Internet Security Systems 3.5 manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Internet Security Systems 3.5. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Internet Security Systems 3.5 ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Internet Security Systems 3.5 décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation Internet Security Systems 3.5 devrait contenir:
- informations sur les caractéristiques techniques du dispositif Internet Security Systems 3.5
- nom du fabricant et année de fabrication Internet Security Systems 3.5
- instructions d'utilisation, de réglage et d’entretien de l'équipement Internet Security Systems 3.5
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Internet Security Systems 3.5 ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Internet Security Systems 3.5 et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Internet Security Systems en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Internet Security Systems 3.5, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Internet Security Systems 3.5, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Internet Security Systems 3.5. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    TM Desktop Pr otector User Guide Ve r s i o n 3 . 5[...]

  • Page 2

    Internet Security Systems, Inc. 6303 Barfiel d Road Atlanta, Georgi a 30328-4233 United States (404) 236 -2600 http://www.iss.net © Internet Securit y Systems, Inc. 1999 -2002. All right s reserv ed worldwide. Customers may make r easonable n umbers of copies of this publica tion for inte rnal use only . This public ation may no t otherwise be cop[...]

  • Page 3

    iii Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v Convention s Used in this Guide . . . . . . . . . [...]

  • Page 4

    iv Contents Appendix A : Operat ing Ta bs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 The Events T ab . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Page 5

    v Preface Overview Introd uction This guide is designed to help you us e RealSecure Desktop Pr otector to protect your local system and yo ur network from unwanted intru sions. Scope This guide describes the features of RealSecure Desktop Protector and shows you how to use them. ● Chapter 1 explains how D esktop Protector protects your local syst[...]

  • Page 6

    Pref ace vi Rela ted pub lica tio ns The following documents ar e available for download fr om the Internet Security Systems We b s i t e a t www.iss .net . ● For informati on about working wi th RealSecure Deskt op Protector on a corporate network, see the RealSecure ICEcap Manager User Guide. ● For answers to questio ns about Desk top Protect[...]

  • Page 7

    Conventions Used in this Guide vii Conventions Used in this Guide Introd uction Thi s topic explain s the typogr aphic conventio ns used in th is guide to make informati on in procedur es and commands easier to r ecognize. In pro cedures The typographic conventions used in pr ocedures ar e sh own in the following table: Command conventions The typo[...]

  • Page 8

    Pref ace viii Getting T echnica l Support Introd uction IS S provides technical support through its W eb site and by email or telepho ne. The ISS We b site The Internet Security Systems (ISS) Res ource Center W eb site ( http:// www.i ss.net / suppor t/ ) provides dir ect access to much of the information you need. Y ou can find frequently asked qu[...]

  • Page 9

    1 Chapter 1 Intr oduction to RealSecure Desktop Protector Overview Introd uction Rea lSecure Desktop Protector is a comprehensive security solutio n that helps you protect your system a nd your network from the fol lowing: ● theft of passwords, credit card information, person al files and mo re ● computer downtime and system crash es ● hacker[...]

  • Page 10

    Chapter 1: Introd uction to Real Secur e Desktop Protec tor 2 inbound and outbound tra ffic on your system for suspiciou s activity . Desktop Protector blocks unautho rized activity wit hout affecting normal traffic. Intrus ion de tection RealSecure Desktop Protector contains an int rusion detection system that alerts you to attacks and blocks thre[...]

  • Page 11

    Protectio n Levels 3 Pro tecti on Leve ls Introd uction Protection levels are pr e-designed sets of security settings developed for dif ferent types of W eb us e. Y ou can cho ose to have Desktop Protector block all communications wi th your system, some communications with your system, or no communications with your system. Y ou can change protect[...]

  • Page 12

    Chapter 1: Introd uction to Real Secur e Desktop Protec tor 4 Adapti ve Protection Introd uction A daptive Protection automatically adapts each agent's security level according to the type of network connectio n it is using. For example, you can set Ada ptive Pr otection to use a more r estrictive security level when users are logged on over a[...]

  • Page 13

    The Desktop Protecto r Firewall 5 The Desktop Protector Firewall Introd uction Desk top Protector automa tically stops mos t intrusions according to the protection level you have chos en, but you still may n otice activity that is n't explicitly block ed. Y ou can configure the Desktop Pr otector firewall to incr ease your protection. Y ou can[...]

  • Page 14

    Chapter 1: Introd uction to Real Secur e Desktop Protec tor 6 Applic ation P rot ection Introd uction BlackICE protects your computer from unknown applications and from applications connecting to a network , such as the Internet. How the baseline works First, BlackICE creates a baseline record (also known as a checksum) of the applicati ons install[...]

  • Page 15

    Application Cont rol 7 Applic atio n Cont rol Introd uction Rea lSecure Desktop Protector lets you cont r ol whic h applications and related processes can r un on you r syst em. So metime s a p rogr am may be in stall ed on y our sy stem withou t your knowledge. Many of th ese pr ograms are useful or harmless. However , some of these programs can p[...]

