eScan BlogeScan Blog    eScan WebsiteeScan Website    eScan ForumeScan Forum    eScan FeedseScan Feeds     
    
Languages:     

From eScan Wiki

Revision as of 10:01, 20 April 2009; view current revision
←Older revision | Newer revision→
Jump to: navigation, search

Firewall

Contents

Descrizione

Il Firewall sorveglia tutte le attività di rete in entrata ed in uscita nel vostro sistema e protegge contro tutti gli attachi di rete. Il Firewall è un modulo progettato per impedire l'accesso non autorizzato ad un computer o ad una rete collegati ad internet. Crea e rinforza un confine tra due o più reti implementando regole di controllo dell'accesso predefinite o create dall'utente. Gli utenti possono impostare delle regole per il controllo dell'accesso di rete in entrata al loro sistema oppure anche per il controllo del traffico in uscita dal loro sistema. Le regole sono definite / create o selezionate in modo da permettere o bloccare qualsiasi traffico in uscita o in entrata. Il Firewall verifica le regole e analizza i pachetti di rete (piccoli pezzi di dati) ed esegue il filtraggio. Se i pachetti compiono i criteri definiti nella sezione Regole, l'accesso è consentito altrimenti vengono bloccati.

Integrate nel software, è fornito un set di regole predefinite che possono essere aggiunte nel firewall selezionando quelle che rispecchiano le esigenze di sicurezza dell'utente. Gli utenti possono definire le loro proprie ‘regole’, e quando non hanno più la necessità di utilizzare queste regole ‘aggiunte’, possono rimuoverle.

Scenari di vulnerabilità - Un'utente è vulnerabile all'attaco di un hacker quando il suo sistema si collega ad una rete pubblica

- Quando entrate in una camera di chat, vi collegate in pratica ad un server Internet Relay Chat (IRC) in Internet e incontrate altre persone nei cosidetti ‘channels’ (canali) sulla rete IRC.
- Quando utilizzate Telnet per collegarvi ad un server in Internet ed eseguite dei commandi ‘sul’ server dal vostro computer.
- Quando utilizzate il protocollo FTP per transferire dei file da un server remoto sul vostro PC. L'FTP è il File Transfer Protocol per scambiare dei file utilizzando l'Internet, e funziona nello stesso modo in cui l'HTTP e l'SMTP funzionano quando si trasferiscono le pagine WEB dai server al browser degli utenti e rispettivamente, quando si trasferiscono le email via il World Wide Web.
- Quando utilizzate il protocollo NetBIOS (Network Basic Input/Output System) per communicare con un'altro utente nella rete LAN; la rete LAN potrebbe essere collegata in Internet. Il protocollo NetBIOS isola le applicazioni che gli utenti utilizzano per communicare fra di loro, impedendo di fornire i dettagli sui parametri della rete.
- Quando si è parte du una rete virtuale (Virtual Private Networks - VPN). Queste connessioni di rete private communicano in modo ‘sicuro’ attraverso una rete pubblica, come l'Internet.
- Quando navigate in internet.
- Quando inviate/ricevete delle e-mail.

Lo stato nella finestra principale del Centro di Protezione

Il segno di spunta verde (√) indica che il Firewall è attivo e in esecuzione.

La croce di colore rosso (X) indica che il Firewall non è abilitato ed è fermato.

Configuration section

Status:
  • Firewall Status – This will display whether the Firewall is Running or Disabled.
  • Action – This will display the Firewall Mode.
Buttons
Allow All – Clicking on this button will disable the eScan Firewall i.e. all the incoming and outgoing network traffic will not be monitored / filtered.
Limited Filter – Clicking on this button will enable eScan Firewall in limited mode which will monitor all incoming traffic only and will be allowed / blocked as per the conditions or rules defined in the Firewall.
Interactive - Clicking on this button will enable eScan Firewall to monitor all the incoming and outgoing network traffic and will be allowed / blocked as per the conditions or rules defined in the Firewall.
Block All button – Clicking on this button will enable eScan Firewall to block all the incoming and outgoing network traffic.
Settings – To configure the Firewall, click on the Settings button.
A. Zone Rule - This is a set of network access rules to make the decision of allowing / blocking of the access to the system. This will contain the source IP address or source Host name or IP range either to be allowed or blocked.
Buttons (to configure a Zone Rule)
  1. Add Host Name – This option enables you to add a "host" in the Zone Rule. When clicked on this button, enter the HOST name of the system, select the Zone (Trusted / Blocked) and enter a name for the Zone Rule. Click on OK button to create the Zone Rule.
  2. Add IP – This option enables you to add an IP address of a system to be added in the Zone rule. When clicked on this button, enter the IP address of the system, select the Zone (Trusted / Blocked) and enter a name for the Zone Rule. Click on OK button to create the Zone Rule.
  3. Add IP Range – This option enables you to add an IP range to be added in the Zone rule. When clicked on this button, add the IP Range (i.e. a range of IP that the Zone rule should be applied), select the Zone (Trusted / Blocked) and enter a name for the Zone Rule. Click on OK button to create the Zone Rule.
  4. Modify – To modify / change any listed Zone Rule(s), click on the Modify button.
  5. Remove - To delete any listed Zone Rule(s), click on the remove button.


