20
shortened view. The lower section displays details about the rule
currently selected in the upper section. At the very bottom are the
buttons
New
,
Edit
,
and
Delete
, which allow the user to configure
rules.
If taking into account the direction of communication, connections
can be divided into incoming and outgoing connections. Incoming
connections are initiated by a remote computer attempting to
establish connection with the local system. Outgoing connections
work in the opposite way – the local side contacts a remote computer.
If a new unknown communication is detected, you must carefully
consider whether to allow or deny it. Unsolicited, unsecured or totally
unknown connections pose a security risk to the system. If such
a connection is established, we recommend that you pay particular
attention to the remote side and the application attempting to
connect to your computer. Many infiltrations try to obtain and send
private data, or download other malicious applications to the host
workstations. The Personal firewall allows the user to detect and
terminate such connections.
4.2.4.1
Creating new rules
When installing a new application which accesses the network or
when modifying an existing connection (remote side, port number,
etc.), a new rule must be created.
To add a new rule, verify that the
Rules
tab is selected. Then, click
the
New
button in the
Zone and rule
setup window. Clicking on this
button opens a new dialog window which allows the specification of a
new rule. The upper part of the window contains three tabs:
▪
General:
Specifies the name of the rule, direction, action and
protocol. Direction is either in or out (or both). Action means
allowing or denying the given connection.
▪
Local:
Displays information about the local side of the connection,
including the number of the local port or port range and the name
of the communicating application.
▪
Remote:
This tab contains information about the remote port
(port range). It also allows the user to define a list of remote IP
addresses or zones for a given rule.
A good example of adding a new rule is allowing your Internet browser
to access the network. The following must be provided in this case:
▪
On the
General
tab, enable outgoing communication via the
TCP & UDP protocol
▪
Add the process representing your browser application
(for Internet Explorer it is iexplore.exe) on the
Local
tab
▪
On the
Remote
tab, enable port number 80 only if you wish to
allow standard World Wide Web services
4.2.4.2
Editing rules
To modify an existing rule, click the
Edit
button. All the
above‑mentioned parameters (which are described in the chapter
“Creating new rules”) can be modified.
Modification is required each time any of the monitored parameters
are changed. As a result, the rule does not fulfill the conditions and the
specified action cannot be applied. In the end, the given connection
may be refused, which can result in problems with operation of the
application in question. An example is a change of network address
or port number for the remote side.
4.2.5
Configuring zones
A zone represents a collection of network addresses which create one
logical group. Each address in a given group is assigned similar rules
defined centrally for the whole group. One example of such a group
is the Trusted zone. The Trusted zone represents a group of network
addresses which are fully trusted by the user and which are not
blocked by the Personal firewall in any way.
These zones can be configured using the
Zones
tab in the
Zone and
rule setup
window, by clicking the
New
button. Enter the name of
the zone, its description and list of network addresses into the newly
opened window.
4.2.6
Establishing connection – detection
The Personal firewall detects each newly‑created network connection.
The active firewall mode (Automatic, Interactive, Policy‑based)
determines which actions are performed for the new rule. Where
either the Automatic or Policy‑based mode is activated, the Personal
firewall will perform predefined actions with no user intervention.