eScan BlogeScan Blog    eScan WebsiteeScan Website    eScan ForumeScan Forum    eScan FeedseScan Feeds     
    
Languages:     

From eScan Wiki

(Difference between revisions)
Jump to: navigation, search
Revision as of 12:33, 17 November 2008
WikiSysop (Talk | contribs)

← Previous diff
Current revision
WikiSysop (Talk | contribs)

Line 1: Line 1:
-'''eScan Firewall''' is a comprehensive software firewall that is designed to prevent unauthorized access to a computer or network that is connected to the Internet. It enforces a boundary between two or more networks by implementing default or user-defined access-control policies (rules) between two or more networks.+{| class="wikitable" border="0"
 +|-
 +{| id="mp-topbanner" style="width:100%; background:#fcfcfc; margin-top:1.2em; border:1px solid #ccc;"
 +| style="width:10%; color:#000;" |
 +{| style="width:100px; border:none; background:none;"
 +| [[Image:escan-g.jpg]]
 +|}
 +|style="text-align:left;"|'''·''' [[Escan/english/FAQ-eScan|<font size=1.5 color="blue"
-It allows the user to choose the type of Internet access. The user can set rules to control network access from and to their system. Rules are user’s selection of Internet access either to allow or block on the system.The rules function as filters, analyzing packets (small chunks of data) to check if they fulfill the filter criteria and if they do pass them to the requesting system or else discard them.+align="left">eScan</font>]]&nbsp;&nbsp;'''·''' [[Escan/english/MailScan-AFT|<font size=1.5
-Within the software, are provided set of predefined rules that can be added to the firewall by selecting those that are appropriate to one’s security needs. Users can define their own 'rules', and when they don't feel the need for any of the rules they have 'added', they can remove them. Among the pre-set rules involving Internet access that eConceal offers, the user is able to select ARP, DHCP & BOOTP, DNS, E-mail, WWW, News, NetBios, FTP, ICMP, ICQ, Telnet & SSH, IRC, MSN, and VPN.+color="blue">MailScan</font>]]&nbsp;&nbsp;'''·''' [[Escan/english/Technologies|<font size=1.5
-Internet access involves the usage of these functions in one form or the other.+color="blue">Technologies</font>]]
-When a system connects to a publci networkd like the Internet, the system becomes vulnerable to unauthorized access. The eConceal firewall is basically designed to protect from unauthorized access by people designed to disrupt or destroy your personal and/or business data functions, often stealing valuable information like your Identity, Account Numbers, other Personal information, Confidential information or Proprietary business related data among other things.+|style="text-align:right;"|&nbsp;&nbsp;'''·''' [[Technical Info|<font size=1.5 color="blue">Technical
-'''Vulnerable Scenarios''' -+Info</font>]]&nbsp;&nbsp;'''·''' [[Escan/english/Security_Awareness|<font size=1.5 color="blue">Security
 +Awareness</font>]]&nbsp;&nbsp;'''·''' [[User_Guides|<font size=1.5 color="blue">User Guides</font>]]
 +|}
 +
 +{| class="wikitable" border="0"
 +|}
 +<h2 id="mp-tfp-h2" style="margin:0; background:#C7E587; font-size:120%; font-weight:bold; border:10 solid #afa3bf; text-align:left; color:#000; padding:0.2em 0.4em">eScan Version 10 Online Help</h2>
 +{| class="wikitable" border="0"
 +
 +|}
 +
 +
 +
 +<font size=4>'''Firewall'''</font>
 +
 +
 +
 +__TOC__
 +
 +=='''Description'''==
 +
 +Firewall monitors all incoming and outgoing network activities in your system and also protects from all network based attacks.
 +
 +<B>'''Firewall'''</B> is a comprehensive feature that is designed to prevent unauthorized access to a computer or network that is connected to the Internet. It enforces a boundary between two or more networks by implementing default or user-defined access-control policies (rules) between two or more networks.
 +The user can set rules to control incoming network access to their system as well as outgoing traffic from their system. Rules are user defined / created or selected either to allow or block any outgoing or incoming traffic. The Firewall checks the rules and analyzes the network packets (small chunks of data) and filter. If they fulfill the criteria defined in the Rules, they are allowed to pass through or else discard them.
 +
 +Within the software, are provided set of predefined rules that can be added to the firewall by selecting those that are appropriate to one’s security needs. Users can define their own ‘rules’, and when they don’t feel the need for any of the rules they have ‘added’, they can remove them.
 +
 +'''Vulnerable Scenarios''' -
A user is vulnerable to hacker attack when their system connects to a public network A user is vulnerable to hacker attack when their system connects to a public network
 +
 +:- When you log in to chat, you connect to Internet Relay Chat (IRC) servers on the Internet and join others in the numerous ‘channels’ on the IRC network.
 +
 +:- When you use Telnet to connect to a server on the Internet and execute commands ‘on’ the server from your computer.
 +
 +:- When you use FTP to transfer files from a remote server to your computer. FTP is the File Transfer Protocol for exchanging files over the Internet, and works in the same way that HTTP and SMTP do in transferring Web pages from servers to user’s browser and transferring e-mail across the WWW respectively.
 +
 +:- When you use NetBIOS (Network Basic Input/Output System) to communicate with another user on the LAN; the LAN could in turn be connected to the Internet. NetBIOS insulates the applications that users use to communicate with one another, from understanding the underlying network details.
 +
 +:- When you are a part of a Virtual Private Networks (VPN). These private network connections communicate ‘securely’ over a public network, such as the Internet.
 +
 +:- When you browse the Web.
- - When you log in to chat, you connect to Internet Relay Chat (IRC) servers on the Internet and join others in the numerous 'channels' on the IRC network.+:- When you send/receive e-mail.
- - When you use Telnet to connect to a server on the Internet and execute commands 'on' the server from your computer. 
- - When you use FTP to transfer files from a remote server to your computer. FTP is the File Transfer Protocol for exchanging files over the Internet, and works in the same way that HTTP and SMTP do in transferring Web pages from servers to user's browser and transferring e-mail across the WWW respectively.+=='''Status in main Protection Center Window'''==
