Internet Security Systems Desktop Protector Version 3.5 Manual de usuario Pagina 1

TMDesktop ProtectorUser GuideVersion 3.5

Chapter 1: Introduction to RealSecure Desktop Protector2inbound and outbound traffic on your system for suspicious activity. Desktop Protector blocks

Appendix C: Advanced Firewall Settings92The Local Adaptive Protection TabUse this tab to configure your firewall to switch protection levels dynamical

The Remote Adaptive Protection Tab93The Remote Adaptive Protection TabWhen your firewall detects a connection with a remote system that is using one o

Appendix C: Advanced Firewall Settings94The Add Firewall Entry DialogIntroduction Use this dialog to create or change firewall settings that block or

The Add Firewall Entry Dialog95Add Firewall Entry dialog buttonsThe Add Firewall Entry dialog has these buttons:This button... Has this effect...Add C

Appendix C: Advanced Firewall Settings96The Modify Firewall Entry DialogIntroduction Use this dialog to change a firewall setting that you have set up

The Modify Firewall Entry Dialog97Modify Firewall Entry dialog buttonsThe Modify Firewall Entry dialog has these buttons:This button... Has this effec

Appendix C: Advanced Firewall Settings98

99Appendix DAdvanced Application Protection SettingsOverviewIntroduction The Advanced Application Settings window lets you control which applications

Appendix D: Advanced Application Protection Settings100Advanced Application Settings window menu commandsThe Advanced Application Protection Settings

The Known Applications Tab101The Known Applications TabIntroduction The Known Applications tab shows the application files Desktop Protector has detec

Protection Levels3Protection LevelsIntroduction Protection levels are pre-designed sets of security settings developed for different types of Web use.

Appendix D: Advanced Application Protection Settings102The Baseline TabIntroduction The Baseline tab allows you to control how RealSecure Desktop Prot

The Checksum Extensions Dialog103The Checksum Extensions DialogIntroduction The Checksum Extensions dialog enables you to customize the application fi

Appendix D: Advanced Application Protection Settings104

105Appendix EThe Main MenuOverviewIntroduction The Main Menu appears above the information tabs. This Appendix explains how to use the menu options to

Appendix E: The Main Menu106The File MenuIntroduction Use the File menu to control the essential operations of RealSecure Desktop Protector.Print... P

The Edit Menu107The Edit MenuIntroduction Use the Edit menu to manipulate the intrusion records that RealSecure Desktop Protector gathers. For more in

Appendix E: The Main Menu108The View MenuIntroduction Use the View menu to choose what items are displayed, and how, on the Events and Intruders lists

The Tools Menu109The Tools MenuIntroduction The Tools menu enables you to configure the application by editing the settings; edit the Advanced Firewal

Appendix E: The Main Menu110The Help MenuIntroduction The Help menu offers links to the Help, the ISS Web site, and information about Desktop Protecto

The System Tray Menu111The System Tray MenuIntroduction The system tray menu provides a quick way to access some key Desktop Protector functions. You

Chapter 1: Introduction to RealSecure Desktop Protector4Adaptive ProtectionIntroduction Adaptive Protection automatically adapts each agent's se

Appendix E: The Main Menu112

113Indexaaccepting events 39adaptive protection 4, 92–93adding an entry 94addressesblocking and accepting 37Advanced Application Control Settings wind

Index114eEdit menu 107eventsaccepting 39, 96blocking 37, 96clearing 48, 109deleting 48filtering 12, 48, 108finding 107freezing 49, 108ignoring 40notif

Index115clearing 48, 54, 109collecting 54Paranoid protection level 3, 70ports, blocking 40prerequisitesinstallation 22printing information 64, 66, 91,

Index116

117Internet Security Systems, Inc. Software License Agreement THIS SOFTWARE IS LICENSED, NOT SOLD. BY INSTALLING THIS SOFTWARE, YOU AGREE TO ALL OF TH

Chapter 0:11813. No High Risk Use - Licensee acknowledges that the Software is not fault tolerant and is not designed or intended for use in hazardous