B. Expert Rule – This rule is recommended for experienced users with expertise in Firewall security and networking protocols. Expert rule is based on the following below attributes:
  • Source IP Address / Host Name
  • Source Port Number
  • Destination IP Address / Host Name
  • Destination Port Number
Buttons (to configure an Expert Rule)
Add – Click on the Add button to create a new Expert Rule. In the Add Firewall Rule Window:
i. General tab – In this section, specify the Rule settings
  • Rule Name – Provide a name to the Rule,
  • Rule Action – Action to be taken, whether to Permit Packet or Deny Packet,
  • Protocol – Select the network protocol (eg.TCP, UDP, ARP etc…) on which the Rule will be applied
  • Apply rule on Interface – Select the Network Interfac on which the Rule will be applied.
ii. Source tab – In this section, specify / select the location from where the outgoing netowork traffic originates.
  • Source IP Address –
My Computer – The rule will be applied for the outgoing traffic originating from your computer.
Host Name – The rule will be applied for the outgoing traffic originating from the computer as per the host name specified.
Single IP Address – The rule will be applied for the outgoing traffic originating from the computer as per the IP address specified.
Whole IP Range – To enable the rule on a group of computers in series, you can specify a range of IP address. The rule will be applied for the outgoing traffic from the computer(s) which is within the defined ip range.
Any IP Address – When this option is selected, the rule will be applied for the traffic originating from ANY IP Addresses.
  • Source Port –
Any – When this option is selected, the rule will be applied for the outgoing traffic originating from ANY port(s).
Single Port – When this option is selected, the rule will be applied for the outgoing traffic originating from the specified / defined port.
Port Range – To enable the rule on a group of ports in series, you can specify a range of ports. The rule will be applied for the outgoing traffic originating from the port which is within the defined range of ports.
Port List – A list of port can be specified / added. The rule will be applied for the outgoing traffic originating from the ports as per specified in the list.
NOTE: The rule will be applied when the selected Source IP Address and Source Port matches together.


iii. Destination tab – In this section, specify / select the location of the computer where the incoming network traffic is destined.
  • Destination IP Address –
My Computer – The rule will be applied for the incoming traffic to your computer.
Host Name – The rule will be applied for the incoming traffic to the computer as per the host name specified.
Single IP Address – The rule will be applied for the incoming traffic to the computer as per the IP address specified.
Whole IP Range – To apply the rule on a group of computers in series, you can specify a range of IP address. The rule will be applied for the incoming traffic to the computer(s) which is within the defined IP range.
Any IP Address – When this option is selected, the rule will be applied for the incoming traffic to ANY IP Addresses.
  • Destination Port –
Any – When this option is selected, the rule will be applied for the incoming traffic to ANY port.
Single Port – When this option is selected, the rule will be applied for the incoming traffic to the specified / defined port.
Port Range – To enable the rule on a group of ports in series, you can specify a range of ports. The rule will be applied for the incoming traffic to the port which is within the defined range of ports.
Port List – A list of port can be specified / added. The rule will be applied for incoming traffic originating from the ports as per specified in the list.
NOTE: The rule will be applied when the selected Destination IP Address and Destination Port matches together.
iv. Advanced tab – This tab contains advance setting for Expert Rule.
  • Enable Advanced ICMP Processing - This is activated when the ICMP protocol is selected in the General tab.
  • The packet must be from/to a trusted MAC address – When this option is selected, the rule will only be applied on the MAC address defined / listed in the Trusted MAC Address tab.
  • Log information when this rule applies – This will enable to log information of the Rule when it is implied.


Modify – This button will enable to change or modify any Expert Rule.
Remove – This button will delete a rule from the Expert Rule.
Default Rules – This button will load / reset the rules to the Default settings present during the installation of eScan. This will remove all the settings defined by user.
Up and Down Arrows – The UP and DOWN arrow button will enable to move the rules up or down as required and will take precedence over the rule listed below it.
Other options on Right Click on any rule
Enable Rule / Disable Rule –When clicked on this option this will either enable or disable the selected rules. The option toggles between Enable and Disable rule.


