62 pure firewall network rules en
Post on 16-Oct-2015
62 Views
Preview:
DESCRIPTION
TRANSCRIPT
-
5/26/2018 62 Pure Firewall Network Rules En
1/31
Kaspersky PURE 2.0
Firewall:
network rules
-
5/26/2018 62 Pure Firewall Network Rules En
2/31
Kaspersky PURE 2.0
1 | 3 0
Content
Firewall rules .............................................................................................................................. 2
Packet rules ............................................................................................................................ 2
Creating a packet rule ......................................................................................................... 2Editing packet rules ............................................................................................................. 7
Application rules ..................................................................................................................... 9Creating application rules .................................................................................................... 9Editing an application rule ................................................................................................. 13
Configuring network service .......................................................................................... 15Allocating range of IP-addresses ................................................................................... 17Extending the range of IP addresses ............................................................................. 20Changing the rule for a group of applications ................................................................ 21Changing the rule priority .............................................................................................. 25
Configuring notifications of changes in the network .............................................................. 26
Advanced Firewall settings ................................................................................................... 28
Firewall working features ...................................................................................................... 30
-
5/26/2018 62 Pure Firewall Network Rules En
3/31
Kaspersky PURE 2.0
2 | 3 0
Firewall rulesThere are two Firewallrule types, used to control network connections:
Packet rulesare used to create general restrictions on network activity, regardless
of the applications installed. Example: if you create a packet rule that blocks inbound
connections on port 21, no applications that use that port (an ftpserver, for example)
will be accessible from the outside.
Rules for applicationsare used to create restrictions on network activity for specific
applications. Example: If connections on port 80are blocked for each application,
you can create a rule that allows connections on that port for Firefoxonly.
Packet rules have higher priority than application rules. If both packet rules and rules for
applications are applied to the same type of network activity, this network activity is processed
using the packet rules.
Packet rules
Creating a packet rule
All network connections on your computer are monitored by Firewall. Firewallassigns a
specific status to each connection and applies various rules for filtering of network activity
depending on that status, thus, it allows or blocks a network activity.
Packet rules are used in order to restrict packets transferring regardless applications.
You can specify an action performed by Firewallif it detects the network activity:
Allow
Block
By application rules. The packet rule is not used, but the rule for the application is
used.
The Allowor Blockrules can be logged. In order to do this, check the Log eventsbox in the
Actionsection.
To create a packet rule, for example, to allow remote access to your computer desktop, please
do the following:
1. In the right part of the Firewallsettings window in the Network rulessection, click theSettingsbutton.
-
5/26/2018 62 Pure Firewall Network Rules En
4/31
Kaspersky PURE 2.0
3 | 3 0
2. In the Firewall window go to the Packet rulestab.
3. Click the Addbutton. In the Network rulewindow that opens specify the settings for a
rule.
-
5/26/2018 62 Pure Firewall Network Rules En
5/31
Kaspersky PURE 2.0
4 | 3 0
4. In the Network rulewindow in the Actionsection select the Allowvariant.
5. In the Namesection click an arrow next to the input field and select the Remote
Desktop item.
-
5/26/2018 62 Pure Firewall Network Rules En
6/31
Kaspersky PURE 2.0
5 | 3 0
6. In the Addresssection select Any address.
7. Check the Log eventsbox if you want to log actions performed according to the rule.
8. In the Network rulewindow click the OKbutton. The created rule appears in the list of
packet rules on the Packet ruletab.
-
5/26/2018 62 Pure Firewall Network Rules En
7/31
Kaspersky PURE 2.0
6 | 3 0
9. In the Firewallwindow click the OKbutton.
10. In the Settingswindow click the Applybutton.
Now any user has remote access to your desktop.
-
5/26/2018 62 Pure Firewall Network Rules En
8/31
Kaspersky PURE 2.0
7 | 3 0
Editing packet rules
All packet rules (default or created by the user) can be edited. For example, if you want to
block remote access to your computer desktop, then edit the Remote Desktop packet rule:
1. In the right part of the Settingswindow of the Firewallcomponent in the Network rules
section click the Settingsbutton.
2. In the Firewallwindow go to the Packet rulestab.
3. In the list of packet rules select the Remote Desktoprule.
-
5/26/2018 62 Pure Firewall Network Rules En
9/31
Kaspersky PURE 2.0
8 | 3 0
4. Click the Editbutton. In the Network rulewindow that opens you can edit the settings
of the selected rule.
5. In the Action section change the Allowvariant to Block.
6. In the Address section select the Subnet addressvariant and choose the Public
networksitem from the displayed list.
-
5/26/2018 62 Pure Firewall Network Rules En
10/31
Kaspersky PURE 2.0
9 | 3 0
7. In the Network rulewindow click the OKbutton.
8. The made changes are displayed in the Firewallwindow on the Packet rulestab in the
list of packet rules: for the Remote Desktoprule the network type in the Address
column will change to Public networks, and an allowing icon in the Permissioncolumn
will change to a blocking icon.
9. In the Firewallwindow click the OK button.
10. In the Settingswindow click the Apply button.
Now only users of local and trusted networks have access to your computer desktop
Application rules
Creating application rules
You can create applications1rules for more subtle filtering of the network activity, edit rules for
a group of applications or for an individual application in a group.
Custom rules for individual applications have a higher priority than the rules inherited from a
group.
When creating an application rule, you can define an action to be performed by Firewallupon
detection of this type of the network activity when working with an application:
Allow;
Block;
Prompt(user) for action.
An allowing or blocking action of a rule can be displayed in a report, for this during the rule
creation in the Actionsection, check the Log eventsbox.
1Application rules monitor connections only by TCP and UDP protocols.
