administering internet shield. page 2 agenda what can internet shield be used for? administering...
TRANSCRIPT
![Page 1: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/1.jpg)
ADMINISTERING INTERNET SHIELD
![Page 2: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/2.jpg)
Page 2
Agenda
What can Internet Shield be used for?
Administering Internet Shield
• Firewall configuration
• Network Quarantine configuration
• Application Control configuration
• Intrusion Prevention configuration
![Page 3: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/3.jpg)
Page 3
Internet Shield…What For?
Internet Shield protects computers from unauthorized access from
the internet, as well as attacks originating from inside the LAN
Core protection components and purpose
• Firewall
• Restrict traffic based on used protocols and ports
• Application Control
• Preventing malicious programs sending information out of the computer (trojan defense)
• Intrusion Prevention
• Stops malicious packets aimed on open ports (network attacks)
![Page 4: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/4.jpg)
Page 4
Network Attack: Managed Network
Web Server ManagedMobile Host
Managed Hosts F-Secure Policy Manager
x
x
Worm traffic
Policy traffic
![Page 5: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/5.jpg)
Page 5
Network Attack: Unmanaged Network
Web Server UnmanagedMobile Host
Unmanaged Hosts Unmanaged File Server
x
Worm traffic
Trojan traffic
VPN tunnel
![Page 6: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/6.jpg)
INTERNET SHIELDADMINISTRATION INTERFACE
![Page 7: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/7.jpg)
Page 7
Remote Administration
The Policy Manager Console offers two different graphical interfaces
• Anti-Virus Mode
• Optimized for administering F-Secure Anti-Virus Client Security
• Advanced Mode
• Used for deeper product configurations
• Products other than AVCS have to be administered with this mode
• Some settings are only available in this mode!
![Page 8: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/8.jpg)
Page 8
Anti-Virus Mode
Message view• Informative messages• e.g. virus definitions update info
Management tabs• Host configuration and monitoring• Operations management
Policy domain tab• Displays policy domain structure
![Page 9: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/9.jpg)
Page 9
Advanced Mode
Message view• Informative messages• e.g. virus definitions update info
Policy properties pane• Host configuration and monitoring• Operations management
Product help• Field focus help, if policy properties tab selected
Product view pane• Provides most common settings• Functions differ for selected properties tabs (e.g. policy tab)
![Page 10: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/10.jpg)
Page 10
Anti-Virus ModeSummary Tab
Policy Manager section• Policy distribution status• Virus and spyware definitions status• Autoregistration request
Internet Shield section• Active security level (if host selected)• Latest Attack (host or whole domain)
Virus protection section• Real-time protection status• Infections (host or whole domain)• Virus definitions status (host or domain)
Domain/Host section• Displays most important information• More detailed for hosts (e.g. UID)• Host alert summary
![Page 11: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/11.jpg)
Page 11
Anti-Virus ModeInternet Shield Settings
Firewall Security Levels • Define security level for host/s• Enable/disable/add security levels• Configure firewall components (e.g. Network Quarantine)• Enable/disable firewall components (e.g. Application Control)
Firewall Rules• Define rules for existing or added security levels
Firewall Services• Edit existing or create custom your own custom services
Application Control• Define rules for unknown applications reported by hosts
![Page 12: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/12.jpg)
FIREWALL CONFIGURATION
![Page 13: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/13.jpg)
Page 13
Internet Shield Security Levels
F-Secure Internet Shield provides administrators with predefined
security levels
• Each of them has a set of pre-configured firewall rules
• Provides a easy and fast way of defining different policies on different domain levels
The security levels are created in a way, that they suit most
corporations
• In general, no changes are needed
• The console provides the possibility to change existing, or create complete new security levels (from scratch)
![Page 14: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/14.jpg)
Page 14
Provided Security Levels
There are seven predefined security levels
• Mobile, Home, Office (default), Strict (disabled), Normal (disabled), Custom (disabled), Network Quarantine
• “Block all” and “Disabled” (allow all traffic) levels cannot be edited!
• Network Quarantine is a special security level used by the Intelligent Network Access (INA) feature
![Page 15: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/15.jpg)
Page 15
SECURITY LEVEL
RULES
Allow Web Browsing
Security Levels Structure
SERVICES
• HTTP / Hyper Text Transfer Protocol out• HTTPS (SSL) out• FTP / File Transfer Protocol out
1
2
3
![Page 16: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/16.jpg)
Page 16
Finetuning Security Levels
Define location for sub-domain andhost specific rules• Only possible on root level!
Choose the security level to edit
Disable/Enable rules• Doesn’t delete the rule!
