F-SECURE ANTI-VIRUS LINUX SERVER SECURITY Administrator's Manual page 10

8
Firewall
The firewall component is a stateful packet filtering firewall which is based
on Netfilter and Iptables. It protects computers against unauthorized
connection attempts. You can use predefined security profiles which are
tailored for common use cases to select the traffic you want to allow and
deny.
Protection Against Unauthorized System Modifications
If an attacker gains a shell access to the system and tries to add a user
account to login to the system later, Host Intrusion Prevention System
(HIPS) detects modified system files and alerts the administrator.
Protection Against Userspace Rootkits
If an attacker has gained an access to the system and tries to install a
userspace rootkit by replacing various system utilities, HIPS detects
modified system files and alerts the administrator.
Protection Against Kernel Rootkits
If an attacker has gained an access to the system and tries to install a
kernel rootkit by loading a kernel module for example through /sbin/
insmod or /sbin/modprobe, HIPS detects the attempt, prevents the
unknown kernel module from loading and alerts the administrator.
If an attacker has gained an access to the system and tries to install a
kernel rootkit by modifying the running kernel directly via /dev/kmem,
HIPS detects the attempt, prevents write attempts and alerts the
administrator.