Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Summary of Contents for Internet Security Systems RealSecure
-
Page 1: User Guide
Desktop Protector User Guide Version 3.5... - Page 2 Internet Security Systems, Inc. The views and opinions of authors expressed herein do not necessarily state or reflect those of Internet Security Systems, Inc., and shall not be used for advertising or product endorsement purposes.
-
Page 3: Table Of Contents
Using ICEcap Manager to Control RealSecure Agents ........ - Page 4 Contents Appendix A: Operating Tabs ..........61 Overview .
-
Page 5: Preface
Preface Overview Introduction This guide is designed to help you use RealSecure Desktop Protector to protect your local system and your network from unwanted intrusions. Scope This guide describes the features of RealSecure Desktop Protector and shows you how to use them. - Page 6 Preface Related publications The following documents are available for download from the Internet Security Systems Web site at www.iss.net For information about working with RealSecure Desktop Protector on a corporate network, see the RealSecure ICEcap Manager User Guide. For answers to questions about Desktop Protector, see RealSecure Desktop Protector Frequently Asked Questions.
-
Page 7: Conventions Used In This Guide
Conventions Used in this Guide Conventions Used in this Guide Introduction This topic explains the typographic conventions used in this guide to make information in procedures and commands easier to recognize. In procedures The typographic conventions used in procedures are shown in the following table: Convention What it Indicates Examples... -
Page 8: Getting Technical Support
ISS provides technical support through its Web site and by email or telephone. The ISS Web site The Internet Security Systems (ISS) Resource Center Web site ( http://www.iss.net/ ) provides direct access to much of the information you need. You can find... -
Page 9: Chapter 1: Introduction To Realsecure Desktop Protector
Introduction to Protector Overview Introduction RealSecure Desktop Protector is a comprehensive security solution that helps you protect your system and your network from the following: theft of passwords, credit card information, personal files and more computer downtime and system crashes hackers using your system to start attacks against other systems This chapter describes the basic concepts of RealSecure Desktop Protector. - Page 10 Application Control applications from damaging your system. When you suspect an application may have been modified, Application Control lets you decide whether to let it start. RealSecure Desktop Protector goes beyond the capabilities of other products by preventing unauthorized applications from starting other applications or services.
-
Page 11: Protection Levels
Protection Levels Protection Levels Introduction Protection levels are pre-designed sets of security settings developed for different types of Web use. You can choose to have Desktop Protector block all communications with your system, some communications with your system, or no communications with your system. -
Page 12: Adaptive Protection
Chapter 1: Introduction to RealSecure Desktop Protector Adaptive Protection Introduction Adaptive Protection automatically adapts each agent's security level according to the type of network connection it is using. For example, you can set Adaptive Protection to use a more restrictive security level when users are logged on over a VPN, and a less restrictive security level when users are logged directly onto the network. -
Page 13: The Desktop Protector Firewall
The Desktop Protector Firewall The Desktop Protector Firewall Introduction Desktop Protector automatically stops most intrusions according to the protection level you have chosen, but you still may notice activity that isn't explicitly blocked. You can configure the Desktop Protector firewall to increase your protection. You can block intrusions from a particular address, or you can block intrusions that use a particular protocol. -
Page 14: Application Protection
Chapter 1: Introduction to RealSecure Desktop Protector Application Protection Introduction BlackICE protects your computer from unknown applications and from applications connecting to a network, such as the Internet. How the baseline First, BlackICE creates a baseline record (also known as a checksum) of the applications works installed on your computer. -
Page 15: Application Control
Application Control Introduction RealSecure Desktop Protector lets you control which applications and related processes can run on your system. Sometimes a program may be installed on your system without your knowledge. Many of these programs are useful or harmless. However, some of these programs can present security risks. -
Page 16: Communications Control
Introduction To reduce security risks from potential “Trojan horse” applications on your system, RealSecure Desktop Protector lets you choose which applications or processes can access a network, such as the Internet or a local area network. Desktop Protector tracks all the applications (and related processes) that you authorize to Communications access a network from your system. -
Page 17: Desktop Protector Alerts
Desktop Protector Alerts Desktop Protector Alerts Introduction Your dynamic firewall handles most alerts for you, but you can take additional steps to make its responses even more effective. The information in this topic may help you determine which events merit your attention. Severity levels Some network events are more dangerous than others. - Page 18 Chapter 1: Introduction to RealSecure Desktop Protector Response levels Desktop Protector reports how it responded to each event by showing a symbol. The symbol for a response can appear two ways: as an icon beside the event as a mark over the severity level icon...
