Managing Internet Shield Properties Remotely; Using Packet Logging; Using The Trusted Interface; Using Packet Filtering - F-SECURE CLIENT SECURITY 9.00 Administrator's Manual

Hide thumbs Also See for CLIENT SECURITY 9.00:

Deployment manual (115 pages)

Administrator's manual (253 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

Table of Contents

150 | F-Secure Client Security | Advanced features: Internet Shield

Managing Internet Shield properties remotely

This section describes how you can manage Internet Shield properties remotely.

Using packet logging

Packet logging is a very useful debugging tool to find out what is happening on the local network.

Packet logging is also a powerful tool that can be abused by the end user to eavesdrop on the activities of

other users on the LAN, and this means that in some corporate environments the administrator needs to

disable the packet logging.

1. Select

The

Advanced mode

2. Select

3. On the

4. Select the

This variable normally shows the status of the packet logging;

Enabled

5. To turn off logging completely, make sure that it is set to Disabled, and select the

6. Distribute the policy to enforce the change.

To later undo this change, clear the

Note: Use this with caution, as for example setting the variable to

start a logging session on every affected host.

Using the trusted interface

The trusted interface mechanism is used to allow use of the firewalled host as a connection-sharing server.

Firewall rules are not applied to traffic going through the trusted interface. If it is used wrongly it can open up

the host to any kind of attack from the network, so it is a good security precaution to turn this mechanism off

if it is not absolutely needed.

The trusted interface is turned on as follows:

1. Select

The

Advanced mode

2. Select the subdomain where you want to enable the trusted interface in the

3. On the

interface.

4. Select

This allows the end-users in the subdomain to configure a network interface as the trusted interface.

5. Save and distribute the policy to enforce the change.

Using packet filtering

This is one of the basic security mechanisms in the firewall; it filters all the IP network traffic based on

information in the protocol headers of each packet.

Packet filtering can be turned on or off from the

it off is sometimes needed for testing purposes, but will endanger the security. Because of this, most corporate

environments should make sure that the packet filtering is always on.

View

Advanced mode

user interface opens.

Root

on the

Policy domains

Policy

tab, select

F-Secure Internet

Logging

tab.

that it is currently running on the host.

View

Advanced mode

user interface opens.

Policy

tab, select

F-Secure Internet Shield

Enabled

to turn on the trusted interface for the currently selected subdomain.

from the menu.

tab.

Shield.

Final

check box and distribute the new policy.

from the menu.

Settings

Advanced

tab in the

Disabled

means that it is not running, and

Final

check box.

Enabled

for the whole domain would

Policy domains

Firewall engine

Allow trusted

Network protection

settings. Turning

tree.

Table of Contents

This manual is also suitable for:

Client security

Managing Internet Shield Properties Remotely; Using Packet Logging; Using The Trusted Interface; Using Packet Filtering - F-SECURE CLIENT SECURITY 9.00 Administrator's Manual

Managing Internet Shield properties remotely

Using packet logging

Using the trusted interface

Using packet filtering

Related Manuals for F-SECURE CLIENT SECURITY 9.00

Related Content for F-SECURE CLIENT SECURITY 9.00

This manual is also suitable for:

Table of Contents