The Desktop Protector Firewall5The Desktop Protector FirewallIntroduction Desktop Protector automatically stops most intrusions according to the prote

Chapter 1: Introduction to RealSecure Desktop Protector6Application ProtectionIntroduction BlackICE protects your computer from unknown applications a

Application Control7Application ControlIntroduction RealSecure Desktop Protector lets you control which applications and related processes can run on

Chapter 1: Introduction to RealSecure Desktop Protector8Communications ControlIntroduction To reduce security risks from potential “Trojan horse” appl

Desktop Protector Alerts9Desktop Protector AlertsIntroduction Your dynamic firewall handles most alerts for you, but you can take additional steps to

Chapter 1: Introduction to RealSecure Desktop Protector10Response levels Desktop Protector reports how it responded to each event by showing a symbol.

Collecting Information11Collecting InformationIntroduction When an intruder attempts to break into your system, RealSecure Desktop Protector can track

Internet Security Systems, Inc.6303 Barfield RoadAtlanta, Georgia 30328-4233United States(404) 236-2600http://www.iss.net © Internet Security Systems,

Chapter 1: Introduction to RealSecure Desktop Protector12Filtering InformationIntroduction You probably won't need to inspect all the information

13Chapter 2Using RealSecure Desktop Protector with ICEcap ManagerOverview Introduction RealSecure Desktop Protector interacts with the ICEcap manageme

Chapter 2: Using RealSecure Desktop Protector with ICEcap Manager14How ICEcap Manager Works With RealSecure Desktop ProtectorIntroduction ICEcap Manag

How ICEcap Manager Works With RealSecure Desktop Protector15locally installed. Silent Desktop Protector installations are always completely ICEcap-con

Chapter 2: Using RealSecure Desktop Protector with ICEcap Manager16How ICEcap Manager Handles InformationIntroduction To help organize information, IC

Transmitting Data to ICEcap Manager17Transmitting Data to ICEcap ManagerIntroduction Desktop Protector must be able to transmit data across your netwo

Chapter 2: Using RealSecure Desktop Protector with ICEcap Manager18Installing Desktop Protector RemotelyIntroduction In addition to managing event inf

Using ICEcap Manager to Control RealSecure Agents19Using ICEcap Manager to Control RealSecure AgentsIntroduction ICEcap Manager manages agents by appl

Chapter 2: Using RealSecure Desktop Protector with ICEcap Manager20

21Chapter 3Setting Up RealSecure Desktop ProtectorOverviewIntroduction This chapter provides instructions for installing and configuring RealSecure De

iiiContentsPreface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chapter 3: Setting Up RealSecure Desktop Protector22Installing RealSecure Desktop ProtectorIntroduction This topic gives instructions for installing D

Installing RealSecure Desktop Protector238. Read the End User License Agreement. If you accept the End User License Agreement, click I Accept, and th

Chapter 3: Setting Up RealSecure Desktop Protector24Stopping Desktop ProtectorIntroduction When you quit the Desktop Protector application, Desktop Pr

Stopping Desktop Protector25Stopping Desktop Protector from the control panel (Windows 2000)To stop Desktop Protector from the Windows 2000 control pa

Chapter 3: Setting Up RealSecure Desktop Protector26Restarting Desktop ProtectorIntroduction You can restart RealSecure Desktop Protector after you ha

Restarting Desktop Protector273. Double-click Services.The Services window appears.4. In the right pane, right-click BlackICE, and then select Start.D

Chapter 3: Setting Up RealSecure Desktop Protector28Uninstalling Desktop ProtectorIntroduction You can remove Desktop Protector from your computer usi

Uninstalling Desktop Protector297. Do you want to remove the remaining intrusion files and delete the directory? If yes, click Yes. If no, click No.

Chapter 3: Setting Up RealSecure Desktop Protector30

31Chapter 4Configuring RealSecure Desktop ProtectorOverview Introduction This chapter provides the procedures to configure RealSecure Desktop Protecto

ivContentsAppendix A: Operating Tabs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Overview . . . . .

