Welcome to eScan Wikipedia

From eScan Wiki

· eScan  · MailScan  · Technologies

· Technical Info  · Security Awareness  · User Guides

Contents 1 Firewall

Firewall

Firewall is a security feature of eScan\’s Protection module. It is designed to monitor all incoming and outgoing network traffic and protect your computer from all types of network based attacks. eScan includes a set of predefined access control rules that you can remove or customize as per your requirements. These rules enforce a boundary between your computer and the network. Therefore, the Firewall feature first checks the rules, analyzes network packets, and filters them on the basis of the specified rules. When you connect to the Internet, you expose your computer to various security threats. The Firewall feature of eScan protects your data when you:

• Connect to Internet Relay Chat (IRC) servers and join other people on the numerous channels on the IRC network.
• Use Telnet to connect to a server on the Internet and then execute the commands on the server.
• Use FTP to transfer files from a remote server to your computer.
• Use Network basic input/output system (NetBIOS) to communicate with other users on the LAN that is connected to the Internet.
• Use a computer that is a part of a Virtual Private Network (VPN).
• Use a computer to browse the Internet.
• Use a computer to send or receive e mail.

By default, the firewall operates in the Allow All mode. However, you can customize the firewall by using options like Limited Filter for filtering only incoming traffic and Interactive Filter to turn off and block all. The eScan Firewall also allows you to specify different set of rules for allowing or blocking incoming or outgoing traffic. These rules include Zone Rules, Expert Rules, Trusted Media Access Control (MAC) Address, and Local IP list. This page provides you with options for configuring the module. You can configure the following settings to be deployed to the eScan client systems.

Allow All – Clicking on this button will disable the eScan Firewall i.e. all the incoming and outgoing network traffic will not be monitored / filtered.

Limited Filter – Clicking on this button will enable eScan Firewall in limited mode which will monitor all incoming traffic only and will be allowed / blocked as per the conditions or rules defined in the Firewall.

Interactive - Clicking on this button will enable eScan Firewall to monitor all the incoming and outgoing network traffic and will be allowed / blocked as per the conditions or rules defined in the Firewall.

There are four tabs – Zone Rule, Expert Rule, Trusted MAC Address, and Local IP List, which are as follows:

A. Zone Rule - This is a set of network access rules to make the decision of allowing / blocking of the access to the system. This will contain the source IP address or source Host name or IP range either to be allowed or blocked.

Buttons (to configure a Zone Rule)

1. Add Host Name – This option enables you to add a "host" in the Zone Rule. When clicked on this button, enter the HOST name of the system, select the Zone (Trusted / Blocked) and enter a name for the Zone Rule. Click on OK button to create the Zone Rule.
2. Add IP – This option enables you to add an IP address of a system to be added in the Zone rule. When clicked on this button, enter the IP address of the system, select the Zone (Trusted / Blocked) and enter a name for the Zone Rule. Click on OK button to create the Zone Rule.
3. Add IP Range – This option enables you to add an IP range to be added in the Zone rule. When clicked on this button, add the IP Range (i.e. a range of IP that the Zone rule should be applied), select the Zone (Trusted / Blocked) and enter a name for the Zone Rule. Click on OK button to create the Zone Rule.
4. Modify – To modify / change any listed Zone Rule(s), select the zone rule to be modified and click on the Modify button.
5. Remove - To delete any listed Zone Rule(s), select the zone rule to be deleted and click on the remove button.

B. Expert Rule – This tab allows you to specify advanced rules and settings for the eScan firewall. You can configure expert rules on the basis of the various rules, protocols, source IP address and port, destination IP address and port, and ICMP types. You can create new expert rules. However, you should configure these rules only if you have a good understanding of firewalls and networking protocols.

• Source IP Address / Host Name
• Source Port Number
• Destination IP Address / Host Name
• Destination Port Number

Buttons (to configure an Expert Rule)

Add – Click on the Add button to create a new Expert Rule. In the Add Firewall Rule Window:

i. General tab – In this section, specify the Rule settings

• Rule Name – Provide a name to the Rule,
• Rule Action – Action to be taken, whether to Permit Packet or Deny Packet,
• Protocol – Select the network protocol (eg.TCP, UDP, ARP etc…) on which the Rule will be applied
• Apply rule on Interface – Select the Network Interface on which the Rule will be applied.

ii. Source tab – In this section, specify / select the location from where the outgoing network traffic originates.

• Source IP Address –

My Computer – The rule will be applied for the outgoing traffic originating from your computer.

Host Name – The rule will be applied for the outgoing traffic originating from the computer as per the host name specified.

Single IP Address – The rule will be applied for the outgoing traffic originating from the computer as per the IP address specified.

Whole IP Range – To enable the rule on a group of computers in series, you can specify a range of IP address. The rule will be applied for the outgoing traffic from the computer(s) which is within the defined ip range.

Any IP Address – When this option is selected, the rule will be applied for the traffic originating from ANY IP Addresses.

• Source Port –

Any – When this option is selected, the rule will be applied for the outgoing traffic originating from ANY port(s).

