Presentation is loading. Please wait.

Presentation is loading. Please wait.

FEATURES & FUNCTIONALITY. Page 2 Agenda Main topics Packet Filter Firewall Application Control Other features.

Similar presentations


Presentation on theme: "FEATURES & FUNCTIONALITY. Page 2 Agenda Main topics Packet Filter Firewall Application Control Other features."— Presentation transcript:

1 FEATURES & FUNCTIONALITY

2 Page 2 Agenda Main topics Packet Filter Firewall Application Control Other features

3 Page 3 Requirements Supported platfroms Windows 2000 Professional (with SP4 or higher) and Windows XP (Professional and Home Edition, with SP1 or higher) Also installs on Longhorn Beta Minimum requirements Intel Pentium compatible hardware 128 MB (Windows 2000), 256 MB (Windows XP) 256 MB or more recommended (depending on the installed components)! 50 MB free hard disk space Internet connection recommended

4 PACKET FILTER FIREWALL

5 Page 5 IP Filtering for Workstations Protects data on mobile workstations and desktops against network worms and cracking Intercepts IP packets at the NDIS (Network Device Interface Specification) layer Allowed incoming packets are forwarded to the TCP/IP stack Allowed outgoing packets are sent out through the network interface Application Presentation Session Transport Network DataLink Physical

6 Page 6 Filtering Rules Filtering traffic based on rules Rules for inbound, outbound or bi- directional traffic There is no need of allowing inbound traffic to any workstations Administrator can define what traffic is allowed from one network segment to another or between corporate departments Also, it is possible to define filtering rules for host-to-host or host-to- network connections

7 Page 7 Predefined Rules Rules are bundled into six Security Levels Block all Mobile Home Office Custom Network quarantine

8 Page 8 Predefined Services F-Secure predefined approximately 100 services IP Protocols ICMP, TCP, UDP Application level protocols HTTP, HTTPS, DNS, SMB, etc.

9 Page 9 User Definable Services New services can be defined according to IP Protocol For TCP/UDP protocols Initiator and responder port number or range For ICMP Type and codes Allow broadcasts for UDP and ICMP yes/no

10 Page 10 SECURITY LEVEL RULES Allow Web Browsing Security Levels Structure SERVICES HTTP / Hyper Text Transfer Protocol out HTTPS (SSL) out FTP / File Transfer Protocol out 1 2 3

11 Page 11 Intrusion Detection System (IDS) Analyses the payload and the header information of an IP packet to detect different kind of intrusion attempts Monitors inbound traffic Inspects single packets only, not full stream or TCP/IP sequence System alerts on 31 malicous packets; most common operating system fingerprinting attempts (nmap, CyberCop), port scans and network worms Database selected carefully to avoid false positives Patterns are updated when software is updated IDS engine is divided in to generic IP engine (13 packets), UDP protocol engine (5 packets) and TCP protocol engine (13 packets)

12 Page 12 Internet Connection Sharing Possibility of sharing the internet connection with other local computers Needs at least two network interfaces Define the internal network card as a ”Trusted interface” No filtering, everything passes through the defined network interface Important: Trusted interface should be disabled for the whole domain! Set “Allow Trusted Interface = disabled” (mark as final!) X

13 APPLICATION CONTROL

14 Page 14 Application Control Decides what products can and what cannot be used to connect to the internet, manipulate or launch other programs Application controls Connection Control Manipulating Control Launching Control What is controlled External connection attempts Code injections Application launches

15 Page 15 Application Connection Control Protection against malicious programs that try to open connections from the local machine to an outside host Detects outbound connection attempts and inbound listening attempts Prompts the user to allow this connection before opening it Application controls Connection Control Manipulating Control Launching Control

16 Page 16 Application Launching Control Protection against malicious programs that try to launch other application instances Disabled by default Application controls Connection Control Manipulating Control Launching Control

17 Page 17 Application Manipulation Control Detects applications trying to inject code into the memory space of running applications Disabled by default Application controls Connection Control Manipulating Control Launching Control

18 Page 18 Executable Decisions Permanent Application control decisions regarding a certain program are always tied to the executable Binary change detection uses a hash function (SHA-1 checksum) If a program is updated, Internet Shield will prompt for a new decision Policy Manger is pre-configured with a whitelist of most critical windows and F-Secure services (e.g. allowing AUA connections)

19 Page 19 Dynamic Rules Application connection control creates dynamic rules to the firewall packet filter rulebase Creates dynamic inbound rules for allowed applications Checks for existing outbound static rules before opening the connection to prevent timeouts Tied to the executable Rules visible in the rulebase Rules only in use when the executable is running Rules added juts before the last deny rest rule

20 Page 20 Central Administration Policy Manager supports central administration for Application Connection Control PMC application rules overwrite user defined rules Applications cannot be added manually (need to be reported by the hosts) All new application connections can be reported to FSPMC (except system and boot time services)

21 OTHER FEATURES

22 Page 22 Dial-up Control Protection against malicous dialing attempts (monitors dialup processes, e.g. RAS API) Maintains a list of allowed or denied numbers Limited central management (user decisions are not reported to the PMC!) Hang-up control Only allowed applications can close an active connection.

23 Page 23 Alerting Internet Shield alerts are divided into two groups Packet filter alerts (only create a log entry if so defined in the rule) Log only (blue alert) Log and pop-up (red alert) Intrusion alerts (yellow alert)

24 Page 24 Logging Extended logging capabilities All firewall actions All alerts Packet logging Packet logging will grab all frames from all network devices and store them to a file Useful for debugging Needs to be activated with a specific policy!

25 Page 25 Summary Main topics Packet Filter Firewall Application Control Other features


Download ppt "FEATURES & FUNCTIONALITY. Page 2 Agenda Main topics Packet Filter Firewall Application Control Other features."

Similar presentations


Ads by Google