-
Page 19: Collecting Information
Collecting Information Introduction When an intruder attempts to break into your system, RealSecure Desktop Protector can track the intruder’s activities. You can use this information to determine what an intruder did to your computer. This section explains how to gather and use this information. -
Page 20: Filtering Information
Filtering Information Introduction You probably won't need to inspect all the information RealSecure Desktop Protector gathers about the Internet traffic that reaches your system. You can use the configuration tabs to control how much information appears on the information tabs and how often Desktop Protector alerts you to potential risks. -
Page 21: Chapter 2: Using Realsecure Desktop Protector With Icecap Manager
Desktop Protector and ICEcap Manager from your system. For more detailed information about using RealSecure Desktop Protector with ICEcap Manager, see the RealSecure ICEcap Manager User Guide. In this chapter... -
Page 22: How Icecap Manager Works With Realsecure Desktop Protector
Installing, updating and controlling remote agents. ICEcap administrators can use ICEcap Manager to control the configuration of all RealSecure agents on the network. This provides a central platform for standardizing security settings across the enterprise. - Page 23 How ICEcap Manager Works With RealSecure Desktop Protector locally installed. Silent Desktop Protector installations are always completely ICEcap- controlled. For more information about silent agent installations, see the RealSecure ICEcap Manager User Guide. This table summarizes the levels of control ICEcap Manager can exert over an agent.
-
Page 24: How Icecap Manager Handles Information
How ICEcap Manager Handles Information Introduction To help organize information, ICEcap Manager categorizes agents and the events they report into accounts and groups. To report an event, a RealSecure agent must be assigned to a group within an ICEcap account. Accounts Accounts represent significant divisions or organizational elements within the company. -
Page 25: Transmitting Data To Icecap Manager
VPN connections using the point-to-point tunneling protocol encrypt packets sent over the Internet, adding an additional layer of security between remote systems and ICEcap Manager. Reporting through a RealSecure agents can also be configured to report events through a proxy server. proxy server... -
Page 26: Installing Desktop Protector Remotely
Chapter 2: Using RealSecure Desktop Protector with ICEcap Manager Installing Desktop Protector Remotely Introduction In addition to managing event information, ICEcap Manager can install Desktop Protector software on remote systems. This can include systems with the Local Console or “silent”... -
Page 27: Using Icecap Manager To Control Realsecure Agents
Using ICEcap Manager to Control RealSecure Agents Using ICEcap Manager to Control RealSecure Agents Introduction ICEcap Manager manages agents by applying policies to groups of agents. Any configuration change made to a group is distributed to all the members of that group. This reduces the effort required to support remotely installed systems. - Page 28 Chapter 2: Using RealSecure Desktop Protector with ICEcap Manager...
-
Page 29: Chapter 3: Setting Up Realsecure Desktop Protector
Setting Up RealSecure Desktop Protector Overview Introduction This chapter provides instructions for installing and configuring RealSecure Desktop Protector locally. For information about installing Desktop Protector from ICEcap Manager, see the RealSecure ICEcap Manager User Guide. In this chapter This chapter contains the following topics:... -
Page 30: Installing Realsecure Desktop Protector
Introduction This topic gives instructions for installing Desktop Protector. Local or remote You can install RealSecure Desktop Protector locally at your agent computer or remotely installation from RealSecure ICEcap Manager. In most cases, you should distribute Desktop Protector to network systems from ICEcap Manager. This allows centralized control of configuration. - Page 31 If yes, go to Step 21. If no, clear the I would like to view the README file checkbox. If you are installing this version of RealSecure Desktop Protector for the first Note: time, ISS recommends that you read the Release Notes.
