Anti-Hacker
143
amount of time, and the user receives a message stating that his computer was
subjected to an attempted network attack.
The Intrusion Detection System uses a special network attack database in
analysis, which Kaspersky Lab adds to regularly, and is updated together with
the threat signatures.
Your computer is protected at the application level by making your computer’s
installed applications follow Anti-Hacker’s application rules for the use of network
resources. Similarly to the network security level, the application level security is
built on analyzing data packets for direction, transfer protocol, and what ports
they use. However, at the application level, both data packet traits and the
specific application that sends and receives the packet are taken into account.
Using application rules helps you to configure specific protection allowing, for
example, a certain connection type to be banned for some applications but not
for others.
There are two Anti-Hacker rule types, based on the two Anti-Hacker security
levels:
•
Packet filtering rules
(see 12.2.1 on pg. 147). Used to create general
restrictions on network activity, regardless of the applications installed.
Example: if you create a packet filtering rule that blocks inbound
connections on port 21, no applications that use that port (an ftp server,
for example) will be accessible from the outside.
•
Application rules
(see 12.2 on pg. 145). Used to create restrictions on
network activity for specific applications. Example: If connections on port
80 are blocked for each application, you can create a rule that allows
connections on that port for Firefox only.
There are two types of application and packet filtering rules:
allow
and
block
.
The program installation includes rules which regulate network activity for the
commonest applications and using the commonest protocols and ports.
Kaspersky Internet Security also includes a set of allow rules for trusted
applications whose network activity is not suspect.
Kaspersky Internet Security breaks down the entire network space into
security
zones
to make settings and rules more user-friendly, which largely correspond to
the subnets that your computer belongs to. You can assign a status to each zone
(
Internet, Local Area Network, Trusted
), which determine the policy for applying
rules and monitoring network activity in that zone (see 12.5 on pg. 154).
A special feature of Anti-Hacker,
Stealth Mode
, prevents the computer from
being detected from the outside, so that hackers cannot detect the computer to
attack it. This mode does not affect your computer’s performance on the Internet:
you are advised not to use Stealth Mode if your computer is functioning as a
server.