Single Port – When this option is selected, the rule will be applied for the outgoing traffic originating from the specified / defined port.

Port Range – To enable the rule on a group of ports in series, you can specify a range of ports. The rule will be applied for the outgoing traffic originating from the port which is within the defined range of ports.

Port List – A list of port can be specified / added. The rule will be applied for the outgoing traffic originating from the ports as per specified in the list.

NOTE: The rule will be applied when the selected Source IP Address and Source Port matches together.

iii. Destination tab – In this section, specify / select the location of the computer where the incoming network traffic is destined.

• Destination IP Address –

My Computer – The rule will be applied for the incoming traffic to your computer.

Host Name – The rule will be applied for the incoming traffic to the computer as per the host name specified.

Single IP Address – The rule will be applied for the incoming traffic to the computer as per the IP address specified.

Whole IP Range – To apply the rule on a group of computers in series, you can specify a range of IP address. The rule will be applied for the incoming traffic to the computer(s) which is within the defined IP range.

Any IP Address – When this option is selected, the rule will be applied for the incoming traffic to ANY IP Addresses.

• Destination Port –

Any – When this option is selected, the rule will be applied for the incoming traffic to ANY port.

Single Port – When this option is selected, the rule will be applied for the incoming traffic to the specified / defined port.

Port Range – To enable the rule on a group of ports in series, you can specify a range of ports. The rule will be applied for the incoming traffic to the port which is within the defined range of ports.

Port List – A list of port can be specified / added. The rule will be applied for incoming traffic originating from the ports as per specified in the list.

NOTE: The rule will be applied when the selected Destination IP Address and Destination Port matches together.

iv. Advanced tab – This tab contains advance setting for Expert Rule.

• Enable Advanced ICMP Processing - This is activated when the ICMP protocol is selected in the General tab.
• The packet must be from/to a trusted MAC address – When this option is selected, the rule will only be applied on the MAC address defined / listed in the Trusted MAC Address tab.
• Log information when this rule applies – This will enable to log information of the Rule when it is implied.

Modify – This button will enable to change or modify any Expert Rule.

Remove – This button will delete a rule from the Expert Rule.

Shift Up and Shift Down – The UP and DOWN arrow button will enable to move the rules up or down as required and will take precedence over the rule listed below it.

Enable Rule / Disable Rule – These buttons allow you to enable or disable a particular selected rule from the list.

C. Trusted MAC Address – This section contains the information of the MAC address of the system. A MAC address (Media Access Control address) is a hardware address that uniquely identifies each node of a network. The Trusted MAC address list will be checked along with the Expert Rule only when "The packet must be from/to a trusted MAC address" option is checked and the action will be as per specified in the rule. (refer to the Advance Tab of the Expert Rule).

Buttons (to configure the Trusted MAC Address)

1. Add – To add a MAC address click on this button. Enter the MAC address to be added in the list for eg. 00-13-8F-27-00-47
2. Edit – To modify / change the MAC Address click on this button.
3. Remove – To delete the MAC Address click on this button.
4. Clear All – To delete all the listed MAC Address click on this button.

D. Local IP List – This section contains a list of Local IP addresses.

Buttons (to configure the Local IP List)

1. Add – To add a Local IP address click on this button.
2. Remove – To remove a Local IP address click on this button.
3. Clear All – To clear all the Local IP address in the list click on this button.
4. Default List – To load the default list of IP address click on this button.

Other Buttons

Clear Alert Cache - This option will clear / delete all the information stored by the Firewall cache

Show Application Alert – Selecting this option will display an eScan FireWall Alert displaying the blocking of any application as defined in the Application Rule.

Default Rules - This button will load / reset the rules to the Default settings present during the installation of eScan. This will remove all the settings defined by user.

• Main Page

  • HOME

• Latest Developments

  • Virus - Alerts
  • News
  • Press Releases
  • Event Feeds
  • Marketing
  • Advertisement

• Product Information

  • eScan for Windows
  • MailScan for Windows
  • Nemasis

• Knowledge Base

  • eScan
  • MailScan
  • Technologies
  • Technical Information
  • Security Awareness
  • User Guides
  • eScan Tutorials (Videos)
  • Online Guide for eScan for Windows
  • Online Guide for eScan for Linux
  • Online Guide for eScan for Mac

• For Windows Downloads

  • eScan for Windows ver.22
  • eScan for Windows ver.14
  • eScan for Windows ver.11
  • eScan for Windows ver.10
  • eScan for Windows ver.9
  • MailScan for Windows 7.x
  • MailScan for Windows 6.x
  • MailScan for Windows 5.x
  • Anti-Virus Toolkit
  • Hotfixes
  • Weekly Updates
  • User Guide

• For Linux Downloads

  • Linux Products List
  • Hotfixes
  • User Guide

• For MAC Downloads

  • eScan for Mac
  • Product Documents

• General

  • Beta Testing
  • Release Candidate
  • Glossary
  • Customer Testimonials

• Support

  • eMail
  • Online Chat
  • Telephonic Support
  • Remote Support

Views

• Article
• Discussion
• Edit
• History