-
Page 32: Stopping Desktop Protector
BlackICE intrusion detection and application protection features. Stopping Desktop Protector is not the same as removing it. For information about Note: removing RealSecure Desktop Protector, see “Uninstalling Desktop Protector” on page 28. Stopping Desktop To stop Desktop Protector from the Desktop Protector window:... - Page 33 5. In the right pane, right-click BlackICE, and then select Action Stop. Desktop Protector stops monitoring incoming traffic and a red line appears over the RealSecure Desktop Protector icon. 6. In the right pane, right-click RapApp, and then select Action Stop.
-
Page 34: Restarting Desktop Protector
Chapter 3: Setting Up RealSecure Desktop Protector Restarting Desktop Protector Introduction You can restart RealSecure Desktop Protector after you have stopped it, or you can let Desktop Protector restart automatically when you restart your computer. Opening the Desktop Protector window does not make Desktop Protector resume Note: monitoring your system. - Page 35 Restarting Desktop Protector 3. Double-click Services. The Services window appears. 4. In the right pane, right-click BlackICE, and then select Start. Desktop Protector resumes monitoring incoming traffic. The red line disappears from the Desktop Protector icon. 5. In the right pane, right-click RapApp, and then select Start. Desktop Protector resumes monitoring your system for unauthorized applications and outgoing transmissions.
-
Page 36: Uninstalling Desktop Protector
Chapter 3: Setting Up RealSecure Desktop Protector Uninstalling Desktop Protector Introduction You can remove Desktop Protector from your computer using the Windows Add/Remove Programs Utility or the BlackICE Agentremove utility. Use the agentremove.exe utility only if you are unable to remove Desktop Important: Protector through the Windows Add/Remove utility. - Page 37 Uninstalling Desktop Protector 7. Do you want to remove the remaining intrusion files and delete the directory? If yes, click Yes. If no, click No. 8. Click Finish. The system removes Desktop Protector from your system. Uninstalling To remove Desktop Protector using the agentremove utility: Desktop Protector using the 1.
- Page 38 Chapter 3: Setting Up RealSecure Desktop Protector...
-
Page 39: Chapter 4: Configuring Realsecure Desktop Protector
Chapter 4 Configuring RealSecure Desktop Protector Overview Introduction This chapter provides the procedures to configure RealSecure Desktop Protector for your specific conditions. These procedures are designed to be performed in sequence. In this chapter This chapter includes the following topics: Topic... -
Page 40: Connecting To Icecap Manager
This group must be created beforehand in ICEcap Manager and must have the Note: correct configuration settings to report properly. See the RealSecure ICEcap Manager User Guide for more information about groups and group name precedence settings. 9. In the Proxy URL text box, enter the fully qualified URL for the proxy server, if any. If you are not using a proxy server, leave this field blank. - Page 41 Connecting to ICEcap Manager OK: The local RealSecure agent is successfully exchanging information with ICEcap Manager. Authentication Failure: The agent may have an incorrect account name or password. Re-enter the account, group, and password values and test again. If this error persists, check with your ICEcap administrator that you are using the correct account name, password, and group.
-
Page 42: Setting Your Protection Level
Chapter 4: Configuring RealSecure Desktop Protector Setting Your Protection Level Introduction Protection levels are predesigned sets of security settings developed for different types of Web use. You can choose to have Desktop Protector block all communications with your system, some communications with your system, or no communications with your system. -
Page 43: Using Adaptive Protection
Using Adaptive Protection Using Adaptive Protection You can set up your firewall to switch protection levels automatically when it detects a connection with a remote computer. To do this, choose one of the procedures in this topic. Setting adaptive To switch to the Trusting protection level when your computer connects from inside your protection from corporate network: inside the corporate... - Page 44 Chapter 4: Configuring RealSecure Desktop Protector This can be a single static IP address or a set of addresses that the conference Note: host provides. 6. Click OK. Your firewall is configured to switch to Cautious when you connect to your corporate...
-
Page 45: Blocking Intrusions
Blocking Intrusions Blocking Intrusions Introduction Desktop Protector identifies and stops most intrusions according to your preset protection level, but you may still notice activity that isn't explicitly blocked. This topic explains how to handle intrusions from a particular address or intrusions that use a particular protocol. Do not block port scans from your own internal network. - Page 46 Chapter 4: Configuring RealSecure Desktop Protector Blocking a Port If you don't have a specific intruder in mind but you are concerned about intrusion attempts using a particular internet protocol, you can block the port that protocol uses. Adding a port entry to your firewall ensures that no traffic from any IP address can enter your system using that port.