  • Page 16

    Chapter 1: Introd uction to Real Secur e Desktop Protec tor 8 Communica tions Control Introd uction T o reduce security risks fr om po tential “ Tr o j a n h o r s e ” applications on you r system, RealSecur e Desktop Protector lets you choose which applicatio ns or pr ocesses can access a network, such a s the Internet or a local area network.[...]

  • Page 17

    Desktop Pr otector Alert s 9 Desktop Protector Alerts Introd uction Y our dynamic firewall handles most al erts for you, but you can take ad ditional steps to make its responses even more effective. The information in this topic may help you determine which events merit your attention . Severity levels Some network events ar e more dan gerous than [...]

  • Page 18

    Chapter 1: Introd uction to Real Secur e Desktop Protec tor 10 Response levels Desktop Protector r e ports how it respo nded to each event by showing a symbol. The symbol fo r a response can appea r two ways: ● as an icon beside the event ● as a m ark ove r the se verity level icon This table describes Des ktop Protector response level icons an[...]

  • Page 19

    Col lect ing In form at ion 11 Collect ing Information Introd uction Wh en an intruder attempts to break into your system, R ealSecure Desktop Protector can track the intruder ’ s activities. Y ou can use this information to determin e what an intruder did to your comp uter . This section explains how to ga ther and use this informat ion. Back T [...]

  • Page 20

    Chapter 1: Introd uction to Real Secur e Desktop Protec tor 12 Filtering Information Introd uction Y ou probably w on't need to inspect all the informatio n RealSecure Desktop Protector gathers abou t the Internet traffic that reaches your system. Y ou can use the co nfiguration tabs to control how much information app ears on the inform ation[...]

  • Page 21

    13 Chapter 2 Using RealSecure Desktop Pr otector with ICEcap Manager Overview Introd uction Rea lSecure Desktop Protector interacts with the ICEcap ma nagement and reporting console to pr ovide enterprise-wide security monitoring and management. This chapter provides the backgr ound knowledge requir ed for setting up connections between Desktop Pro[...]

  • Page 22

    Chap ter 2 : Us ing Re alSec ure De sktop Protecto r wit h ICEc ap Ma nager 14 How ICEcap Ma nager W orks W ith RealS ecure Desktop Pro tector Introd uction ICEcap Ma nager interacts with agents in two ways: ● Collecting a nd managing informati on. As each Re alSecure agent detects even ts, it forwar ds information about those event s to the ICEc[...]

  • Page 23

    How ICEcap Manager Works With RealSecure Deskto p Protector 15 locally ins talled. Silent D esktop Protector installations are always completely ICEcap- controlled. For more in formation a bout silent agent installation s, see the RealSe cure ICEcap Manage r Use r Guide . This table summarizes the levels of control ICEcap Ma nager can exert over an[...]

  • Page 24

    Chap ter 2 : Us ing Re alSec ure De sktop Protecto r wit h ICEc ap Ma nager 16 How ICEcap Ma nager Handles In format ion Introd uction T o help organi ze information, ICE cap Manager categori zes agents and the events they rep o r t i n t o accoun ts and groups . T o report an event, a RealSecur e agent must be ass igned to a gr oup withi n an ICEc[...]

  • Page 25

    T r ansmitting D ata to I CEcap Manager 17 T r ansm itting Data to ICEca p Manager Introd uction Desk top Protector must be able to tra nsmit data a cr oss you r network to t he ICEcap server . Agents can repo rt to the ICEcap server by one of thr ee methods: ● over the Internet ● over a V irtual P rivate Netw ork ● through a proxy server Rep[...]

  • Page 26

    Chap ter 2 : Us ing Re alSec ure De sktop Protecto r wit h ICEc ap Ma nager 18 Installi ng Desktop Protector Remot ely Introd uction In a ddition to mana ging event informa tion, ICEcap Manag er can install De sktop Protector software on remote systems. This can include systems with the Local Console or “ silent ” installatio ns that include on[...]

  • Page 27

    Using ICEcap Manager to Control RealSecu re Agents 19 Using IC Ecap Ma nager to Con trol R ealSe cure Agen ts Introd uction ICE cap Manager mana ges agents by apply ing policies to groups of agents. Any configuratio n change made to a group is distributed to al l the members of that group. This reduces the effort r equired to support remotely insta[...]

  • Page 28

    Chap ter 2 : Us ing Re alSec ure De sktop Protecto r wit h ICEc ap Ma nager 20[...]

  • Page 29

    21 Chapter 3 Setting Up RealSecure Desktop Pro tector Overview Introd uction Thi s chapter provides instructions for in stalling and con figuring RealSecure Deskt op Protector locally . For informat ion about insta lling Desktop Protector from ICEcap Manager , see the RealSecur e ICEcap Manager User Guide . In this ch apter This chapter contai ns t[...]

  • Page 30

    Chapter 3: Setting Up RealSec ure Desk top Pr otector 22 Instal ling Real Secure Deskt op Protector Introd uction Thi s topic gives instructio ns for installing D esktop Protector. Local or remote installation Y ou can install R ealSecure Desktop Protector locall y at your agent compu ter or r emotely from RealSecure ICEcap Man ager . In most cases[...]

