Filter
Top Products
Trusting Intruders
39
Trusting Intruders
Introduction When an address is trusted, Desktop Protector assumes all communication from that
address is authorized and excludes the address from any intrusion detection. Trusting
ensures that Desktop Protector does not block systems whose intrusions may be useful to
you. You can choose to trust a system that has already intruded on your computer, or you
can identify a potential intruder to trust ahead of time.
Important: Trust only those systems that you are certain are safe, or are legitimately
executing network scans, such as servers from an ISP. Keep in mind that intruders can
fake the IP addresses of internal systems. It is possible, though very unlikely, for an
intruder to fake a trusted address and avoid detection from Desktop Protector.
Trusting an existing
intruder
To trust an intruder that Desktop Protector has detected:
1. Do one of the following:
■ On the Intruders tab, right-click the intruder.
■ On the Events tab, right-click the event/intruder combination that includes the
intruder you want to trust.
2. On the shortcut menu, select Trust Intruder.
3. From the submenu, select one of the following:
■ Trust and Accept: The BlackICE intrusion detection component ignores all attacks
from the intruder and the firewall accepts all communications from the intruder's
IP address. The intruder is not subjected to any Desktop Protector detection or
protection.
■ Trust Only: The BlackICE intrusion detection component ignores all attacks from
the intruder.
Important: Use caution when trusting a system. Intruders often mask their identity
with forged IP addresses, so an intruder could use your trusted addresses as a
mechanism against you. We recommend only trusting those systems that are
authorized, trustworthy and secure.
4. Click Yes.
Desktop Protector immediately starts trusting the intruder, and adds the intruder
address to the list of trusted IP addresses on the Desktop Protector Settings Detection
tab.
Trusting an intruder
in advance
To trust an intruder that Desktop Protector has not yet detected:.
1. From the Main Menu, select To ol s
ÆEdit BlackICE Settings.
2. Select the Intrusion Detection tab.
3. Click Add.
The Exclude from Reporting window appears.
4. Type the IP address in the IP box, or select All.
■ Use standard
000.000.000.000
notation.
■ If you are specifying a range of IP addresses, place a dash between them. For
example,
192.168.10.23–192.168.10.32
.
5. Click OK.