- - When you use NetBIOS (Network Basic Input/Output System) to communicate with another user on the LAN; the LAN could in turn be connected to the Internet. NetBIOS insulates the applications that users use to communicate with one another, from understanding the underlying network details.+The <B><font color="Green"> '''green''' </font></B> colored Tick <U><B><font color="Green">(√)</font></B></U> mark indicates the Firewall is active and running.
- - When you are a part of a Virtual Private Networks (VPN). These private network connections communicate 'securely' over a public network, such as the Internet.+The <B><font color="Red"> '''red''' </font></B> colored Cross mark <U><B><font color="Red">(X)</font></B></U> indicates the Firewall is inactive and stopped.
- - When you browse the Web. 
- - When you send/receive e-mail.+=='''Configuration section'''==
-The “Firewall” option page shows the current status of the Firewall Protection. The green color right tick mark denotes that the module is “Active” while the red color cross mark displays that the module is “InActive”.+:''Status: ''
-On the Firewall option page in the “Configuration” section, when clicked on the “Settings” option, one can change and customize the Firewall Protection level, while clicking on either the “Allow All”, “Filter All” and “Block All” options (next to Settings) makes the module to “Allow”, “Filter” or “Block” traffic.+:* Firewall Status – This will display whether the Firewall is Running or Disabled.
-'''1. Configuration section''' - +:* Action – This will display the Firewall Mode.
-When clicked on “Settings” the below options are available, through which the eScan software’s Firewall protection can be customized -+:'''Buttons'''
-It has different options like "Zone Rule", "Expert Rule", “Application Rule”, “Trojan Rule”, “Trusted MAC Address” and “Local IP list”.+:''Allow All'' – Clicking on this button will disable the eScan Firewall i.e. all the incoming and outgoing network traffic will not be monitored / filtered.
 +:''Limited Filter'' – Clicking on this button will enable eScan Firewall in limited mode which will monitor all incoming traffic only and will be allowed / blocked as per the conditions or rules defined in the Firewall.
-'''A) Zone Rule''' -+:''Interactive'' - Clicking on this button will enable eScan Firewall to monitor all the incoming and outgoing network traffic and will be allowed / blocked as per the conditions or rules defined in the Firewall.
-This option page has different options on the right hand side of the page like Add Host Name, Add IP, Add IP Range, Modify and Remove. +:'''Block All button''' Clicking on this button will enable eScan Firewall to block all the incoming and outgoing network traffic.
-1) Add Host Name - +:''Settings'' – To configure the Firewall, click on the Settings button.
-This option enables you to add a “host” that you wish to add to a zone. When clicked on the option of “Add Host Name”, it displays a window prompting for the Host Name, Zone, if trusted or blocked and Name for the Zone Rule and when clicked on the “OK” option, gets added to the “Zone Rule” page.+
-2) Add IP – +:'''A. Zone Rule - '''This is a set of network access rules to make the decision of allowing / blocking of the access to the system. This will contain the source IP address or source Host name or IP range either to be allowed or blocked.
-This option enables you to add an “IP” that you wish to add to a zone. When clicked on the option of “Add IP”, it displays a window prompting for the IP Address, Zone, if trusted or blocked and Name for the Zone Rule and when clicked on the “OK” option, gets added to the “Zone Rule” page.+
-3) Add IP Range +::''Buttons (to configure a Zone Rule)''
-This option enables you to add an “IP Range” that you wish to add to a zone. When clicked on the option of “Add IP Range”, it displays a window prompting for the IP Address Range, Zone, if trusted or blocked and Name for the Zone Rule and when clicked on the “OK” option, gets added to the “Zone Rule” page.+::# Add Host Name – This option enables you to add a "host" in the Zone Rule. When clicked on this button, enter the HOST name of the system, select the Zone (Trusted / Blocked) and enter a name for the Zone Rule. Click on OK button to create the Zone Rule.
 +::# Add IP – This option enables you to add an IP address of a system to be added in the Zone rule. When clicked on this button, enter the IP address of the system, select the Zone (Trusted / Blocked) and enter a name for the Zone Rule. Click on OK button to create the Zone Rule.
 +::# Add IP Range – This option enables you to add an IP range to be added in the Zone rule. When clicked on this button, add the IP Range (i.e. a range of IP that the Zone rule should be applied), select the Zone (Trusted / Blocked) and enter a name for the Zone Rule. Click on OK button to create the Zone Rule.
 +::# Modify – To modify / change any listed Zone Rule(s), click on the Modify button.
 +::# Remove - To delete any listed Zone Rule(s), click on the remove button.
-4) Modify - 
-This option works in conjunction with the present rules defined in the above categories. To change the same, select any of the above rules defined and then select the “Modify” option 
-5) Remove +:'''B. Expert Rule '''This rule is recommended for experienced users with expertise in Firewall security and networking protocols. Expert rule is based on the following below attributes:
-This option works in conjunction with the present rules defined in the above categories. To remove, select any of the above rule defined and then click on the “Remove” option+::* Source IP Address / Host Name
 +::* Source Port Number
 +::* Destination IP Address / Host Name
 +::* Destination Port Number
 +::''Buttons (to configure an Expert Rule)''
 +::'''Add''' – Click on the Add button to create a new Expert Rule. In the Add Firewall Rule Window:
-'''B) Expert Rule''' -+:::i. General tab – In this section, specify the Rule settings
-This option page has different options on the right hand side of the page like Add, Modify, Remove, Default Rule along with the UP and DOWN arrows.+::::* Rule Name – Provide a name to the Rule,
 +::::* Rule Action Action to be taken, whether to Permit Packet or Deny Packet,
 +::::* Protocol – Select the network protocol (eg.TCP, UDP, ARP etc…) on which the Rule will be applied
 +::::* Apply rule on Interface – Select the Network Interfac on which the Rule will be applied.