  • Page 31

    Installing RealSecure Desktop Protector 23 8. Read the End User Licen se Agreement. ■ If you accept the End User License Agr eement, click I Accept , and then go to Step 9 . ■ If you do not accept the End User License Agreement, click I De cline . The setup program exits. 9. Enter the license key pr ovided by your ICEcap admini strator . Each a[...]

  • Page 32

    Chapter 3: Setting Up RealSec ure Desk top Pr otector 24 Stoppi ng Des ktop Protect or Introd uction Wh en you quit the Desktop Protector applicatio n, Desktop Protector does not stop monitorin g your system. T o stop Desktop Protector from monitoring for int rusions and to stop protecting your s ystem against u nknown or m odified applicatio ns, y[...]

  • Page 33

    Stoppin g Desktop Protector 25 Stopping Desktop Protec tor fro m the control panel (W indows 2000 ) T o stop Deskto p Protector from the W indo ws 2000 cont rol panel: 1. Click Start Æ Settings Æ Control Panel . 2. Do uble-click Administrative T ool s . 3. Do uble-click Services . The Services window appears . 4. In the right pane, right-click Bl[...]

  • Page 34

    Chapter 3: Setting Up RealSec ure Desk top Pr otector 26 Restarting Desk top Protector Introd uction Y ou can restart RealS ecur e Desktop P rotector after you have stopped it, or you can let Desktop Protector restart automa tically when you r estart yo ur computer . Note: Opening the Desktop Pro tector window does not make Deskto p Pr otector resu[...]

  • Page 35

    Restarting Desktop Protector 27 3. Do uble-click Services . The Services window appears . 4. In the right pane, right-click Black ICE , and then s elect Start . Desktop Protector resumes monitoring incoming tra ffic. The r ed line disappear s fr om the Desktop Protector icon. 5. In the right pane, right-click RapApp , and then sele ct Start . Deskt[...]

  • Page 36

    Chapter 3: Setting Up RealSec ure Desk top Pr otector 28 Uninstalli ng Desktop Protect or Introd uction Y ou can remove Desktop Protector from your computer us ing the W in dows Add/Re move Programs Utility or the Bla ckICE Agentremove utility . Impo rt ant: Use the agentre move .exe utility only if you are unable to remove Deskt op Protector thr o[...]

  • Page 37

    Uninstalling Desktop Protector 29 7. Do you want to remove the remaining in trusion files and d elete the directory? ■ If yes , click Ye s . ■ If no , click No . 8. Click Fin ish . The system removes Desktop Protector f r om yo ur system. Uninstalling Desk top Protec tor using th e agentr emo ve.exe utility T o r emove Desk top Protector using [...]

  • Page 38

    Chapter 3: Setting Up RealSec ure Desk top Pr otector 30[...]

  • Page 39

    31 Chapter 4 Configuring RealSecure Desktop Pro tector Overview Introd uction Thi s chapter pr o vides the pro cedures to configure R ealSecure Desktop Pr otector for your specific conditions. These pr ocedures ar e designed to be performed in sequence. In this ch apter This chapter incl udes the following topics : To p i c P a g e Connectin g to I[...]

  • Page 40

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 32 Connecting to IC Ecap Manager Introd uction Rea lSecure Desktop Protector interacts with ICEcap Ma nager managemen t and reporting console to pr ovide enterprise-wide security monitoring and management. If ICEcap Manager appli cation has gran ted local control, you can use the ICEcap tab to[...]

  • Page 41

    Connecting to ICE cap Manager 33 ■ OK: The local RealSecure agent is successfully exchanging information with ICEcap Manager . ■ Auth en tica tio n Fail ure : The agent may have an incorrect acco unt name or passwor d. Re-enter the a ccount, gr oup, and passwor d values and tes t again. If this erro r persists, check with your ICEcap administra[...]

  • Page 42

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 34 Setting Y our Protecti on Level Introd uction Protection levels are pr edesigned sets of security settings developed for differ ent types of W eb us e. Y ou can cho ose to have Desktop Protector block all communications wi th your system, some communications with your system, or no communic[...]

  • Page 43

    Using A daptive Pr otection 35 Using Ad aptive Protecti on Y ou ca n set up your firewall to switch protection levels automa tically when it de tects a connection with a remote computer . T o do this, choose one of the procedures in this to pic. Setting adaptive protec tion from insi de th e corp orate network T o switch to the T rusting protection[...]

  • Page 44

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 36 Note: This can be a single static IP ad dress or a set of add r esse s that the con ference host provides. 6. Click OK . Y our firewall is configu r ed to sw itch to Cautious w hen you connect to yo ur corporate network from your remote location.[...]

  • Page 45

    Blocki ng Intrusions 37 Blocking In trusions Introd uction Desk top Protector identifies and stops most intrusions accor ding to your preset protection level, but you may still notice activity that isn't explicitly blocked. This to pic explains how to handle int rusions from a particular address or intrusions th at use a particular protoc ol. [...]

