background image

9

firewall:

•  Leave 

Automatic filtering mode

 enabled on the Personal firewall and redefine the Trusted zone, if necessary. 

With this configuration, users will not be prompted to select a protection mode if they connect to a new network 
(e.g., with mobile devices such as notebooks). Keep in mind that outgoing communication will not be completely 
filtered.

•  Select the 

Interactive filtering mode

 in the Personal firewall. This mode is not suitable for inexperienced users, 

since any new communication not specified by a rule will prompt to create one. This may cause problems and is 
not recommended. 

•  Switch to the 

Policy-based filtering mode

 in the Personal firewall and create more “lenient” rules. For example, 

all SMTP, HTTP and POP3 communication would be allowed, regardless of the application establishing them. 
Such rules should be set up by an experienced network administrator.

•  Select the 

Policy-based filtering mode 

in the Personal firewall with additional rules which dictate that certain 

networking services can only be used by specific applications or processes. For example, communication for the 
process firefox.exe will be allowed only on remote ports 80 (HTTP) and 443 (HTTPS); Outlook Express only on 
ports 25, 110, 143 and limited to the IP addresses where the company’s email servers are located, etc.

This last scenario is the most complex and may require fine-tuning of some rules, but it also offers the highest level 
of security. For example: Malicious code which is not recognized by the resident antivirus protection attacks a 
computer. The code creates a local SMTP server and sends spam messages on behalf of a remote web server from 
a predefined public IP address. This type of infiltration will be automatically blocked in the last scenario, because 
SMTP communication is enabled only for Outlook Express and HTTP traffic only for Mozilla Firefox. 

2..4  Rule configuration strategy in large networks

If you wish to set the most strict level of network access for client computers, use 

Policy-based filtering mode

because it allows no user intervention.

2

  The successful deployment of Policy-based mode requires thorough 

preparation, as blocking of legitimate applications must be avoided. There are several methods for deploying Policy-
based mode:

• 

Define rules “from scratch” and directly install ESET Smart Security with Policy-based mode turned on.

  The risk is that you may forget to specify rules for some applications and their communication will be 

automatically blocked.

 

First install ESET Smart Security, switch to Interactive filtering mode, and define rules “on-the-fly” as individual 
communications occur during regular operation of the system.

  If a new communication is detected (no rule is defined), a dialog window requiring user intervention is displayed. 

If it is a common and legitimate communication, you may want to define a rule immediately. Typically, the 
rule configuration process takes several days to complete, as rules for all applications must be created through 
regular interaction with the network. This is the recommended method.

TIP:

 After using Interactive mode for several days , switch to Policy-based filtering mode and export the ESET 

Smart Security settings (including all rules) to an .xml file. The settings can then be exported using ESET Remote 
Administrator, or ESET Smart Security itself (

Setup > Import and export settings......

). The .xml configuration can 

then be used for remote configuration of the program to other computers or it can be imported locally using the 
same feature in ESET Smart Security (

Setup -> Import and export settings......

).

2  Please note that in order to prevent users from altering Personal firewall rules, you must set a password to 

protect the program parameters of the ESET Smart Security client.

Summary of Contents for PERSONAL FIREWALL

Page 1: ...ESET Personal Firewall we protect your digital worlds User Guide...

Page 2: ...Personal Firewall Copyright 2008 by ESET spol s r o ESET Personal Firewall was developed by ESET spol s r o For more information visit www eset com All rights reserved No part of this documentation m...

Page 3: ...re are several reasons A Personal firewall can eliminate attacks from within the local network e g an infected guest notebook connecting to the corporate network A Personal firewall allows the adminis...

Page 4: ...This mode is based on user defined rules as well as a basic set of predefined rules If a rule already exists to allow or deny a specific type of communication that rule is automatically applied For c...

Page 5: ...may wish to allow communication on port 443 HTTPS There are three ways to accomplish this o Wait until the web browser establishes communication on port 443 e g when you log in to your online banking...

Page 6: ...ve been defined the connection is denied and no dialog window is displayed This is the main difference between Interactive and Policy based mode Policy based mode is well suited to large corporate net...

Page 7: ...rewall will treat that network as not trusted Networks marked as Not trusted The opposite of the Trusted zone It should list all IP addresses address ranges and subnets that are automatically treated...

Page 8: ...add the IP addresses 217 67 22 98 and 72 32 7 91 and name it Internet FTP servers Create a new rule allowing outgoing FTP communication On the Remote tab add the zones Trusted zone and Internet FTP s...

Page 9: ...ication is enabled only for Outlook Express and HTTP traffic only for Mozilla Firefox 2 4 Rule configuration strategy in large networks If you wish to set the most strict level of network access for c...

Page 10: ...program settings based on an existing configuration In both cases the Zone and rule setup dialog windows are similar to each other Items with grey background mark rules defined by ESET In certain cas...

Page 11: ...e name of the application process to which the rule applies Remote port target communication port or group of ports Remote address target IP address or IP address range or subnet NOTE The rule order i...

Page 12: ...3 IMAP IP addresses of your email servers remote address can be filled in if you want very strict protection Web browsing Out TCP Web browser process 80 HTTP 443 HTTPS or proxy server port FTP client...

Page 13: ...ication Remote port Remote address svchost exe ven Out TCP svchost exe 443 update microsoft com download microsoftupdates com windowsupdate microsoft com 3 1 Detection of modified applications The App...

Page 14: ...and downloads PDF documents from the Internet Thus a specific rule exclusion would need to be defined to allow this activity 3 2 Logging network activity Information about processed or blocked activi...

Page 15: ...firewall can be viewed by clicking Protection status Personal firewall from the main program window You can right click to open a context menu showing additional options such as Temporarily deny comm...

Page 16: ...an existing user defined rule is renamed a duplicate rule is created after the configuration is applied If you want to use an exported configuration but want to change Personal firewall settings only...

Page 17: ...ss of the filtering mode This will prevent users from seeing dialog windows asking them to add the current subnet to the Trusted or Not trusted zone ESET Smart Security does not contain any predefined...

Reviews: