Filter
Top Products
The Desktop Protector Firewall
5
The Desktop Protector Firewall
Introduction Desktop Protector automatically stops most intrusions according to the protection level
you have chosen, but you still may notice activity that isn't explicitly blocked. You can
configure the Desktop Protector firewall to increase your protection. You can block
intrusions from a particular address, or you can block intrusions that use a particular
protocol.
Protocol analysis The Desktop Protector firewall works by recognizing the special languages computers use
to communicate. For example, your browser receives messages encoded in Hypertext
Transfer Protocol (HTTP) from the Web. These information packets are usually received
through port 80. When Desktop Protector detects traffic coming in through port 80 that is
not correctly encoded in HTTP packets, there may be cause for suspicion.
Dynamic Firewall Your firewall uses information from the BlackICE intrusion detection engine to
reconfigure itself in response to intrusions. The intrusion detection component analyzes
unusual packets and, if they are dangerous, instantly configures the firewall to block them
before they can have any effect on your system.
Blocking an intruder You can block any intruder listed on your events list by adding an IP address to your
firewall. When you do this, no traffic from that intruder's IP address can enter your
system. For information about blocking IP addresses, see “Blocking an IP address” on
page 37.
Blocking a port If you don't have an intruder in mind but you are concerned about intrusion attempts
using a specific internet protocol, you can block the port (or ports) that protocol uses.
Adding a port entry to your firewall ensures that no traffic from any IP address can enter
your system using that port. For information about blocking ports, see “Ignoring Events”
on page 40.
Ignoring events To help reduce the amount of information you have to deal with, you can choose to ignore
events that don't pose any threat to your system. For example, your company’s
Information Services department may carry out routine port scans for network
management purposes. When such a scan appears on your events list, you can right-click
the event and select Ignore. For information about ignoring events, see “Ignoring Events”
on page 40.
Trusting an address When you know a particular IP address is safe, you can choose to ignore all events from
that address. This is called trusting an address. For example, when another computer on
your internal network accesses files on your system, it can appear as an intrusion on your
events list. You can right-click these events and select Tr us t and Accept to tell Desktop
Protector not to record any events from that computer. For information about trusting and
accepting, see “Trusting Intruders” on page 39.