-
Page 47: Trusting Intruders
Trusting Intruders Trusting Intruders Introduction When an address is trusted, Desktop Protector assumes all communication from that address is authorized and excludes the address from any intrusion detection. Trusting ensures that Desktop Protector does not block systems whose intrusions may be useful to you. -
Page 48: Ignoring Events
Chapter 4: Configuring RealSecure Desktop Protector Ignoring Events You can configure RealSecure Desktop Protector to ignore events that are not a threat to your system. Ignoring an event is different from trusting an intruder. Ignoring disregards certain Note: kinds of events. When an event type is ignored, Desktop Protector does not log any information about events of that type. - Page 49 Ignoring Events For more information, see “The Prompts Tab” on page 83.
-
Page 50: Working With The Application Protection Baseline
Working with the Application Protection Baseline Introduction When you install RealSecure Desktop Protector, it creates a baseline record (also known as a checksum) of the applications installed on your computer. Desktop Protector uses this information to prevent any unauthorized applications from running. When Desktop Protector alerts you that an unknown application is starting, you can stop the application or let it run. - Page 51 Working with the Application Protection Baseline 3. Repeat for every warning message that appears. The number of messages you see depends on how many files the application runs. BlackICE will not display the warning messages again unless the application changes. Building your Desktop Protector can learn your application protection preferences as you work.
- Page 52 Chapter 4: Configuring RealSecure Desktop Protector Adding file types to If you know of application files on your system that have different extensions, you can the baseline add those extensions before creating your baseline. To search for additional file types: 1.
- Page 53 Working with the Application Protection Baseline Disabling To permanently prevent Desktop Protector from monitoring your system for Application unauthorized applications, follow this procedure: Protection 1. On the Tools menu, select Edit BlackICE Settings, and then select the Application Control tab. 2.
-
Page 54: Configuring Communications Control
Introduction When you set your communications control preferences, you establish a rule for RealSecure Desktop Protector to follow whenever an application tries to access a network without your approval. You have the option of terminating the application or letting it run. - Page 55 Configuring Communications Control For more information about setting your Communications Control preferences, see “The Communications Control Tab” on page 86.
-
Page 56: Controlling Event Notification
Chapter 4: Configuring RealSecure Desktop Protector Controlling Event Notification Introduction You may find that you want regular access to more or less information than RealSecure Desktop Protector shows by default. You can use the Desktop Protector configuration tabs to control the following:... - Page 57 Controlling Event Notification 4. Click OK. For more information about setting your notification preferences, see “The Notifications Tab” on page 81. Freezing the Events Freezing the Events list stops Desktop Protector from refreshing the tab information until list you unfreeze it. However, freezing does not stop the monitoring, detection, and protection features of Desktop Protector.
-
Page 58: Back Tracing
Chapter 4: Configuring RealSecure Desktop Protector Back Tracing Introduction RealSecure Desktop Protector can track an intruder’s activities to help you determine what an intruder did to your computer. This topic explains how to gather and use this information. How does back Back tracing is the process of tracing a network connection to its origin. - Page 59 Back Tracing want as much information about the intruder as possible. However, intruders can detect and block a direct trace. Where is the back Back tracing information appears in two places: tracing information? in the information pane of the Intruder tab in standard text files in the Hosts folder in the directory where Desktop Protector is installed.
-
Page 60: Collecting Evidence Files
C:\Program Files\ISS\BlackICE . Each file has an extension. *.enc If you upgraded to RealSecure Desktop Protector 3.5 from a previous version of Note: BlackICE, your evidence log files are still stored in C:\Program Files\Network... - Page 61 Collecting Evidence Files 3. Click OK. For more information about setting your evidence logging preferences, see “The Evidence Log Tab” on page 74.
