extension (th[...]

  • Страница 112

    Appendi x D: Advanced Ap plication P rotection Settin gs 104[...]

  • Страница 113

    105 Appe ndix E The Main Menu Overview Introd uction The Main Menu appears above the information tabs. This Appen dix explains how to use the menu optio ns to control the appearance and operation of Des ktop Protector features. In this Appe ndix This Appendix contains the following topics: To p i c P a g e The File Menu 106 The E dit Me nu 107 The [...]

  • Страница 114

    Appendi x E: The Main Menu 106 The File Menu Introd uction Use the File menu to contr ol the essential operations of RealSecure Desktop Pr otector. Print... Print sends information from Desktop Protector to your default printer . T o print informati on about an event or intruder: 1. On the Events or Intruders tab, select an event or intruder . 2. C[...]

  • Страница 115

    The Edit Menu 107 The Edit Menu Introd uction U se the Edit menu to manipulate the in trusion records that RealSecur e Deskto p Pr otector gathers. For more informatio n about ways you can use Desktop Protector data, see “ Bac k Tr a c i n g ” on page 50. Cut T o cut an event or in truder: ● On the Events or Intruders tab, click an event or i[...]

  • Страница 116

    Appendi x E: The Main Menu 108 The V iew Menu Introd uction Use the V iew menu to choose what items ar e displayed, and how , on the Events and Intruders lists. Fre eze Stops Desktop Prot ector from refr eshing the tab information. For more information, see “ Freezing the Events list ” on page 49. Filter b y Event Severity Filters the types of [...]

  • Страница 117

    The T ools Menu 109 The T ools Menu Introd uction The T ools menu enables you to configure the application by editing the settings; edit the Advanced Fir ewall settings; start or stop the BlackICE engine; clear the event list; or cha nge ot her pref erenc es. Edit BlackICE Settings... Displays the configurati on tabs that con trol the operation of [...]

  • Страница 118

    Appendi x E: The Main Menu 110 The Help Menu Introd uction The Help menu offers links to the Help, the ISS W eb site, an d information about Desktop Protector. BlackICE Help To p i c s Displays th e Desktop Protector online Hel p. Onlin e Supp ort Starts your W eb browser and points it to a collecti on of frequently asked question s (F AQ) about De[...]

  • Страница 119

    The System T ra y Menu 111 The System T ray Menu Introd uction The sy stem tray menu provides a qu ick way to access some key Desktop Protector functions. Y ou ca n see this menu by right-clicking the Desk top Protector icon in the lo wer right corner of your screen. View BlackICE Event s Opens the Desktop Protector user interface to the Events lis[...]

  • Страница 120

    Appendi x E: The Main Menu 112[...]

  • Страница 121

    113 Index a acc eptin g even ts 39 adap tive protec tion 4 , 92 – 93 adding an entr y 94 addresses blocking and accepting 37 Advanced Applicat ion Control Settings window 1 02 Advanced Fire wall Settings win dow 90 advICE library 110 aler ts choosing 48 , 81 , 83 interpreting 9 responding t o 43 – 44 , 50 , 56 anti- viru s 6 Application Control[...]

  • Страница 122

    Index 114 e Edit menu 107 events accepting 39 , 96 blocking 37 , 96 clearing 48 , 109 deleting 48 filter ing 12 , 48 , 108 find ing 107 freez ing 4 9 , 108 ignoring 40 notific ation 48 Events tab 62 Evidence Log tab 74 evidence logs 11 , 48 clearing 48 , 52 , 109 collecting 52 exe files 103 f File menu 106 filterin g events 12 , 48 , 108 find ing a[...]

  • Страница 123

    Inde x 115 clearing 48 , 54 , 109 collecting 54 Paranoid protection leve l 3 , 70 port s, blocking 40 prerequisites installation 22 printing information 64 , 66 , 91 , 106 profile see base line 1 Prompts t ab 83 prot ection level choosing 34 effect on applicat ions 3 setting dynamically 4 , 92 – 93 r respondi ng to ale r ts 50 response levels 10 [...]

  • Страница 124

    Index 116[...]

  • Страница 125

    117 Internet Security Syste ms, I nc. Softw are License Agreement THIS SOFTW ARE IS LICENSED , NOT S OLD. BY INST ALLING THIS SOFT W AR E, Y OU A GREE T O ALL OF THE PR O V ISIONS OF THIS SOFTW ARE LICENSE A GREEMEN T (“LI CENSE”). IF Y OU ARE NOT WILLING T O BE BOUND BY THIS LICENSE, RETURN ALL COPIES OF THE SOFTW ARE A ND LICENSE KEYS T O ISS[...]

  • Страница 126

    Chapter 0 : 118 13. No High Ris k Use - Licensee a cknowledges that the Soft ware is not fault to lerant and i s not desig ned or intended for use in haz ardous environ ments requ iring fail-saf e operat ion, including, but not limited to, aircraft navigation, air traffic contr ol systems, weapon syst ems, lif e-supp or t systems, nuclear f aciliti[...]