  • Page 46

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 38 Blocking a Port If you don't have a specific in truder in mind but you are concerned about intrusion attempts usin g a particular internet protocol, yo u can block the port that protocol uses . Adding a port entry to your fir ewall ensures that no traf fic from any IP address can enter[...]

  • Page 47

    T rusting I ntrud ers 39 T r usting Intruders Introd uction Wh en an address is trusted, Desk top Protector assum es all commu nication from that addres s is authorized and e xcludes the addres s from any intrusion detection. T rusting ensures that Desktop Protector does not block systems whose i ntrusions may be useful to you . Y ou ca n ch oose t[...]

  • Page 48

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 40 Ignoring Events Y ou ca n configure RealSecure Desktop Protector to ignore events that are not a threat to your syste m. Note: Ignoring an event is differ ent from tr usting an intruder . Ignoring disregar ds certain kinds of events. When an event type is ignored, Desktop Protector does not[...]

  • Page 49

    Ignoring Events 41 For more in form at ion, se e “ The Prompts T ab ” on page 83.[...]

  • Page 50

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 42 W orking with the Appl icatio n Protectio n Baseli ne Introd uction Wh en you insta ll RealSecu re Desktop Protector, it creates a bas eline recor d (also known a s a checksum) of the applications insta lled on your computer . De sktop Protector uses this informatio n to prevent any unautho[...]

  • Page 51

    Wor king with t he Application Pro tection Baseline 43 3. Repeat for every warning message that appears. The number of messages you see depends on ho w many files the appli cation runs. BlackI CE will not display the warning me ssages again unless the application cha nges. Build ing your baseline o ver time Desktop Protector can learn your applicat[...]

  • Page 52

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 44 Adding file types to the baselin e If you know of ap plication files o n your system that h ave differ ent extension s, you can add those extensions befor e crea ting your baseline. T o search fo r additional f ile types: 1. On the Des ktop Protector T ool s menu, select Advanced A pplicati[...]

  • Page 53

    Wor king with t he Application Pro tection Baseline 45 Disabling Application Protec tion T o permanently prevent Desktop Protector fr om monitoring your system for unauthorized a pplications, follow this procedure: 1. On the T o ols menu, select Edi t BlackICE Settin gs , and then select the Applicatio n Control tab. 2. Clear Enable Applicat ion Pr[...]

  • Page 54

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 46 Configuring Co mmunications Co ntrol Introd uction Wh en you set your commun ications control prefere nces, you esta blish a rule for RealSecur e Desktop Pr otector to fo llow whenever an appl ication trie s to access a ne twork without yo ur approval. Y ou have the option of termina ting t[...]

  • Page 55

    Configuring C ommunications Control 47 For more information about setting your Communications Control pr eferences, see “ The Communica tions C ontrol T ab ” on page 8 6.[...]

  • Page 56

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 48 Contr oll ing Even t Notif icat ion Introd uction Y ou m ay find that yo u want regular access to more or less inf ormation than R ealSecure Desktop Protector sh ows by defau lt. Y o u can use the Desktop Pr otector configuration t abs to control the followin g: ● how much informatio n ap[...]

  • Page 57

    Cont rolli ng Ev ent No tifi cati on 49 4. Click OK . For more information about setting your notification pref erences, see “ The Notifications Ta b ” on page 81 . Freezi ng the Ev ents list Freezing the Events lis t stops Desktop Protector from refreshing the tab informatio n until you unfreeze it. However , freezing does not stop the m onito[...]

  • Page 58

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 50 Back T racing Introd uction Rea lSecure Desktop Protector can track an intruder ’ s activities to help yo u determine what an intruder did to your computer . This topic explains h ow to gather and use this informatio n. How does back tracing wor k? Back tracing is the process of tracing a[...]

  • Page 59

    Back T racing 51 want as much inf ormation about the intruder as possible. However , intruders can detect and block a dir ect trace. Wher e is the back tracing information? Back tracing in formation appears in two places: ● in the informatio n pane of the Intruder tab ● in standard text files in the Hosts folder in the dir ecto ry where Desktop[...]

  • Page 60

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 52 Collecting Evidence Files Introd uction Rea lSecure Desktop Protector can capture network traffic attributed to an intrusion and place that information into an evidence file. Desktop Pr otector captures and deco des each packet coming into the system, so it ca n generate files that contain [...]

  • Page 61

    Collecting Evidence Files 53 3. Click OK . For more information about setting yo ur evidence logging preferences, see “ The Evidence Log T ab ” on page 74.[...]

  • Page 62

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 54 Collecting Packet Logs Introd uction Pa cket logging records all the packets that ent er your system. This can be usef ul if you need more detailed info rmation than evidence logs contain. Where are my packet log files? Desktop Protector packet log files ar e stored in the installation dire[...]

  • Page 63

    Collectin g Packet Logs 55 For more information about choosing your packet logg ing settings, see “ The Packet Log Ta b ” on page 72 .[...]

  • Page 64

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 56 Responding to Application Protection Alerts Introd uction Prog rams can star t withou t your knowl edge. T he Appli cation Pr otecti on com ponent may be triggered when you start a new program through the Star t menu or by clicking a shortcut, but it may a lso be triggered by a pr ogram tha[...]