-
Page 62: Collecting Packet Logs
C:\Program Files\ISS\BlackICE . Each file has an extension. *.enc If you upgraded to RealSecure Desktop Protector 3.5 from a previous version of Note: BlackICE, your packet log files are still stored in C:\Program Files\Network... - Page 63 Collecting Packet Logs For more information about choosing your packet logging settings, see “The Packet Log Tab” on page 72.
-
Page 64: Responding To Application Protection Alerts
Chapter 4: Configuring RealSecure Desktop Protector Responding to Application Protection Alerts Introduction Programs can start without your knowledge. The Application Protection component may be triggered when you start a new program through the Start menu or by clicking a shortcut, but it may also be triggered by a program that starts without giving any on- screen indication. -
Page 65: Exporting Desktop Protector Data
Exporting Desktop Protector Data Exporting Desktop Protector Data Introduction You may want to export RealSecure Desktop Protector data into a spreadsheet program or word processor to look at the intrusion activity on your system. Procedure To export data: 1. Copy or cut the selected information to place it on the clipboard. - Page 66 Chapter 4: Configuring RealSecure Desktop Protector...
- Page 67 Appendixes...
-
Page 69: Appendix A: Operating Tabs
Appendix A Operating Tabs Overview Introduction This appendix describes the operating tabs. RealSecure Desktop Protector gathers information and presents it on the Events tab, the Intruders tab and the History tab. In this appendix This appendix contains the following topics:... -
Page 70: The Events Tab
This column... Contains this information... Severity The severity icon is a visual representation of the severity of an event and the response from RealSecure Desktop Protector. For more information, see “Severity levels” on page 12. Time The date and time the event occurred, in 24-hour format. - Page 71 The Events Tab Optional columns on This table describes optional columns that you can add to the Events tab. To add an the Events tab optional column, right-click any column heading and select Columns... This column... Contains this information... TCP Flags Data in the packet header specifying the intended treatment of the packet, such as (reset),...
- Page 72 Appendix A: Operating Tabs Shortcut This table describes the commands available by right-clicking an item on the Event tab: commands on the Events tab This command... Has this effect... Ignore Event To ignore an event, right-click an event/intruder combination, and then select Ignore Event. Ignoring event types is a useful way to stop Desktop Protector from reporting routine scans from ISPs and network probes.
-
Page 73: The Intruders Tab
Click a column header to sort the list by that column. Click the column header again to reverse the sort order. Details pane When you select an intruder from the Intruder list, the information RealSecure Desktop Protector has gathered about the intruder appears in the Details pane. Default columns on... - Page 74 Appendix A: Operating Tabs This command... Has this effect... Find To search for an intruder in the list, right-click any intruder, and then select Find. Print To print the entire contents of the Intruders list, right-click any intruder, and then select Print. Table 14: Intruders tab right-click commands Optional columns on This table describes the optional columns you can add to the Intruders tab.
-
Page 75: The History Tab
The History Tab The History Tab Introduction The History tab graphs network and intrusion activity on your system. For detailed information about activity on the Events graph, click the graph near Note: the marker that shows the time you are interested in. The Events tab appears, with the intrusion closest to that time highlighted. - Page 76 Appendix A: Operating Tabs History tab buttons This table describes the buttons on the History tab: This button... Has this effect... Close Closes the main Desktop Protector window. The detection and protection engine remains active. Help Displays the Help. Table 19: History tab buttons...
-
Page 77: Appendix B: Configuration Tabs
Appendix B Configuration Tabs Overview Introduction You can control some aspects of the way RealSecure Desktop Protector works by changing the settings on the configuration tabs. In this Appendix This appendix contains the following topics: Topic Page The Firewall Tab... -
Page 78: The Firewall Tab
Appendix B: Configuration Tabs The Firewall Tab Introduction Use the Firewall tab to choose how tightly Desktop Protector controls access to your system. If your computer is reporting intrusion events to ICEcap Manager and local Note: configuration editing has been disabled, you cannot set any options on the Firewall tab from the local system. - Page 79 The Firewall Tab Desktop Protector rejects or blocks communications on port 139. On Windows 2000, this setting also affects port 445. Allow NetBIOS Select this option to allow your system to appear in the Network Neighborhood of other Neighborhood computers. Clear this option to hide a computer from the Network Neighborhood.