-1) Add - +:::ii. Source tab – In this section, specify / select the location from where the outgoing netowork traffic originates.
-This option enables you to add a new rule to the “Expert Rule”. When clicked on the option of “Add”, it displays a window with four screen, viz. General, Source, Destination and Advanced.+::::* Source IP Address –
 +:::::My Computer – The rule will be applied for the outgoing traffic originating from your computer.
-a. General -+:::::Host Name – The rule will be applied for the outgoing traffic originating from the computer as per the host name specified.
-This screen page helps to define a name for the rule being defined, the action to be taken, i.e. either to pass or reject the packet, protocol to be used and the interface to be used (network adaptors).+
-b. Source +:::::Single IP Address The rule will be applied for the outgoing traffic originating from the computer as per the IP address specified.
-This screen page helps to define the “source” of the connection, i.e. source IP Address and Port of the connection. +
-c. Destination - +:::::Whole IP Range – To enable the rule on a group of computers in series, you can specify a range of IP address. The rule will be applied for the outgoing traffic from the computer(s) which is within the defined ip range.
-This screen page helps to define the “destination” of the connection, i.e. destination IP Address and Port to get connected to.+
-d. Advanced -+:::::Any IP Address – When this option is selected, the rule will be applied for the traffic originating from ANY IP Addresses.
-This screen page is helpful ONLY incase if the ICMP protocol is selected in the above “General” screen page.+
-2) Modify -+::::* Source Port –
-This option works in conjunction with the present rules defined in the above category. To change the same, select any of the above rules defined and then select the “Modify” option.+:::::Any – When this option is selected, the rule will be applied for the outgoing traffic originating from ANY port(s).
-3) Remove -+:::::Single Port – When this option is selected, the rule will be applied for the outgoing traffic originating from the specified / defined port.
-This option works in conjunction with the present rules defined in the above category. To remove, select any of the above rule defined and then clck on the “Remove” option.+
-4) Default Rule -+:::::Port Range – To enable the rule on a group of ports in series, you can specify a range of ports. The rule will be applied for the outgoing traffic originating from the port which is within the defined range of ports.
-This option reverts back to the default rules set within the software.+
-'''Do note''' - this option should be used with caution for if the user has defined any rules they would be lost when this option is used. +:::::Port List – A list of port can be specified / added. The rule will be applied for the outgoing traffic originating from the ports as per specified in the list.
-'''The UP and DOWN arrows provided below the “default rule” option help you to move the defined rule either Upward or Downward based on one’s requirements.''' +:::::<U>'''NOTE:'''</U> The rule will be applied when the selected Source IP Address and Source Port matches together.
-'''C) Application Rule''' -+:::iii. Destination tab – In this section, specify / select the location of the computer where the incoming network traffic is destined.
-This option page has different options on the right hand side of the page like – Add and Remove.+
-1) Add - +::::* Destination IP Address –
-This option enables you to add a new rule to the “Application Rule”. When clicked on the option of “Add”, it displays a window prompting for the name of the application that needs to be filtered along with the action to be set, i.e Ask, Permit and Deny.+
-2) Remove +:::::My Computer The rule will be applied for the incoming traffic to your computer.
-This option works in conjunction with the present rules defined in the above category. To remove, select any of the above rule defined and then click on “Remove” option.+
-'''Do note''' in order to change the action preference for a particular application, simply right click on the desired application name and select the new action to be taken provided on the menu. Likewise, more information on the process properties and it’s other details can also be accessed using the appropriate options provided within.+:::::Host Name The rule will be applied for the incoming traffic to the computer as per the host name specified.
 +:::::Single IP Address – The rule will be applied for the incoming traffic to the computer as per the IP address specified.
 +:::::Whole IP Range – To apply the rule on a group of computers in series, you can specify a range of IP address. The rule will be applied for the incoming traffic to the computer(s) which is within the defined IP range.
-'''D) Trojan Rule''' +:::::Any IP Address When this option is selected, the rule will be applied for the incoming traffic to ANY IP Addresses.
-This option page has different options on the right hand side of the page like – Add, Modify, Remove, Default Rule along with the UP and DOWN arrows.+
-1) Add - +::::* Destination Port –
-This option enables you to add a new rule to the “Trojan Rule”. When clicked on the option of “Add”, it displays a window with four screen, viz. General, Source, Destination and Advanced.+
-a. General -+:::::Any – When this option is selected, the rule will be applied for the incoming traffic to ANY port.
-This screen page helps to define a name for the rule being defined, the action to be taken, i.e. either to pass or reject the packet, protocol to be used and the interface to be used (network adaptors).+
-b. Source +:::::Single Port When this option is selected, the rule will be applied for the incoming traffic to the specified / defined port.
-This screen page helps to define the “source” of the connection, i.e. source IP Address and Port of the connection. +
-c. Destination - +:::::Port Range – To enable the rule on a group of ports in series, you can specify a range of ports. The rule will be applied for the incoming traffic to the port which is within the defined range of ports.
-This screen page helps to define the “destination” of the connection, i.e. destination IP Address and Port to get connected to.+
-d. Advanced -+:::::Port List – A list of port can be specified / added. The rule will be applied for incoming traffic originating from the ports as per specified in the list.