  • Page 65

    Exporting Desktop Protecto r Data 57 Exportin g Deskto p Protector Data Introd uction Y ou m ay want to export RealSecure Desktop Protector data into a spreadsheet pr ogram or word pr ocessor to lo ok at the intrusion a ctivity on your system. Proce dure To e x p o r t d a t a : 1. Copy or cut th e selected information to place it on the clipboard.[...]

  • Page 66

    Chapter 4 : Configuring RealS ecure D esktop Pr otector 58[...]

  • Page 67

    TM Appendixes[...]

  • Page 68

    [...]

  • Page 69

    61 Appe ndix A Operating T abs Overview Introd uction Thi s appendix describes the operating tabs . RealSecure Desktop Protector gathers information a nd pr esents it on the Events tab, the Int ruders tab and the History tab. In this appe ndix This appendix contains the follo wing topics: Ta b P a g e The E vents T ab 62 The Intruders T ab 65 The H[...]

  • Page 70

    Appe nd ix A : Ope rat ing T abs 62 The Events T a b Introd uction The Events tab summarizes all intrusion and system events on your computer . The tab columns sh ow the time, type, and severity of an event; the intruder's na me and IP address; how Desktop Protector has responded to the event, and other in formation. Customizi ng information T[...]

  • Page 71

    The Events T ab 63 Optiona l column s on the Event s tab This table describes opt ional columns that yo u can add to the Events tab. T o add an optional column, right-click any column head ing and select Co lumns... This column ... Contain s this inf ormation... TCP Flag s Data in th e pac ke t header sp ecifying th e intended treat ment of the pac[...]

  • Page 72

    Appe nd ix A : Ope rat ing T abs 64 Shortcut comma nds on the Event s tab This table describes the commands available by right-clicking an item on the Event tab: Butt ons on the Event s tab This table describes the but tons that appear on the Intruders tab: This comma nd... Has thi s effect.. . Ignore Ev ent T o ignore an e vent, right -clic k an e[...]

  • Page 73

    The Intruders T ab 65 The Intruders T ab Introd uction The Int ruders tab displays al l the informatio n RealSecure Desktop Protector has collected about all th e intruders who have ini tiated events on your sys tem. This informa tion helps you determine the severity and location of each intruder . Sorting By default, the intruder list is sorted fi[...]

  • Page 74

    Appe nd ix A : Ope rat ing T abs 66 Optiona l column s on the Intr uders tab This table describes the o ptional columns yo u can add to the Intruders tab. For informatio n about addin g optional colum ns to the display , see “ Showing an d hidin g columns ” on page 49. Butt ons on the Intrud ers tab This table describes the but tons that appear[...]

  • Page 75

    The His tory T ab 67 The History T ab Introd uction The Hi story tab graphs netw ork and intrusion activity on your system. Note: For detailed informa tion about activi ty on the Events gra ph, click the graph near the marker that shows the tim e you ar e interested in. The Events tab appears, with the intrusion closes t to that time hi ghlighted. [...]

  • Page 76

    Appe nd ix A : Ope rat ing T abs 68 Histo ry tab butto ns This table desc ribes the buttons on the Hi story tab: This button ... Has this effect... Close Closes th e main Des ktop Protec tor windo w . The detection a nd protectio n engine re mains a ctiv e. Help Displays the Help . T able 19: History tab buttons[...]

  • Page 77

    69 Appe ndix B Configuration T abs Overview Introd uction Y ou can cont r ol some aspects of the way RealSecu r e Desktop Protector works by changin g the settings on the configuration tabs. In this Appe ndix This appendix con tains the followi ng topics: To p i c P a g e The Fire wall T ab 70 Th e Packe t L og T a b 72 The E viden ce Log T ab 74 T[...]

  • Page 78

    Appendi x B: Config uration T abs 70 The Firewall T ab Introd uction U se the Firewall tab to choose how tig htly Desktop P rotector controls access to your system. Note: If your computer is reporting intrusion events to ICEcap Manager and local configuratio n editing has been di sabled, you cann ot set any options on th e Firewall tab from the loc[...]

  • Page 79

    The Firewall T ab 71 Desktop P rotector rejects or blocks co mmunicati ons on p ort 139. On W indow s 2000, th is setting also af fects port 445. Allow NetBIOS Neighbo rhood Select this optio n to allow your system to appear in the Network Nei ghborhood of other computers. Clear thi s opti on to h ide a c ompute r fr om the Netw ork Ne ighbor hood.[...]

  • Page 80

    Appendi x B: Config uration T abs 72 The Packet Log T ab Introd uction The Pa cket Log tab allows you to configure the RealSecure Desktop Protector packet logging featu res. When packet logging is enabl ed, Desktop Protector recor ds all th e network traffic that passes through yo ur system. Packet logs or evidence logs? Because they contain a r ec[...]

