1. Manuals
  2. Brands
  3. Internet Security Systems Manuals
  4. Software
  5. RealSecure
  6. User manual

Back Tracing - Internet Security Systems RealSecure User Manual

Protector
Hide thumbs
Table of Contents

Advertisement

Chapter 4: Configuring RealSecure Desktop Protector

Back Tracing

Introduction
How does back
tracing work?
Back tracing
information
Procedure
Direct and indirect
tracing
50
RealSecure Desktop Protector can track an intruder's activities to help you determine
what an intruder did to your computer. This topic explains how to gather and use this
information.
Back tracing is the process of tracing a network connection to its origin. When somebody
connects to your system over a network such as the Internet, your system and the
intruder's system exchange packets. Before an intruder's packets reach your system, they
travel through several routers. RealSecure Desktop Protector can read information from
these packets and identify each router the intruder's packets had to travel through.
Desktop Protector can often identify the intruder's system in this way.
When Desktop Protector back traces an intruder, it attempts to gather the IP address, DNS
name, NetBIOS name, Node, Group name, and MAC address. Skilled intruders will often
try to block Desktop Protector from acquiring this information.
To set up back tracing:
1. From the Main Menu, select Tools
2. Select the Back Trace tab.
3. Type the severity level for an indirect trace in the Indirect Trace Threshold box.
The default threshold for an indirect trace is 3. With this setting, any event with
Note:
a severity of 3 or above triggers an indirect back trace.
4. Do you want Desktop Protector to query Domain Name Service servers for
information about the intruder?
If yes, select DNS lookup.
I
If no, clear DNS lookup.
I
5. Type the severity level for a direct trace in the Direct Trace Threshold box.
The default threshold for the direct trace is 6. With this setting, any event with a
Note:
severity of 6 or above triggers a direct back trace.
6. Do you want Desktop Protector to determine the computer address of the intruder's
computer?
If yes, select NetBIOS nodestatus.
I
If no, clear NetBIOS nodestatus.
I
Desktop Protector can trace intruders directly or indirectly.
An indirect trace uses protocols that do not make contact with the intruder's system,
G
but collect information indirectly from other sources along the path to the intruder's
system. Indirect back tracing does not make contact with the intruder's system, and
therefore does not acquire much information. Indirect traces are best suited for lower-
severity attacks.
A direct trace goes all the way back to the intruder's system to collect information.
G
Direct back tracing makes contact with the intruder's system and therefore can acquire
a lot of information. Direct back traces are best for high-severity attacks, when you
Edit BlackICE Settings.

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the RealSecure and is the answer not in the manual?

Questions and answers

This manual is also suitable for:

Realsecure desktop protector 3.5

Table of Contents