C. Application Rule – This rule is based on the Programs / Application(s) that is permitted / denied to access the Internet or any Network services. For e.g. Internet Explorer.
Buttons (to configure an Application Rule).
  1. Add – To add a new Application rule click on the Add button and browse and locate the executable file and select the action to be taken i.e. either Permit or Deny.
  2. Remove – This button will delete a rule from the Application Rule.
  3. Default Rules - This button will load / reset the rules to the Default settings present during the installation of eScan. This will remove all the settings defined by user.
To change / modify actions on a particular Application rule, you can right click on the applications.
Other options on Right Click on any rule
Ask –When the selected application is executed, eScan Firewall will prompt whether to allow this application to be permited / denined. (Rule Color code – Gray).
Permit - When the selected application is executed, eScan Firewall will allow this application to run. (Rule Color code – Green).
Deny - When the selected application is executed, eScan Firewall will stop this application from running. (Rule Color code – Red).
Process Properties – This will display the properties of the selected process / executable file.
Process Details – This will provide the online detail of the selected process / executable file.


D. Trojan Rule – This rule is based on predefined rules set by MicroWorld on the basis of our database and research of various Trojans that exploits the Network Services like accessing a system in the network. This rule is similar to settings in the Expert Rule.


NOTE: This feature was available only prior to eScan version 10.0.968.374 and have been removed after this version.


E. Trusted MAC Address – This section contains the information of the MAC address of the system. A MAC address (Media Access Control address) is a hardware address that uniquely identifies each node of a network. The Trusted MAC address list will be checked alongwith the Expert Rule only when "The packet must be from/to a trusted MAC address" option is checked and the action will be as per specified in the rule. (refer to the Advance Tab of the Expert Rule).
Buttons (to configure the Trusted MAC Address)
  1. Add – To add a MAC address click on this button. Enter the MAC address to be added in the list for eg. 00-13-8F-27-00-47
  2. Edit – To modify / change the MAC Address click on this button.
  3. Remove – To delete the MAC Address click on this button.
  4. Clear All – To delete all the listed MAC Address click on this button.


F. Local IP List – This section contains a list of Local IP addresses.
Buttons (to configure the Local IP List)
  1. Add – To add a Local IP address click on this button.
  2. Remove – To remove a Local IP address click on this button.
  3. Clear All – To clear all the Local IP address in the list click on this button.
  4. Default List – To load the default list of IP address click on this button.


Other Buttons
Clear Alert Cache - This option will clear / delete all the information stored by the Firewall cache
Show Application Alert – Selecting this option will display an eScan FireWall Alert displaying the blocking of any application as defined in the Application Rule.


Reports section

Statistics
  • Inbound Traffic Allowed – Displays the number of allowed incoming traffic.
  • Outbound Traffic Allowed - Displays the number of allowed outgoing traffic.
  • Inbound Traffic Blocked - Displays the number of blocked incoming traffic.
  • Outbound Traffic Blocked - Displays the number of blocked outgoing traffic.
a. View Current Network Activity – This will display all the network activities including Active connections and Established Connections. This will contain the information of the process, protocol, local address and the remote address and the status of each network connection.
b. View Summary – Clicking on this option can create a Summary / Detailed report.

A Summary report will consist of information of the rules that has been invoked and applied by the Firewall. Rules like Application Rule, Expert Rule, Zone Rule, Trojan Rule. A Detailed report will consists of information of the rules including the Network Activity. The report also consists of Graphical reports.

c. View Report – Clicking on this option will display the Incoming and Outgoing traffic which is Allowed or Blocked.


Enforcement of Firewall Rules

Any Network packets that are received / sent on or from a Network Interface, eScan Firewall will first check the rules in the following order:

1^st^ – Trojan Rules
NOTE: This feature was available only prior to eScan version 10.0.968.374 and have been removed after this version.
2^nd^ – Zone Rules
3^rd^ – Expert Rules
4^th^ – Application Rules



Glossario

Indice delle Caratteristiche Principali

Retrieved from "https://wiki.escanav.com/wiki/index.php/Escan/italian/firewall"

eScan Copyright © 2015 MicroWorld Technologies Inc.- AntiVirus & Content Security.       Send your feedback to solutions@escanav.com eScan Wiki

    Privacy policy  About eScan Wiki  Disclaimers