-This screen page is helpful ONLY incase if the ICMP protocol is selected in the above “General” screen page.+
-2) Modify -+:::::<U>'''NOTE:'''</U> The rule will be applied when the selected Destination IP Address and Destination Port matches together.
-This option works in conjunction with the present rules defined in the above category. To change the same, select any of the above rules defined and then select the “Modify” option.+
-3) Remove -+:::iv. Advanced tab – This tab contains advance setting for Expert Rule.
-This option works in conjunction with the present rules defined in the above category. To remove, select any of the above rule defined and then clck on the “Remove” option.+
-4) Default Rule -+::::* Enable Advanced ICMP Processing - This is activated when the ICMP protocol is selected in the General tab.
-This option reverts back to the default rules set within the software.+::::* The packet must be from/to a trusted MAC address – When this option is selected, the rule will only be applied on the MAC address defined / listed in the Trusted MAC Address tab.
 +::::* Log information when this rule applies – This will enable to log information of the Rule when it is implied.
-'''Do note''' - this option should be used with caution for if the user has defined any rules they would be lost when this option is used.  
-'''The UP and DOWN arrows provided below the “default rule” option help you to move the defined rule either Upward or Downward based on one’s requirements.''' +::::'''Modify''' – This button will enable to change or modify any Expert Rule.
 +::::'''Remove''' – This button will delete a rule from the Expert Rule.
 +::::'''Default Rules''' – This button will load / reset the rules to the Default settings present during the installation of eScan. This will remove all the settings defined by user.
-'''E) Trusted MAC Address''' –+::::'''Up and Down Arrows''' – The UP and DOWN arrow button will enable to move the rules up or down as required and will take precedence over the rule listed below it.
-This option page has different options on the right hand side of the page like – Add, Edit, Remove, Clear All, Import.+
-1) Add - +::::''Other options on Right Click on any rule''
-This option enables you to add a new rule to the “Trusted MAC Address Rule”. When clicked on the option of “Add”, it displays a window prompting for the MAC Address and Comment for it.+
-2) Edit -+::::'''Enable Rule / Disable Rule '''–When clicked on this option this will either enable or disable the selected rules. The option toggles between Enable and Disable rule.
-This option works in conjunction with the present rules defined in the above category. To change the same, select any of the above rules defined and then select the “Edit” option.+
-3) Remove - 
-This option works in conjunction with the present rules defined in the above category. To remove, select any of the above rule defined and then clck on the “Remove” option. 
-4) Clear All – 
-This option will delete all the rules defined. 
-'''Do note''' - this option should be used with caution for if the user has defined any rules they would be lost when this option is used. +:'''C. Application Rule – '''This rule is based on the Programs / Application(s) that is permitted / denied to access the Internet or any Network services. For e.g. Internet Explorer.
 +::''Buttons (to configure an Application Rule)''.
 +::# Add – To add a new Application rule click on the Add button and browse and locate the executable file and select the action to be taken i.e. either Permit or Deny.
 +::# Remove – This button will delete a rule from the Application Rule.
 +::# Default Rules - This button will load / reset the rules to the Default settings present during the installation of eScan. This will remove all the settings defined by user.
 +::To change / modify actions on a particular Application rule, you can right click on the applications.
-5) Import –+::''Other options on Right Click on any rule''
-This option enables you to import the “trusted mac address list” from a text file.+
-F) Local IP list -+:::Ask –When the selected application is executed, eScan Firewall will prompt whether to allow this application to be permited / denined. (Rule Color code Gray).
-This option page has different options on the right hand side of the page like Add, Remove, Clear All, Default list.+
-1) Add - +:::Permit - When the selected application is executed, eScan Firewall will allow this application to run. (Rule Color code – Green).
-This option enables you to add a new rule to the “Local IP list”. When clicked on the option of “Add”, it displays a window prompting for the Local IP Address.+
-2) Remove -+:::Deny - When the selected application is executed, eScan Firewall will stop this application from running. (Rule Color code – Red).
-This option works in conjunction with the present rules defined in the above category. To remove, select any of the above rule defined and then clck on the “Remove” option.+
-3) Clear All +:::Process Properties – This will display the properties of the selected process / executable file.
-This option will delete all the rules defined.+
-Do note - this option should be used with caution for if the user has defined any rules they would be lost when this option is used. +:::Process Details – This will provide the online detail of the selected process / executable file.
-4) Default list - 
-This option reverts back to the default rules set within the software. 
-'''Do note''' - this option should be used with caution for if the user has defined any rules they would be lost when this option is used. +:'''D. Trojan Rule – '''This rule is based on predefined rules set by MicroWorld on the basis of our database and research of various Trojans that exploits the Network Services like accessing a system in the network. This rule is similar to settings in the Expert Rule.
 +:<U>'''NOTE: This feature was available only prior to eScan version 10.0.968.374 and have been removed after this version.'''</U>
 +:'''E. Trusted MAC Address – '''This section contains the information of the MAC address of the system. A MAC address (Media Access Control address) is a hardware address that uniquely identifies each node of a network. The Trusted MAC address list will be checked alongwith the Expert Rule only when "The packet must be from/to a trusted MAC address" option is checked and the action will be as per specified in the rule. (refer to the Advance Tab of the Expert Rule).