Chapter 4: Configuring RealSecure Desktop Protector32Connecting to ICEcap ManagerIntroduction RealSecure Desktop Protector interacts with ICEcap Manag

Connecting to ICEcap Manager33 OK: The local RealSecure agent is successfully exchanging information with ICEcap Manager. Authentication Failure: Th

Chapter 4: Configuring RealSecure Desktop Protector34Setting Your Protection LevelIntroduction Protection levels are predesigned sets of security sett

Using Adaptive Protection35Using Adaptive ProtectionYou can set up your firewall to switch protection levels automatically when it detects a connectio

Chapter 4: Configuring RealSecure Desktop Protector36Note: This can be a single static IP address or a set of addresses that the conference host provi

Blocking Intrusions37Blocking IntrusionsIntroduction Desktop Protector identifies and stops most intrusions according to your preset protection level,

Chapter 4: Configuring RealSecure Desktop Protector38Blocking a Port If you don't have a specific intruder in mind but you are concerned about in

Trusting Intruders39Trusting IntrudersIntroduction When an address is trusted, Desktop Protector assumes all communication from that address is author

Chapter 4: Configuring RealSecure Desktop Protector40Ignoring EventsYou can configure RealSecure Desktop Protector to ignore events that are not a thr

Ignoring Events41For more information, see “The Prompts Tab” on page 83.

vPrefaceOverviewIntroduction This guide is designed to help you use RealSecure Desktop Protector to protect your local system and your network from u

Chapter 4: Configuring RealSecure Desktop Protector42Working with the Application Protection BaselineIntroduction When you install RealSecure Desktop

Working with the Application Protection Baseline433. Repeat for every warning message that appears. The number of messages you see depends on how many

Chapter 4: Configuring RealSecure Desktop Protector44Adding file types to the baselineIf you know of application files on your system that have differ

Working with the Application Protection Baseline45Disabling Application ProtectionTo permanently prevent Desktop Protector from monitoring your system

Chapter 4: Configuring RealSecure Desktop Protector46Configuring Communications ControlIntroduction When you set your communications control preferenc

Configuring Communications Control47For more information about setting your Communications Control preferences, see “The Communications Control Tab” o

Chapter 4: Configuring RealSecure Desktop Protector48Controlling Event NotificationIntroduction You may find that you want regular access to more or l

Controlling Event Notification494. Click OK.For more information about setting your notification preferences, see “The Notifications Tab” on page 81.F

Chapter 4: Configuring RealSecure Desktop Protector50Back TracingIntroduction RealSecure Desktop Protector can track an intruder’s activities to help

Back Tracing51want as much information about the intruder as possible. However, intruders can detect and block a direct trace.Where is the back tracin

PrefaceviRelated publications The following documents are available for download from the Internet Security Systems Web site at www.iss.net.● For info

Chapter 4: Configuring RealSecure Desktop Protector52Collecting Evidence FilesIntroduction RealSecure Desktop Protector can capture network traffic at

Collecting Evidence Files533. Click OK.For more information about setting your evidence logging preferences, see “The Evidence Log Tab” on page 74.

Chapter 4: Configuring RealSecure Desktop Protector54Collecting Packet LogsIntroduction Packet logging records all the packets that enter your system.

Collecting Packet Logs55For more information about choosing your packet logging settings, see “The Packet Log Tab” on page 72.

Chapter 4: Configuring RealSecure Desktop Protector56Responding to Application Protection AlertsIntroduction Programs can start without your knowledge

Exporting Desktop Protector Data57Exporting Desktop Protector DataIntroduction You may want to export RealSecure Desktop Protector data into a spreads

Chapter 4: Configuring RealSecure Desktop Protector58

TMAppendixes

61Appendix AOperating TabsOverviewIntroduction This appendix describes the operating tabs. RealSecure Desktop Protector gathers information and presen

Conventions Used in this GuideviiConventions Used in this GuideIntroduction This topic explains the typographic conventions used in this guide to make

Appendix A: Operating Tabs62The Events TabIntroduction The Events tab summarizes all intrusion and system events on your computer. The tab columns sho