-
Page 80: The Packet Log Tab
Appendix B: Configuration Tabs The Packet Log Tab Introduction The Packet Log tab allows you to configure the RealSecure Desktop Protector packet logging features. When packet logging is enabled, Desktop Protector records all the network traffic that passes through your system. - Page 81 The Packet Log Tab Packet Log tab This table describes the buttons that appear on the Packet Log tab. buttons This button... Has this effect... Click to save your changes and return to the main Desktop Protector window. Cancel Click to discard your changes and return to the Desktop Protector window.
-
Page 82: The Evidence Log Tab
The Evidence Log Tab Introduction When your system is attacked, RealSecure Desktop Protector can capture evidence files that record network traffic from the intruding system. Evidence files record the specific packet that set off a protection response. This can be a good way to investigate intrusions without using a lot of disk space for records. - Page 83 The Evidence Log Tab Evidence Log tab This table describes the buttons that appear on the Evidence Log tab. buttons This button... Has this effect... Click to save your changes and return to the main Desktop Protector window. Cancel Click to discard your changes and return to the Desktop Protector window.
-
Page 84: The Back Trace Tab
Internet, your system and the intruder's system exchange packets. Before an intruder's packets reach your system, they travel through several routers. RealSecure Desktop Protector can read information from these packets and identify each router the intruder's packets had to travel through. -
Page 85: The Intrusion Detection Tab
The Intrusion Detection Tab The Intrusion Detection Tab Introduction The Intrusion Detection tab allows you to control the IP addresses or intrusions the Desktop Protector engine trusts or ignores. For information about trusting and ignoring, see “Trusting Intruders” on page 39 and “Ignoring Events”... -
Page 86: The Icecap Tab
The ICEcap Tab Introduction The ICEcap tab allows you to manually control how RealSecure Desktop Protector reports intrusion information to an ICEcap server. When ICEcap reporting is enabled, all events are reported to an ICEcap server for enterprise-wide reporting and analysis. For more information, see “Connecting to ICEcap Manager”... - Page 87 The ICEcap Tab This setting... Has this effect... Last Status Shows the result of RealSecure Desktop Protector’s last attempt to check in with the ICEcap server, at the time displayed in the Time field. One of these results appears: •...
- Page 88 Appendix B: Configuration Tabs ICEcap tab buttons This table describes the buttons that appear on the ICEcap tab. This button... Has this effect... Click to save your changes and return to the main Desktop Protector window. Cancel Click to discard your changes and return to the Desktop Protector window.
-
Page 89: The Notifications Tab
The Notifications Tab The Notifications Tab Introduction The Notifications tab allows you to control some interface and notification functions. Notification This table describes the settings you can configure on the Notifications tab: settings This setting... Has this effect... Event Notification Desktop Protector alarm preferences control how and when the application notifies you of an event Visible Indicator... - Page 90 Appendix B: Configuration Tabs Notifications tab This table describes the buttons that appear on the Notifications tab. buttons This button... Has this effect... Click to save your changes and return to the main Desktop Protector window. Cancel Click to discard your changes and return to the Desktop Protector window.
-
Page 91: The Prompts Tab
The Prompts Tab The Prompts Tab Introduction The Prompts tab enables you to choose the level of feedback you want from the RealSecure Desktop Protector user interface. Prompts tab This table describes the settings on the Prompts tab: settings This setting... -
Page 92: The Application Control Tab
Desktop Protector shuts it down. Protect Agent Files When Protect Agent Files is selected, RealSecure Desktop Protector locks the BlackICE program files and the files that contain your known applications list and communications control settings. Only Desktop Protector can write to these files. - Page 93 The Application Control Tab Application Control This table describes the buttons that appear on the Application Control tab. tab buttons This button... Has this effect... Click to save your changes and return to the main Desktop Protector window. Cancel Click to discard your changes and return to the Desktop Protector window.
-
Page 94: The Communications Control Tab
Use the Communications Control tab to prevent programs on your system from contacting a network without your knowledge. Enable Application When Enable Application Protection is selected, the RealSecure Desktop Protector Protection Application Protection component is running. This option is cleared by default. - Page 95 The Communications Control Tab This button... Has this effect... Cancel Click to discard your changes and return to the Desktop Protector window. Apply Click to save your changes and keep the current tab open. Help Displays the online Help for this tab.