 +::''Buttons (to configure the Trusted MAC Address)''
 +:::# Add – To add a MAC address click on this button. Enter the MAC address to be added in the list for eg. 00-13-8F-27-00-47
 +:::# Edit – To modify / change the MAC Address click on this button.
 +:::# Remove – To delete the MAC Address click on this button.
 +:::# Clear All – To delete all the listed MAC Address click on this button.
-'''Other options''' +:'''F. Local IP List – '''This section contains a list of Local IP addresses.
-1. Clear Alert Cache - This option will clear / delete all the cache maintained of the alerts generated earlier.+::''Buttons (to configure the Local IP List)''
-2. OK This option will “Save” the recent settings done to the configuration of the software.+:::# Add – To add a Local IP address click on this button.
 +:::# Remove To remove a Local IP address click on this button.
 +:::# Clear All – To clear all the Local IP address in the list click on this button.
 +:::# Default List – To load the default list of IP address click on this button.
-3. Cancel – This option will discard the recent changes done to the configuration of the software.  
-4. Apply – This option will apply the recent changes done to the configuration of the software.+::''Other Buttons''
 +:::'''Clear Alert Cache''' - This option will clear / delete all the information stored by the Firewall cache
 +:::'''Show Application Alert''' – Selecting this option will display an eScan FireWall Alert displaying the blocking of any application as defined in the Application Rule.
 +=='''Reports section'''==
 +:''Statistics''
-'''2. Reports section''' - The below options are available within -+::* Inbound Traffic Allowed – Displays the number of allowed incoming traffic.
 +::* Outbound Traffic Allowed - Displays the number of allowed outgoing traffic.
 +::* Inbound Traffic Blocked - Displays the number of blocked incoming traffic.
 +::* Outbound Traffic Blocked - Displays the number of blocked outgoing traffic.
-a. Inbound Allowed (TCP/UDP) -+::'''a. View Current Network Activity''' – This will display all the network activities including Active connections and Established Connections. This will contain the information of the process, protocol, local address and the remote address and the status of each network connection.
-This displays the details of the Inbound connectiuons that were allowed.+
-b. Inbound Allowed (TCP/UDP) +::'''b. View Summary '''Clicking on this option can create a Summary / Detailed report.
-This displays the details of the Outbound connectiuons that were allowed.+A Summary report will consist of information of the rules that has been invoked and applied by the Firewall. Rules like Application Rule, Expert Rule, Zone Rule, Trojan Rule.
 +A Detailed report will consists of information of the rules including the Network Activity.
 +The report also consists of Graphical reports.
-c. Inbound Blocked (TCP/UDP) +::'''c. View Report '''Clicking on this option will display the Incoming and Outgoing traffic which is Allowed or Blocked.
-This displays the details of the Inbound connectiuons that were blocked.+
-d. Inbound Blocked (TCP/UDP) - 
-This displays the details of the Inbound connectiuons that were blocked. 
-e. View current network activity – 
-When clicked on “View current network activity” , this option dispkays different options like "Active Connections" and "Established Connections".  
-'''A) Active Connections''':+=='''Enforcement of Firewall Rules'''==
-1. Process - +Any Network packets that are received / sent on or from a Network Interface, eScan Firewall will first check the rules in the following order:
-This tab on the active connections page displays the total number of process/es that are active in the background and working +
-2. Protocol -+::1^st^ – Trojan Rules
-This tab on the active connections page displays the protocol being used by these process/es, +::<U>'''NOTE: This feature was available only prior to eScan version 10.0.968.374 and have been removed after this version.'''</U>
-3. Local Address -+::2^nd^ – Zone Rules
-This tab on the active connections page displays the local address from where these processes have started/originated from.+
-4. Remote Address -+::3^rd^ – Expert Rules
-This tab on the active connections page displays the remote address to where these processes are connecting to.+
-5. Status -+::4^th^ – Application Rules
-This tab on the active connections page displays the status of the connection of a particular process or all.+
-'''B) Established Connections''':+==<I>'''[http://download1.mwti.net/wiki/index.php/Glossary Glossary]'''</I>==
 +==<I>'''[http://download1.mwti.net/wiki/index.php/EScan_ver.10 Main Feature Index]'''</I>==
-1. Process -  
-This tab on the established connections page displays the total number of process/es that are active in the background and presently on.  
-2. Protocol - 
-This tab on the established connections page displays the protocol being used by these process/es,  
-3. Local Address - 
-This tab on the established connections page displays the local address from where these process/es have started/originated from. 
-4. Remote Address -+<br/>
-This tab on the established connections page displays the remote address to where these process/es are connecting to.+
-'''Note''':- 
-This TCP Connections module is helpful in precisely knowing which process/es are running in the background, using which protocols, the local address from where it is originating from and the remote address to where it is connected to along with it's status. So, in case you suspect your system to be infected with any malware/s, this module basically helps in identifying the process/es along with it's other characteristics (mentioned above) and then take an informed decision (by right clicking on the process/es) to either check the process/es properties, find information/detail if available on the said process/es, kill/end the process/es, etc... thus resulting in restricting/blocking any and all malware/s activity.  
-'''f. Report''' –  
-This displays the current status as a log/report. 
-Note:- Depending on the subscription, some of the listed items may be unavailable.+<!--
 +{| id="mp-bottombanner" style="width:100%; background:#fcfcfc; margin-top:1em; border:0px solid #ccc;"
 +| style="width:56%; color:#000;" |
 +{|align="center" width="150px" |
 +|[[Image:product_logo.JPG|centre]]
 +|}
 +-->