Edit, add or clear (delete) rules
Restore or force security levels• Choice: Active or all security levels
Allow and place user defined rules• Recommended to leave “disabled”
![Page 17: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/17.jpg)
Page 17
The auto-selection feature enables the automatic switching between
different Internet Shield security levels, based on specific arguments
• Rules are read from top to down (first rule matching will be applied)
• Specified arguments (IP address or network) are referring to pre-defined methods (e.g. Default Gateway IP address)
• Never: Disables the rule (no argument needed)
• Always: Applies the rule, argument disregarded (used at last rule)
Using Security Level Autoselection
![Page 18: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/18.jpg)
Page 18
Creating Auto-selection Rules
Goal
• Hosts connected to the LAN should automatically use the ”Office” security level, and host outside the LAN should switch to the ”Mobile” security level
![Page 19: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/19.jpg)
Page 19
Office Rule
Priority: 1
Security Level: 40office (security level ID)
Method1: Default Gateway IP Address (most common method)
Argument1: <Gateway IP address>
Method2: Always (default method)
![Page 20: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/20.jpg)
Page 20
Mobile Rule
Priority: 2 (doesn’t automatically increment!)
Security Level: 20office (security level ID)
Method1: Always (last catch rule)
Argument1: No argument needed
Method2: Always (default method)
![Page 21: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/21.jpg)
Page 21
Allow only the needed services, deny all the rest
• In this way the security risk is minimized and well-known
• The drawback is that when new services are needed the firewall must be reconfigured, but this is a small price for the security
The opposite concept, to only deny dangerous services and allow the
rest is not acceptable
• No one can tell with certainty, which services are dangerous or might become dangerous in the future when a new security problem is discovered.
Principles for Designing Firewall Rules
![Page 22: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/22.jpg)
Page 22
Principles for Designing Firewall Rules
1. Deny rules for the most dangerous services or hosts, optionally
with alerting
2. Allow rules for much-used common services and hosts
3. Deny rules for specific services you want alerts about, e.g. trojan
probes, with alerting
4. More general allow rules
5. Deny everything else
![Page 23: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/23.jpg)
Page 23
Proper Alerting
Proper alerting can only be done by having proper granularity in the
rule set: one rule for each type of alert you want
• “Broad” rules will generate a lot of alerts, any important information may be lost in large volumes of useless noise
If you really want alerts on the last rule (deny everything else) then it
might be a good idea to have deny rules without alerting before it that
drop high-volume traffic with little interest
A bad decision would be to alert on network broadcasts in a corporate
LAN
![Page 24: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/24.jpg)
Page 24
Good Practice
Allow only the needed services, deny the rest
Keep it simple and efficient
For normal workstations, deny all inbound traffic
For optional security measures, deny services that transfer
confidential information (password etc) over the network
• Deny POP, IMAP, SMTP, FTP, Telnet etc to 0.0.0.0/0
![Page 25: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/25.jpg)
Page 25
Example: Simple Ruleset
Outbound traffic
• First rule allows outbound TCP & UDP to everywhere (for example web browsing is possible)
• Protocols used during web browsing
• TCP port 80 (HTTP)
• TCP or UDP port 53 (DNS)
Bi-directional traffic
• Second rule drops all other traffic
![Page 26: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/26.jpg)
Page 26
Basic Desktop Policy
Managed host
x
Inbound traffic
Outbound traffic
TCP, UDPICMP
![Page 27: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/27.jpg)
Page 27
Basic Desktop Policy
![Page 28: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/28.jpg)
Page 28
Port Description
135 RPC (Remote Procedure Call)
DCOM (Distributed Component Object)
Allows remote computer to send commands to another
computer. Used by services like DNS (Domain Name
System)
137,138 & 139 Windows Networking using SMB over NBT (Netbios)
(Windows NT and 9X)
445 Windows Networking using SMB directly over TCP
(Windows 2000 and later)
SMB over Netbios...Still needed?
![Page 29: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/29.jpg)
Page 29
Windows Networking Rules
![Page 30: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/30.jpg)
Page 30
More Strict Destop Policy
Managed host
x
DNS Server
Mail Server
File Server
DMZ194.197.29.0/24
LAN10.10.10.0/24
.53.110.139
Inbound traffic
Outbound trafficExternal (allowed)
External (denied)
Internal (allowed) TCP
SMTPPOP, IMAP
SMTPPOP, IMAP
SMB DNS
![Page 31: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/31.jpg)
Page 31
More Strict Desktop Policy
![Page 32: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/32.jpg)
NETWORK QUARANTINECONFIGURATION
![Page 33: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/33.jpg)
Page 33
Who Is Connecting To My Network?
It is in the interest of every corporation to prevent unauthorized
hosts from connecting to the company network
• Virus infections in data networks have become an increasingly serious problem
Physically guarding network sockets is not going to be the solution
• An automated system is needed, checking the host protection before granting network access
• Anti-Virus protection status (e.g. real-time protection check)
• Firewall protection status (e.g. packet filter status check)
![Page 34: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/34.jpg)
Page 34
Policy Manager Network Security
Policy Manager Server provides two different solutions
Network Admission Control (NAC)
• Solution developed by Cisco Systems
• Supported by Anti-Virus Client Security 6.x
• No centralized management
Network Quarantine (a.k.a. Intelligent Network Access INA)
• Solution developed by F-Secure
• Complete integration in Internet Shield
• Centralized management possible
![Page 35: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/35.jpg)
Page 35
Using Network Quarantine
Network Quarantine is disabled by default
• Very simple to enable (Firewall Security Levels/Network Quarantine)
• Monitors two host conditions
• Virus definitions update status (age, default settings 4 days)
• Real-time scanning status
• If one of the conditions applies, then the host is quarantined (security level switches to “Network Quarantine”)
![Page 36: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/36.jpg)
Page 36
Example: Host Access Restrictions
Network traffic is restricted
• Reason: Real-time scanning is disabled
• Solution: Re-enable real-time scanning
Important: Administrators should
restrict changes to system critical
settings!