- Page 96 Appendix B: Configuration Tabs...
-
Page 97: Appendix C: Advanced Firewall Settings
You can use the Advanced Firewall Settings window to block intruders or ports or to configure Desktop Protector to dynamically switch protection levels. When you block an intruder, RealSecure Desktop Protector creates an IP address entry in your firewall that prevents all traffic from that IP address from entering your system. -
Page 98: The Firewall Rules Tab
Appendix C: Advanced Firewall Settings The Firewall Rules Tab Introduction Use the IP Address tab to create, modify and delete firewall settings for IP addresses and ports. Add and remove addresses or ports from the firewall list as necessary to modify and protect your system. - Page 99 The Firewall Rules Tab Buttons The following table describes the buttons on the IP Address tab: This button... Has this effect... Options To be notified when Desktop Protector is about to stop blocking an IP address, select Warn Before Block Expires. To manually add a new IP address filter or a new port configuration, click Add.
-
Page 100: The Local Adaptive Protection Tab
Appendix C: Advanced Firewall Settings The Local Adaptive Protection Tab Use this tab to configure your firewall to switch protection levels dynamically. When your firewall detects a connection, and your computer is using one of the IP addresses specified on this tab, your firewall automatically switches to the appropriate protection level. Options This table describes the options available on the Adaptive Protection tab: Group... -
Page 101: The Remote Adaptive Protection Tab
The Remote Adaptive Protection Tab The Remote Adaptive Protection Tab When your firewall detects a connection with a remote system that is using one of the IP addresses specified on this tab, your firewall automatically switches to the appropriate protection level. Options This table describes the options available on the Adaptive Protection tab: Group... -
Page 102: The Add Firewall Entry Dialog
Appendix C: Advanced Firewall Settings The Add Firewall Entry Dialog Introduction Use this dialog to create or change firewall settings that block or accept IP addresses. Add Firewall Entry The Add Firewall Entry dialog features these fields: dialog settings This field... Contains... - Page 103 The Add Firewall Entry Dialog Add Firewall Entry The Add Firewall Entry dialog has these buttons: dialog buttons This button... Has this effect... Click to create the firewall entry. Cancel Closes the window without saving the setting. Table 32: Add Firewall Settings dialog buttons...
-
Page 104: The Modify Firewall Entry Dialog
Appendix C: Advanced Firewall Settings The Modify Firewall Entry Dialog Introduction Use this dialog to change a firewall setting that you have set up previously. Modify Firewall The Modify Firewall Entry dialog features these fields: Entry dialog settings This field... Contains... - Page 105 The Modify Firewall Entry Dialog Modify Firewall The Modify Firewall Entry dialog has these buttons: Entry dialog buttons This button... Has this effect... Click to create the firewall entry. Cancel Closes the window without saving the setting. Table 34: Modify Firewall Settings dialog buttons...
- Page 106 Appendix C: Advanced Firewall Settings...
-
Page 107: Appendix D: Advanced Application Protection Settings
Appendix D Advanced Application Protection Settings Overview Introduction The Advanced Application Settings window lets you control which applications can start on your system and which applications can connect to a network, such as the Internet. For information about controlling applications on your system, see “Working with the Application Protection Baseline”... - Page 108 ISS Web site. WWW.ISS.NET Starts your browser and points it to the ISS Web site, which contains the latest information about www.iss.net RealSecure Desktop Protector. About Protection Displays information about this version of the Desktop Settings Protector application protection module.
-
Page 109: The Known Applications Tab
The Known Applications Tab The Known Applications Tab Introduction The Known Applications tab shows the application files Desktop Protector has detected on your system. If an application not on this list attempts to start, Desktop Protector alerts you or automatically closes the application, depending on the options you selected on the Application Control tab. -
Page 110: The Baseline Tab
Appendix D: Advanced Application Protection Settings The Baseline Tab Introduction The Baseline tab allows you to control how RealSecure Desktop Protector inspects your system for application files. The system tree The system tree pane shows the drives and directories RealSecure Desktop Protector has pane found on your system. -
Page 111: The Checksum Extensions Dialog
Introduction The Checksum Extensions dialog enables you to customize the application file types that RealSecure Desktop Protector lists when it inspects your system. Desktop Protector determines which files are included in the baseline from the file name's extension (the three characters after the period). - Page 112 Appendix D: Advanced Application Protection Settings...