Current revision

Image:escan-g.jpg
· eScan  · MailScan  · Technologies   · Technical Info  · Security Awareness  · User Guides

eScan Version 10 Online Help


Firewall


Contents


Description

Firewall monitors all incoming and outgoing network activities in your system and also protects from all network based attacks.

Firewall is a comprehensive feature that is designed to prevent unauthorized access to a computer or network that is connected to the Internet. It enforces a boundary between two or more networks by implementing default or user-defined access-control policies (rules) between two or more networks. The user can set rules to control incoming network access to their system as well as outgoing traffic from their system. Rules are user defined / created or selected either to allow or block any outgoing or incoming traffic. The Firewall checks the rules and analyzes the network packets (small chunks of data) and filter. If they fulfill the criteria defined in the Rules, they are allowed to pass through or else discard them.

Within the software, are provided set of predefined rules that can be added to the firewall by selecting those that are appropriate to one’s security needs. Users can define their own ‘rules’, and when they don’t feel the need for any of the rules they have ‘added’, they can remove them.

Vulnerable Scenarios - A user is vulnerable to hacker attack when their system connects to a public network

- When you log in to chat, you connect to Internet Relay Chat (IRC) servers on the Internet and join others in the numerous ‘channels’ on the IRC network.
- When you use Telnet to connect to a server on the Internet and execute commands ‘on’ the server from your computer.
- When you use FTP to transfer files from a remote server to your computer. FTP is the File Transfer Protocol for exchanging files over the Internet, and works in the same way that HTTP and SMTP do in transferring Web pages from servers to user’s browser and transferring e-mail across the WWW respectively.
- When you use NetBIOS (Network Basic Input/Output System) to communicate with another user on the LAN; the LAN could in turn be connected to the Internet. NetBIOS insulates the applications that users use to communicate with one another, from understanding the underlying network details.
- When you are a part of a Virtual Private Networks (VPN). These private network connections communicate ‘securely’ over a public network, such as the Internet.
- When you browse the Web.
- When you send/receive e-mail.


Status in main Protection Center Window

The green colored Tick (√) mark indicates the Firewall is active and running.

The red colored Cross mark (X) indicates the Firewall is inactive and stopped.