The Events Tab63Optional columns on the Events tabThis table describes optional columns that you can add to the Events tab. To add an optional column,

Appendix A: Operating Tabs64Shortcut commands on the Events tabThis table describes the commands available by right-clicking an item on the Event tab:

The Intruders Tab65The Intruders TabIntroduction The Intruders tab displays all the information RealSecure Desktop Protector has collected about all t

Appendix A: Operating Tabs66Optional columns on the Intruders tabThis table describes the optional columns you can add to the Intruders tab. For infor

The History Tab67The History TabIntroduction The History tab graphs network and intrusion activity on your system.Note: For detailed information about

Appendix A: Operating Tabs68History tab buttons This table describes the buttons on the History tab:This button... Has this effect...Close Closes the

69Appendix BConfiguration TabsOverviewIntroduction You can control some aspects of the way RealSecure Desktop Protector works by changing the settings

Appendix B: Configuration Tabs70The Firewall TabIntroduction Use the Firewall tab to choose how tightly Desktop Protector controls access to your syst

The Firewall Tab71Desktop Protector rejects or blocks communications on port 139. On Windows 2000, this setting also affects port 445.Allow NetBIOS Ne

PrefaceviiiGetting Technical SupportIntroduction ISS provides technical support through its Web site and by email or telephone. The ISS Web site The I

Appendix B: Configuration Tabs72The Packet Log TabIntroduction The Packet Log tab allows you to configure the RealSecure Desktop Protector packet logg

The Packet Log Tab73Packet Log tab buttonsThis table describes the buttons that appear on the Packet Log tab.This button... Has this effect...OK Click

Appendix B: Configuration Tabs74The Evidence Log TabIntroduction When your system is attacked, RealSecure Desktop Protector can capture evidence files

The Evidence Log Tab75Evidence Log tab buttonsThis table describes the buttons that appear on the Evidence Log tab.This button... Has this effect...OK

Appendix B: Configuration Tabs76The Back Trace TabIntroduction Back tracing is the process of tracing a network connection to its origin. When somebod

The Intrusion Detection Tab77The Intrusion Detection TabIntroduction The Intrusion Detection tab allows you to control the IP addresses or intrusions

Appendix B: Configuration Tabs78The ICEcap TabIntroduction The ICEcap tab allows you to manually control how RealSecure Desktop Protector reports intr

The ICEcap Tab79Last Status Shows the result of RealSecure Desktop Protector’s last attempt to check in with the ICEcap server, at the time displayed

Appendix B: Configuration Tabs80ICEcap tab buttons This table describes the buttons that appear on the ICEcap tab.This button... Has this effect...OK

The Notifications Tab81The Notifications TabIntroduction The Notifications tab allows you to control some interface and notification functions.Notific

1Chapter 1Introduction to RealSecure Desktop ProtectorOverviewIntroduction RealSecure Desktop Protector is a comprehensive security solution that help

Appendix B: Configuration Tabs82Notifications tab buttonsThis table describes the buttons that appear on the Notifications tab.This button... Has this

The Prompts Tab83The Prompts TabIntroduction The Prompts tab enables you to choose the level of feedback you want from the RealSecure Desktop Protecto

Appendix B: Configuration Tabs84The Application Control TabIntroduction Use the Application Control tab to prevent unauthorized applications from star

The Application Control Tab85Application Control tab buttonsThis table describes the buttons that appear on the Application Control tab.This button...

Appendix B: Configuration Tabs86The Communications Control TabIntroduction Use the Communications Control tab to prevent programs on your system from

The Communications Control Tab87Cancel Click to discard your changes and return to the Desktop Protector window.Apply Click to save your changes and k

Appendix B: Configuration Tabs88

89Appendix CAdvanced Firewall SettingsOverviewIntroduction You can use the Advanced Firewall Settings window to block intruders or ports or to configu

Appendix C: Advanced Firewall Settings90The Firewall Rules Tab Introduction Use the IP Address tab to create, modify and delete firewall settings for

The Firewall Rules Tab91Buttons The following table describes the buttons on the IP Address tab:Shortcut menu These commands are available when you ri