![Page 37: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/37.jpg)
Page 37
Network Quarantine Security Level
Access limited to F-Secure Update
Servers
• Automatic Update Server/s
• Automatic Update Proxy/ies
• F-Secure Root Update Server
Network access will be granted
once the computer has
• Re-activated real-time scanning
• Updated the virus definitions
![Page 38: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/38.jpg)
APPLICATION CONTROL CONFIGURATION
![Page 39: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/39.jpg)
Page 39
Application Control Features
Application Connection Control
• Monitors applications sending and receiving information (client and server applications)
• Protects from trojans sending out confidential information (trojan defense)
• Component supports complete remote administration (all settings)
Enhanced features
• Memory write protection (application manipulation control)
• Process creation protection (application launch control)
• No central management
• Feature enabling or disabling as only PMC setting
![Page 40: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/40.jpg)
Page 40
Application Connection Control Operation
Managed Hosts F-Secure Policy Manager
Application traffic
Policy traffic
xxx
![Page 41: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/41.jpg)
Page 41
Rules WizardConnection Properties
At first, you have to define the
connection properties
• Act as client (outbound, connecting)
• Act as server (inbound, listening)
It makes no sense to allow inbound
connections for client applications
(e.g. Internet Explorer)
![Page 42: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/42.jpg)
Page 42
Rules WizardUser Messages
As a second step define, how the
application connection policy is informed
to the end user
• No message (completely transparent)
• Default message (defined in MIB tree)
• Customized message
![Page 43: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/43.jpg)
Page 43
Rules WizardTarget Domain Selector
New application instances cannot be
created manually on the PMC
• They are informed by the managed hosts (reporting needs to enabled!)
• Not all the hosts might report the same applications
• Still you might want to force certain host applications to the whole domain
The rules Wizard has a domain target
selector
• Simple and fast to create company wide application control rules
![Page 44: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/44.jpg)
Page 44
Creating the Application List
1. Create a test environment representing your production computers
(operating systems, service packs, applications, etc.)
2. Import these hosts to the centrally managed domain
3. Define rules for the reported applications
4. Distribute the policies
![Page 45: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/45.jpg)
Page 45
Configuration Tips
Key settings
1. Action on Unknown Applications = Deny
(inbound and outbound)
2. Report to Administrator = Report
3. Application Control Enabled = Yes
4. Memory Write Protection Enabled = No
5. Process Creation Protection Enabled =
No
![Page 46: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/46.jpg)
INTRUSION PREVENTION
![Page 47: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/47.jpg)
Page 47
Recommended Configuration
Intrusion Prevention is enabled by default
• Similar to Network Quarantine, IDS configuration is really simple
• Action on malicious packet: Log without dropping packet (default)
• Alert severity: Warning (default)
• Detection sensitivity: 100 % (default)
![Page 48: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/48.jpg)
Page 48
Detection Sensitivity
Possibility of adjusting the detection sensitivity has two main purposes
• Reducing the amount of alerts (false positives)
• Improving the performance of the managed hosts
Using values reduces the amount of false positives
• 10 %: Maximum network performance, minimum alerts
• 50 %: Only malicious patterns are verified and reported
• 100 %: All existing patterns are verified and reported
![Page 49: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/49.jpg)
Page 49
Monitoring Network Attacks
Possible network attacks can be monitored with several user
interfaces
• Anti-Virus Client Security user interface
• Policy Manager Console
• Internet Shield web interface
Most common way is to use the Policy Manger Console
• Possibility of monitoring the whole policy domain, rather than a specific host
![Page 50: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/50.jpg)
Page 50
Example: Host Intrusion
Portscan on specific host
• Local user interface reports alerts
• 4 different static firewall rule hits (red)
• 1 intrusion alert (Fin scan, yellow)
![Page 51: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/51.jpg)
Page 51
Monitoring Network AttacksUsing Policy Manger Console
Most recent attack visible in the Anti-Virus Mode Summary tab
• Direct link to Internet Shield status information (affected host/s, attack time, etc.)
![Page 52: ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine](https://reader031.vdocument.in/reader031/viewer/2022012918/56649dca5503460f94ac085d/html5/thumbnails/52.jpg)
Page 52
Summary
What can Internet Shield be used for?
Internet Shield remote administration
• Firewall configuration
• Network Quarantine configuration
• Application Control configuration
• Intrusion Prevention configuration