Configuration section

Status:
  • Firewall Status – This will display whether the Firewall is Running or Disabled.
  • Action – This will display the Firewall Mode.
Buttons
Allow All – Clicking on this button will disable the eScan Firewall i.e. all the incoming and outgoing network traffic will not be monitored / filtered.
Limited Filter – Clicking on this button will enable eScan Firewall in limited mode which will monitor all incoming traffic only and will be allowed / blocked as per the conditions or rules defined in the Firewall.
Interactive - Clicking on this button will enable eScan Firewall to monitor all the incoming and outgoing network traffic and will be allowed / blocked as per the conditions or rules defined in the Firewall.
Block All button – Clicking on this button will enable eScan Firewall to block all the incoming and outgoing network traffic.
Settings – To configure the Firewall, click on the Settings button.
A. Zone Rule - This is a set of network access rules to make the decision of allowing / blocking of the access to the system. This will contain the source IP address or source Host name or IP range either to be allowed or blocked.
Buttons (to configure a Zone Rule)
  1. Add Host Name – This option enables you to add a "host" in the Zone Rule. When clicked on this button, enter the HOST name of the system, select the Zone (Trusted / Blocked) and enter a name for the Zone Rule. Click on OK button to create the Zone Rule.
  2. Add IP – This option enables you to add an IP address of a system to be added in the Zone rule. When clicked on this button, enter the IP address of the system, select the Zone (Trusted / Blocked) and enter a name for the Zone Rule. Click on OK button to create the Zone Rule.
  3. Add IP Range – This option enables you to add an IP range to be added in the Zone rule. When clicked on this button, add the IP Range (i.e. a range of IP that the Zone rule should be applied), select the Zone (Trusted / Blocked) and enter a name for the Zone Rule. Click on OK button to create the Zone Rule.
  4. Modify – To modify / change any listed Zone Rule(s), click on the Modify button.
  5. Remove - To delete any listed Zone Rule(s), click on the remove button.


B. Expert Rule – This rule is recommended for experienced users with expertise in Firewall security and networking protocols. Expert rule is based on the following below attributes:
  • Source IP Address / Host Name
  • Source Port Number
  • Destination IP Address / Host Name
  • Destination Port Number
Buttons (to configure an Expert Rule)
Add – Click on the Add button to create a new Expert Rule. In the Add Firewall Rule Window:
i. General tab – In this section, specify the Rule settings
  • Rule Name – Provide a name to the Rule,
  • Rule Action – Action to be taken, whether to Permit Packet or Deny Packet,
  • Protocol – Select the network protocol (eg.TCP, UDP, ARP etc…) on which the Rule will be applied
  • Apply rule on Interface – Select the Network Interfac on which the Rule will be applied.
ii. Source tab – In this section, specify / select the location from where the outgoing netowork traffic originates.
  • Source IP Address –
My Computer – The rule will be applied for the outgoing traffic originating from your computer.
Host Name – The rule will be applied for the outgoing traffic originating from the computer as per the host name specified.
Single IP Address – The rule will be applied for the outgoing traffic originating from the computer as per the IP address specified.
Whole IP Range – To enable the rule on a group of computers in series, you can specify a range of IP address. The rule will be applied for the outgoing traffic from the computer(s) which is within the defined ip range.
Any IP Address – When this option is selected, the rule will be applied for the traffic originating from ANY IP Addresses.
  • Source Port –
Any – When this option is selected, the rule will be applied for the outgoing traffic originating from ANY port(s).
Single Port – When this option is selected, the rule will be applied for the outgoing traffic originating from the specified / defined port.
Port Range – To enable the rule on a group of ports in series, you can specify a range of ports. The rule will be applied for the outgoing traffic originating from the port which is within the defined range of ports.
Port List – A list of port can be specified / added. The rule will be applied for the outgoing traffic originating from the ports as per specified in the list.
NOTE: The rule will be applied when the selected Source IP Address and Source Port matches together.


iii. Destination tab – In this section, specify / select the location of the computer where the incoming network traffic is destined.
  • Destination IP Address –
My Computer – The rule will be applied for the incoming traffic to your computer.
Host Name – The rule will be applied for the incoming traffic to the computer as per the host name specified.
Single IP Address – The rule will be applied for the incoming traffic to the computer as per the IP address specified.
Whole IP Range – To apply the rule on a group of computers in series, you can specify a range of IP address. The rule will be applied for the incoming traffic to the computer(s) which is within the defined IP range.
Any IP Address – When this option is selected, the rule will be applied for the incoming traffic to ANY IP Addresses.
  • Destination Port –
Any – When this option is selected, the rule will be applied for the incoming traffic to ANY port.
Single Port – When this option is selected, the rule will be applied for the incoming traffic to the specified / defined port.
Port Range – To enable the rule on a group of ports in series, you can specify a range of ports. The rule will be applied for the incoming traffic to the port which is within the defined range of ports.
Port List – A list of port can be specified / added. The rule will be applied for incoming traffic originating from the ports as per specified in the list.
NOTE: The rule will be applied when the selected Destination IP Address and Destination Port matches together.
iv. Advanced tab – This tab contains advance setting for Expert Rule.
  • Enable Advanced ICMP Processing - This is activated when the ICMP protocol is selected in the General tab.
  • The packet must be from/to a trusted MAC address – When this option is selected, the rule will only be applied on the MAC address defined / listed in the Trusted MAC Address tab.
  • Log information when this rule applies – This will enable to log information of the Rule when it is implied.