  • Page 81

    The Packet Log T ab 73 Pack et Log ta b button s This table describes the but tons that appear on the Pack et Log tab. This b utton... Has this effe ct... OK Clic k to sa ve y our chang es and re tur n to t he main De sktop Prot ecto r wi ndow . Cancel Clic k to dis card y our chan ges and return to the Deskt op Prot ecto r wi ndow . Apply Clic k t[...]

  • Page 82

    Appendi x B: Config uration T abs 74 The Evidence Log T a b Introd uction Wh en your system is attacked, RealSecur e Desktop Pr otector can capture evidence files that recor d network traf fic from the intruding system. E vidence files recor d the specific packet that set off a protection r espon se. This can be a good way to in vestigate intrusion[...]

  • Page 83

    The Evidence Log T ab 75 Eviden ce Log tab button s This table describes the but tons that appear on the Evidence Log tab. This button ... Has this effect... OK Click to sav e your c hanges a nd return to the m ain Deskt op Pro tecto r wi ndow . Cancel Click to discard your changes and return to the Desktop Pro tecto r wi ndow . Apply C lick to sav[...]

  • Page 84

    Appendi x B: Config uration T abs 76 The Back T race T ab Introd uction B ack tracing is the process of tracing a network conn ection to its origin . When somebody connects to your system over a network such as the Internet, your system and the intruder's system exchange packets . Before an intr uder's packets reach your sy stem, they tra[...]

  • Page 85

    The Intr usion D etection T ab 77 The In trusion Det ectio n T ab Introd uction The In trusion Detection tab al lows you to control the IP addresses or intrusions the Desktop Protector engine tru sts or ignores. For informati on about trusting an d ignoring, see “ T rusting Intruders ” on page 39 and “ Igno ring Even ts ” on pa ge 40. Intru[...]

  • Page 86

    Appendi x B: Config uration T abs 78 The ICEcap T ab Introd uction The ICEcap tab allo ws you t o manuall y control how RealS ecure Desktop Protector reports intrusion informat ion to an ICEcap server . Wh en ICEcap reporting is enabled, all events are r eported to an ICEcap server for enterprise-wide repo rting and analysis. For more information, [...]

  • Page 87

    The ICEcap T ab 79 Last Statu s Sho ws the resul t of RealSec ure Desktop Protector ’ s last a ttemp t to chec k in with th e ICEcap se r v er , at the time displa ye d in the Time field. One o f these res ults app ears: • OK : Y ou r compute r is com municat ing normally with ICEcap Manag er . • A uthenticati on Fail ure : The age nt wa s un[...]

  • Page 88

    Appendi x B: Config uration T abs 80 ICE cap tab button s This table describes the but tons that appear on th e ICEcap tab. This b utton... Has this effect... OK Clic k to sa ve y our changes and return to the m ain Desk top Protector wi ndow . Cancel Click to d iscard y our changes an d return to the D esktop Protector wi ndow . Apply Clic k to sa[...]

  • Page 89

    The No tifi cati ons T ab 81 The Noti ficati ons T ab Introd uction The No tifications tab allow s you to control some interface and notificatio n functions. Notificat ion settin gs This table describes the s ettings you can configure on the Notificatio ns tab: For more information about cho osing you r notification settin gs, see “ Contr ollin g[...]

  • Page 90

    Appendi x B: Config uration T abs 82 Notificati ons tab button s This table describes the but tons that appear on the Notif ications tab. This b utton... Has this effect... OK Clic k to sa ve y our changes and return to the m ain Desk top Protector wi ndow . Cancel Click to d iscard y our changes an d return to the D esktop Protector wi ndow . Appl[...]

  • Page 91

    The Prompts T ab 83 The Prom pts T a b Introd uction The Prompts tab enables you to choose the level of feedback you want fr om the RealSecure Desktop Protector user interface. Prompts tab settin gs This table describes the s ettings on the Prompts tab: This setting... Has this effec t... Show Confirm Dialog s Select this option t o hav e Desktop P[...]

  • Page 92

    Appendi x B: Config uration T abs 84 The Ap plicat ion Control T ab Introd uction U se the Application Control tab to pr event unautho rized applications from starting on your syste m. Enable Application Protec tion When Enable Appl ication Protect ion is selected, Desktop Protector monitors your system for unauthori zed applications. Th is option [...]

  • Page 93

    The App lic atio n C ont rol T ab 85 Application Cont rol tab butt ons This table describes the but tons that appear on th e Application Control tab. This b utton... Has this eff ect... OK Click to sa v e you r changes and return to the main Deskto p Pro tect or wi ndow . Cancel Click to discard y our changes and return to the D esktop Pro tect or [...]

  • Page 94

    Appendi x B: Config uration T abs 86 The Co mmunic ation s Contr ol T ab Introd uction Use the Communications Control tab to pr event programs on your system fr o m contacting a network withou t your knowledge. Enable Application Protec tion When Enable Applicati on Protection is selected, the RealSecure Desktop Pr otector Application Protection co[...]

  • Page 95

    The Communications Control T ab 87 Cancel Click to discard your changes and ret urn to the Desk top Pro tect or wi ndow . Apply Clic k to sa ve y our cha nges and keep the curren t tab open . Help Dis pla ys the onli ne Help f or this tab . This button ... Has this effec t...[...]