-
Page 113: Appendix E: The Main Menu
Appendix E The Main Menu Overview Introduction The Main Menu appears above the information tabs. This Appendix explains how to use the menu options to control the appearance and operation of Desktop Protector features. In this Appendix This Appendix contains the following topics: Topic Page The File Menu... -
Page 114: The File Menu
Appendix E: The Main Menu The File Menu Introduction Use the File menu to control the essential operations of RealSecure Desktop Protector. Print... Print sends information from Desktop Protector to your default printer. To print information about an event or intruder: 1. -
Page 115: The Edit Menu
The Edit Menu The Edit Menu Introduction Use the Edit menu to manipulate the intrusion records that RealSecure Desktop Protector gathers. For more information about ways you can use Desktop Protector data, see “Back Tracing” on page 50. To cut an event or intruder: On the Events or Intruders tab, click an event or intruder, and then select Cut from the Edit menu. -
Page 116: The View Menu
Appendix E: The Main Menu The View Menu Introduction Use the View menu to choose what items are displayed, and how, on the Events and Intruders lists. Freeze Stops Desktop Protector from refreshing the tab information. For more information, see “Freezing the Events list”... -
Page 117: The Tools Menu
The Tools Menu The Tools Menu Introduction The Tools menu enables you to configure the application by editing the settings; edit the Advanced Firewall settings; start or stop the BlackICE engine; clear the event list; or change other preferences. Edit BlackICE Displays the configuration tabs that control the operation of the Desktop Protector engine. -
Page 118: The Help Menu
Starts your Web browser and points it to the ISS Web site, , which contains www.iss.net the latest information about RealSecure Desktop Protector and other ISS products. About BlackICE Displays your Desktop Protector license key and more information about your Desktop Protector version. -
Page 119: The System Tray Menu
For more information, see “The Events Tab” on page 62. Edit BlackICE Opens the RealSecure Desktop Protector user interface to the settings dialog, from which Settings... you can select one of the configuration tabs. For information about any of the configuration tabs, see “Configuration Tabs”... - Page 120 Appendix E: The Main Menu...
-
Page 121: Index
Index intruders ports accepting events – adaptive protection adding an entry addresses Cautious protection level blocking and accepting checksum Advanced Application Control Settings window choosing a protection level Advanced Firewall Settings window clearing advICE library events alerts evidence logs choosing packet logs interpreting closing BlackICE... - Page 122 Index filtering Informational events Install Mode Edit menu installation prerequisites events installing accepting prerequisites blocking Internet file sharing clearing Internet Security Systems deleting technical support viii filtering Web site viii finding internet service provider freezing intruders ignoring blocking notification trusting...
- Page 123 Intruders choosing Intrusion Detection effect on applications Notifications – setting dynamically Packet Log Prompts technical support technical support, Internet Security Systems viii responding to alerts Tools menu response levels trace file decoders restarting traffic graph application protection trusting an intruder...
- Page 124 Index...
- Page 125 LICENSE KEYS IN LIEU OF RETURN. 1. License - Upon payment of the applicable fees, Internet Security Systems, Inc. (“ISS”) grants to you as the only end user (“Licensee”) a nonexclusive and nontransferable, limited license for the accompanying ISS software product in machine-readable form and the related documentation (“Software”) for use only on the specific network configuration, for the number of devices, and for the time period (“Term”) that are specified in Licensee’s purchase order, as accepted by ISS,...
- Page 126 Chapter 0: 13. No High Risk Use - Licensee acknowledges that the Software is not fault tolerant and is not designed or intended for use in hazardous environments requiring fail-safe operation, including, but not limited to, aircraft navigation, air traffic control systems, weapon systems, life-support systems, nuclear facilities, or any other applications in which the failure of the Licensed Software could lead to death or personal injury, or severe physical or property damage.
Need help?
Do you have a question about the RealSecure and is the answer not in the manual?
Questions and answers