Modify – This button will enable to change or modify any Expert Rule.
Remove – This button will delete a rule from the Expert Rule.
Default Rules – This button will load / reset the rules to the Default settings present during the installation of eScan. This will remove all the settings defined by user.
Up and Down Arrows – The UP and DOWN arrow button will enable to move the rules up or down as required and will take precedence over the rule listed below it.
Other options on Right Click on any rule
Enable Rule / Disable Rule –When clicked on this option this will either enable or disable the selected rules. The option toggles between Enable and Disable rule.


C. Application Rule – This rule is based on the Programs / Application(s) that is permitted / denied to access the Internet or any Network services. For e.g. Internet Explorer.
Buttons (to configure an Application Rule).
  1. Add – To add a new Application rule click on the Add button and browse and locate the executable file and select the action to be taken i.e. either Permit or Deny.
  2. Remove – This button will delete a rule from the Application Rule.
  3. Default Rules - This button will load / reset the rules to the Default settings present during the installation of eScan. This will remove all the settings defined by user.
To change / modify actions on a particular Application rule, you can right click on the applications.
Other options on Right Click on any rule
Ask –When the selected application is executed, eScan Firewall will prompt whether to allow this application to be permited / denined. (Rule Color code – Gray).
Permit - When the selected application is executed, eScan Firewall will allow this application to run. (Rule Color code – Green).
Deny - When the selected application is executed, eScan Firewall will stop this application from running. (Rule Color code – Red).
Process Properties – This will display the properties of the selected process / executable file.
Process Details – This will provide the online detail of the selected process / executable file.


D. Trojan Rule – This rule is based on predefined rules set by MicroWorld on the basis of our database and research of various Trojans that exploits the Network Services like accessing a system in the network. This rule is similar to settings in the Expert Rule.
NOTE: This feature was available only prior to eScan version 10.0.968.374 and have been removed after this version.
E. Trusted MAC Address – This section contains the information of the MAC address of the system. A MAC address (Media Access Control address) is a hardware address that uniquely identifies each node of a network. The Trusted MAC address list will be checked alongwith the Expert Rule only when "The packet must be from/to a trusted MAC address" option is checked and the action will be as per specified in the rule. (refer to the Advance Tab of the Expert Rule).
Buttons (to configure the Trusted MAC Address)
  1. Add – To add a MAC address click on this button. Enter the MAC address to be added in the list for eg. 00-13-8F-27-00-47
  2. Edit – To modify / change the MAC Address click on this button.
  3. Remove – To delete the MAC Address click on this button.
  4. Clear All – To delete all the listed MAC Address click on this button.


F. Local IP List – This section contains a list of Local IP addresses.
Buttons (to configure the Local IP List)
  1. Add – To add a Local IP address click on this button.
  2. Remove – To remove a Local IP address click on this button.
  3. Clear All – To clear all the Local IP address in the list click on this button.
  4. Default List – To load the default list of IP address click on this button.


Other Buttons
Clear Alert Cache - This option will clear / delete all the information stored by the Firewall cache
Show Application Alert – Selecting this option will display an eScan FireWall Alert displaying the blocking of any application as defined in the Application Rule.


Reports section

Statistics
  • Inbound Traffic Allowed – Displays the number of allowed incoming traffic.
  • Outbound Traffic Allowed - Displays the number of allowed outgoing traffic.
  • Inbound Traffic Blocked - Displays the number of blocked incoming traffic.
  • Outbound Traffic Blocked - Displays the number of blocked outgoing traffic.
a. View Current Network Activity – This will display all the network activities including Active connections and Established Connections. This will contain the information of the process, protocol, local address and the remote address and the status of each network connection.
b. View Summary – Clicking on this option can create a Summary / Detailed report.

A Summary report will consist of information of the rules that has been invoked and applied by the Firewall. Rules like Application Rule, Expert Rule, Zone Rule, Trojan Rule. A Detailed report will consists of information of the rules including the Network Activity. The report also consists of Graphical reports.

c. View Report – Clicking on this option will display the Incoming and Outgoing traffic which is Allowed or Blocked.


Enforcement of Firewall Rules

Any Network packets that are received / sent on or from a Network Interface, eScan Firewall will first check the rules in the following order:

1^st^ – Trojan Rules
NOTE: This feature was available only prior to eScan version 10.0.968.374 and have been removed after this version.
2^nd^ – Zone Rules
3^rd^ – Expert Rules
4^th^ – Application Rules



Glossary

Main Feature Index





eScan Copyright © 2015 MicroWorld Technologies Inc.- AntiVirus & Content Security.       Send your feedback to solutions@escanav.com eScan Wiki

    Privacy policy  About eScan Wiki  Disclaimers   This page has been accessed 71,803 times.