  • Page 96

    Appendi x B: Config uration T abs 88[...]

  • Page 97

    89 Appe ndix C Advanced Fir ewall Settings Overview Introd uction Y ou ca n use the Advanced Firewall Settings window to bloc k intruders or ports or to configure Desktop Protector to dynamically switch protection levels. ● When you block an intruder , RealSecure Desktop Protector creates an IP a ddress entry in your firewall that pr events all t[...]

  • Page 98

    Appendi x C: Advanced Firewall Settin gs 90 The Firewall Rules T ab Introd uction Use the IP Address ta b to create, modify and delete fir ewall settings fo r IP addres ses and ports. Add an d remove addresses or po rts from the firewall list as ne cessary to mo dify and protect your syst em. Caution: This firewall editor is intended only for users[...]

  • Page 99

    The Firewall Rules T ab 91 Butt ons The following table describes the buttons on the IP Addr ess tab: Shortcut menu These commands ar e available when you right-click an item in the firewall list: Note: The Accept and Reject settings produce differ ent shortcut option s. This b utton... Has this effect... Options T o be notifie d when De sktop Prot[...]

  • Page 100

    Appendi x C: Advanced Firewall Settin gs 92 The Local A daptive Protectio n T a b Use this tab to conf igure your firewall to switch protection levels dyna mically . When your firewall detects a conn ection, and you r computer is using one of the IP ad dresses specified on this tab, yo ur firewall automatically sw itches to the appropriate protecti[...]

  • Page 101

    The Remote Adaptive Protection T ab 93 The Remote Adaptive Protection T ab When your firewall detects a connection w ith a r emote system that is using one of the IP addresses specified on th is tab, your firewall automa tically switches to the appropriate pr otect ion l evel. Option s This table describes the optio ns available on the Ad aptive Pr[...]

  • Page 102

    Appendi x C: Advanced Firewall Settin gs 94 The Add Firewall Entry Dialog Introd uction Use this dialog to create or change fir ewall settings that block or accept IP addresses. Add Firew all Entry dialog s etting s The Add Fir ewall Entry dialog feat ures the se fields: This field... Contains... Name The desc riptiv e name f or the filter . It is [...]

  • Page 103

    The Add Firewall Entry Dialog 95 Add Firew all Entry dialog button s The Add Fir ew all Entry dialog has these button s: This b utton... Has this effect... Add Clic k to creat e the fire wall entry . Cancel Closes the windo w without sa ving the setti ng. T able 32: Add Firewall Settings dialog buttons[...]

  • Page 104

    Appendi x C: Advanced Firewall Settin gs 96 The Modify Firewall Entr y Dialog Introd uction U se this dialog to chang e a firewall setting that you have set up previous ly . Modify Firew all Entr y dial og settin gs The Modify Fir ewall Entry dialog features these fields: This field... Contains... Name The desc riptiv e name f or the filter . It is[...]

  • Page 105

    The Modify Fi rewall Entry Dialog 97 Modify Firew all Entr y dialog button s The Modify Firewall Entry dialog has th ese buttons: This b utton... Has this effect... Add Clic k to creat e the fire wall entry . Cancel Closes the windo w without sa ving the setti ng. T able 34: Modify Firewall Settings dialog buttons[...]

  • Page 106

    Appendi x C: Advanced Firewall Settin gs 98[...]

  • Page 107

    99 Appe ndix D Advanced Application Protection Settings Overview Introd uction The A dvanced Applicatio n Settings win dow lets you control which applicat ions can start on your system and which a pplications can co nnect to a network, such as the Internet. ● For informat ion about co ntrolling application s on your sy stem, see “ W orking w it[...]

  • Page 108

    Appendi x D: Advanced Ap plication P rotection Settin gs 100 Advanced Applicatio n Settings window menu commands The Advanced Application Pr otection Settings window features these menus: This comma nd... Has this eff ect... File men u Run Bas eline Ex ecutes t he choices you hav e made on the Baseline tab . Sav e Changes R ecords th e setting s yo[...]

  • Page 109

    The Kno wn Appl icat ion s T ab 101 The Known Ap plicat ions T ab Introd uction The K nown Applicati ons tab shows the application files Desktop Protector has detected on your sys tem. If an applicati on not on th is list attempts to start, Deskto p Protector alerts you or autom atically closes th e application , depending on the option s you selec[...]

  • Page 110

    Appendi x D: Advanced Ap plication P rotection Settin gs 102 The Baseline T ab Introd uction The B aseline tab allows you to control how RealSecure Desktop Protector inspects you r system for applicatio n files. The s ystem tree pane The system tr ee pane shows the drives and dir ectories RealSecure Desktop Pr otector has found on your system. T o [...]

  • Page 111

    The Checksum Extensions Dialog 103 The Checksum Extensions Dialog Introd uction The Ch ecksum Extensi ons dialog enables you to cust omize the appl ication fi le types that RealSecur e Desktop Protector lists when it inspects your system. Desktop Protector determines which f iles are included in the baseline from the file name' s extension (th[...]

