9
firewall:
• Leave
Automatic filtering mode
enabled on the Personal firewall and redefine the Trusted zone, if necessary.
With this configuration, users will not be prompted to select a protection mode if they connect to a new network
(e.g., with mobile devices such as notebooks). Keep in mind that outgoing communication will not be completely
filtered.
• Select the
Interactive filtering mode
in the Personal firewall. This mode is not suitable for inexperienced users,
since any new communication not specified by a rule will prompt to create one. This may cause problems and is
not recommended.
• Switch to the
Policy-based filtering mode
in the Personal firewall and create more “lenient” rules. For example,
all SMTP, HTTP and POP3 communication would be allowed, regardless of the application establishing them.
Such rules should be set up by an experienced network administrator.
• Select the
Policy-based filtering mode
in the Personal firewall with additional rules which dictate that certain
networking services can only be used by specific applications or processes. For example, communication for the
process firefox.exe will be allowed only on remote ports 80 (HTTP) and 443 (HTTPS); Outlook Express only on
ports 25, 110, 143 and limited to the IP addresses where the company’s email servers are located, etc.
This last scenario is the most complex and may require fine-tuning of some rules, but it also offers the highest level
of security. For example: Malicious code which is not recognized by the resident antivirus protection attacks a
computer. The code creates a local SMTP server and sends spam messages on behalf of a remote web server from
a predefined public IP address. This type of infiltration will be automatically blocked in the last scenario, because
SMTP communication is enabled only for Outlook Express and HTTP traffic only for Mozilla Firefox.
2..4 Rule configuration strategy in large networks
If you wish to set the most strict level of network access for client computers, use
Policy-based filtering mode
,
because it allows no user intervention.
2
The successful deployment of Policy-based mode requires thorough
preparation, as blocking of legitimate applications must be avoided. There are several methods for deploying Policy-
based mode:
•
Define rules “from scratch” and directly install ESET Smart Security with Policy-based mode turned on.
The risk is that you may forget to specify rules for some applications and their communication will be
automatically blocked.
•
First install ESET Smart Security, switch to Interactive filtering mode, and define rules “on-the-fly” as individual
communications occur during regular operation of the system.
If a new communication is detected (no rule is defined), a dialog window requiring user intervention is displayed.
If it is a common and legitimate communication, you may want to define a rule immediately. Typically, the
rule configuration process takes several days to complete, as rules for all applications must be created through
regular interaction with the network. This is the recommended method.
.
TIP:
After using Interactive mode for several days , switch to Policy-based filtering mode and export the ESET
Smart Security settings (including all rules) to an .xml file. The settings can then be exported using ESET Remote
Administrator, or ESET Smart Security itself (
Setup > Import and export settings......
). The .xml configuration can
then be used for remote configuration of the program to other computers or it can be imported locally using the
same feature in ESET Smart Security (
Setup -> Import and export settings......
).
2 Please note that in order to prevent users from altering Personal firewall rules, you must set a password to
protect the program parameters of the ESET Smart Security client.