  • Page 112

    Appendi x D: Advanced Ap plication P rotection Settin gs 104[...]

  • Page 113

    105 Appe ndix E The Main Menu Overview Introd uction The Main Menu appears above the information tabs. This Appen dix explains how to use the menu optio ns to control the appearance and operation of Des ktop Protector features. In this Appe ndix This Appendix contains the following topics: To p i c P a g e The File Menu 106 The E dit Me nu 107 The [...]

  • Page 114

    Appendi x E: The Main Menu 106 The File Menu Introd uction Use the File menu to contr ol the essential operations of RealSecure Desktop Pr otector. Print... Print sends information from Desktop Protector to your default printer . T o print informati on about an event or intruder: 1. On the Events or Intruders tab, select an event or intruder . 2. C[...]

  • Page 115

    The Edit Menu 107 The Edit Menu Introd uction U se the Edit menu to manipulate the in trusion records that RealSecur e Deskto p Pr otector gathers. For more informatio n about ways you can use Desktop Protector data, see “ Bac k Tr a c i n g ” on page 50. Cut T o cut an event or in truder: ● On the Events or Intruders tab, click an event or i[...]

  • Page 116

    Appendi x E: The Main Menu 108 The V iew Menu Introd uction Use the V iew menu to choose what items ar e displayed, and how , on the Events and Intruders lists. Fre eze Stops Desktop Prot ector from refr eshing the tab information. For more information, see “ Freezing the Events list ” on page 49. Filter b y Event Severity Filters the types of [...]

  • Page 117

    The T ools Menu 109 The T ools Menu Introd uction The T ools menu enables you to configure the application by editing the settings; edit the Advanced Fir ewall settings; start or stop the BlackICE engine; clear the event list; or cha nge ot her pref erenc es. Edit BlackICE Settings... Displays the configurati on tabs that con trol the operation of [...]

  • Page 118

    Appendi x E: The Main Menu 110 The Help Menu Introd uction The Help menu offers links to the Help, the ISS W eb site, an d information about Desktop Protector. BlackICE Help To p i c s Displays th e Desktop Protector online Hel p. Onlin e Supp ort Starts your W eb browser and points it to a collecti on of frequently asked question s (F AQ) about De[...]

  • Page 119

    The System T ra y Menu 111 The System T ray Menu Introd uction The sy stem tray menu provides a qu ick way to access some key Desktop Protector functions. Y ou ca n see this menu by right-clicking the Desk top Protector icon in the lo wer right corner of your screen. View BlackICE Event s Opens the Desktop Protector user interface to the Events lis[...]

  • Page 120

    Appendi x E: The Main Menu 112[...]

  • Page 121

    113 Index a acc eptin g even ts 39 adap tive protec tion 4 , 92 – 93 adding an entr y 94 addresses blocking and accepting 37 Advanced Applicat ion Control Settings window 1 02 Advanced Fire wall Settings win dow 90 advICE library 110 aler ts choosing 48 , 81 , 83 interpreting 9 responding t o 43 – 44 , 50 , 56 anti- viru s 6 Application Control[...]

  • Page 122

    Index 114 e Edit menu 107 events accepting 39 , 96 blocking 37 , 96 clearing 48 , 109 deleting 48 filter ing 12 , 48 , 108 find ing 107 freez ing 4 9 , 108 ignoring 40 notific ation 48 Events tab 62 Evidence Log tab 74 evidence logs 11 , 48 clearing 48 , 52 , 109 collecting 52 exe files 103 f File menu 106 filterin g events 12 , 48 , 108 find ing a[...]

  • Page 123

    Inde x 115 clearing 48 , 54 , 109 collecting 54 Paranoid protection leve l 3 , 70 port s, blocking 40 prerequisites installation 22 printing information 64 , 66 , 91 , 106 profile see base line 1 Prompts t ab 83 prot ection level choosing 34 effect on applicat ions 3 setting dynamically 4 , 92 – 93 r respondi ng to ale r ts 50 response levels 10 [...]

  • Page 124

    Index 116[...]

  • Page 125

    117 Internet Security Syste ms, I nc. Softw are License Agreement THIS SOFTW ARE IS LICENSED , NOT S OLD. BY INST ALLING THIS SOFT W AR E, Y OU A GREE T O ALL OF THE PR O V ISIONS OF THIS SOFTW ARE LICENSE A GREEMEN T (“LI CENSE”). IF Y OU ARE NOT WILLING T O BE BOUND BY THIS LICENSE, RETURN ALL COPIES OF THE SOFTW ARE A ND LICENSE KEYS T O ISS[...]

  • Page 126

    Chapter 0 : 118 13. No High Ris k Use - Licensee a cknowledges that the Soft ware is not fault to lerant and i s not desig ned or intended for use in haz ardous environ ments requ iring fail-saf e operat ion, including, but not limited to, aircraft navigation, air traffic contr ol systems, weapon syst ems, lif e-supp or t systems, nuclear f aciliti[...]