-
5/26/2018 62 Pure Firewall Network Rules En
11/31
Kaspersky PURE 2.0
10 | 3 0
To create a rule for an individual application, for example a rule blocking the QIP internet pager
any network activity outside your local and trusted networks, perform the following actions:
1. In the right part of the Settingswindow in the Network rulessection click the Settings
button.
2. In the Firewall window on the Application rulestab select QIP 2012.
3. Click the Editbutton.
4. In the Application ruleswindow that opens, go to the Network rulestab.
5. At the top of the window click the Addbutton.
-
5/26/2018 62 Pure Firewall Network Rules En
12/31
Kaspersky PURE 2.0
11 | 3 0
6. In the Network rulewindow perform the following actions:
In the Actionsection select the Blockaction; In the Namesection select the Any network activity service;
In the Addresssection select the Subnet addressvariant and in the displayed list
select Public networks;
Check the Log eventsbox if you want to log actions performed according to the
rule;
Click the OK button.
-
5/26/2018 62 Pure Firewall Network Rules En
13/31
Kaspersky PURE 2.0
12 | 3 0
7. The created rule will appear in the Application rules window on the Network rulestab
in the list of rules for QIP 2012.
-
5/26/2018 62 Pure Firewall Network Rules En
14/31
Kaspersky PURE 2.0
13 | 3 0
8. Click the OKbutton in the Application ruleswindow.
9. In the Firewallwindow click the OKbutton.
10. In the Settingswindow click the Applybutton
Editing an application ruleFor the default network rules created by Kaspersky PURE you can edit only an action(such
rules cannot be deleted). For this, perform the following actions:
1. In the right part of the Settingswindow in the Network rulessection click the Settings
button.
2. In the Firewall window on the Application rulestab select a required application.
3. Click the Editbutton. In the Application ruleswindow that opens, go to the Network
rulestab.
4. From the list of rules for an application, select a rule whose action you want to change.
5. In the Permissioncolumn for the selected rule right-click the action icon.
6. From the context menu select the required action:
Allow
Block
Prompt for action
7. In the Application ruleswindow click the OK button.
8. In the Firewallwindow click the OK button.
9. In the Settingswindow click the Apply button.
-
5/26/2018 62 Pure Firewall Network Rules En
15/31
Kaspersky PURE 2.0
14 | 3 0
For a network rule created by the user you can edit all earlier created settings. For this,
perform the following actions:
1. In the right part of the Settingswindow in the Network rulessection click the Settings
button.
2. In the Firewallwindow on the Application rulestab select an application whose ruleyou want to edit.
3. Click the Edit button. In the Application ruleswindow that opens, go to the Network
rulestab.
4. From the list of rules select a rule you want to edit.
5. Click the Editbutton.
6. In the Network rulewindow change the required settings.
-
5/26/2018 62 Pure Firewall Network Rules En
16/31
Kaspersky PURE 2.0
15 | 3 0
7. In the Network rulewindow click the OK button.
8. In the Application ruleswindow click the OK button.
9. In the Firewallwindow click the OK button.
10. In the Settingswindow click the Apply button.
Configuring network service
When creating any network rule you should specify the network service. Settings
characterizing the activity of the network for which a rule is created are described by the
network service.
You can select type of the network activity from the list or create a new type.
Network service includes the following parameters:
Name. Preferably use the names which would explicitly describe the rule. Forexample, DNS over TCP.
-
5/26/2018 62 Pure Firewall Network Rules En
17/31
Kaspersky PURE 2.0
16 | 3 0
Protocol. Firewall restricts connections via TCP, UDP, ICMP, ICMPv6, IGMPand
GRE2protocols. If protocol ICMPor ICMPv6was selected as the protocol, you can
specify the type and the code of the ICMP packet.
Direction. Firewall controls connections with the following directions:
Inbound.A rule is applied to data packets received by your computer.
2TCP, UDP, ICMP, ICMPv6, IGMP, GREare protocols (sets of rules) of the data transfer in the network.
ICMP-packetis a packet which contains the error message about the error or any other exceptional situationwhich occurred during the data transfer. The fields code and type of the ICMP-packetcorrespondingly contain
the type and code of the occurred situation.
-
5/26/2018 62 Pure Firewall Network Rules En
18/31
Kaspersky PURE 2.0
17 | 3 0
Inbound (stream). The rule is for network connections created from another
computer.
Inbound/Outbound. The rule is for inbound and outbound data packets and data
streams regardless the direction.
Outbound.A rule is applied to data packets transferred from your computer.
Outbound (stream). The rule is only for network connections created by your
computer.
Remote and Local ports. You can specify ports which are used by your and remote
computers for TCPand UDPprotocols. These ports will be controlled by Firewall.
Allocating range of IP-addresses
While creating the rule's conditions you can specify the network service and the network
address. You can use an IP addressas the network address or specify the network status. In
the latter case the addresses will be copied from all networks that are connected and have the
specified status at this moment.
You can select one of the following statuses:
-
5/26/2018 62 Pure Firewall Network Rules En
19/31
Kaspersky PURE 2.0
18 | 3 0
Any addressthe rule will be applied to any IP address;
Subnetwork addresses with statusthe rule will be applied to IP addresses of all
networks that are connected and have the specified status at the moment:
Trusted networks
Local networks
Public networks Addresses from groupthe rule will be applied to IP addresses included into the
specified range. Select one of the existing groups of addresses. If no range of IP
addresses in any group satisfies you, create a new one.
-
5/26/2018 62 Pure Firewall Network Rules En
20/31
Kaspersky PURE 2.0
19 | 3 0
For this perform the following steps:
1. At the bottom part of the section click on the Addlink.
2. In the IP address or DNS namewindow specify the addresses from the group.
3. Click the OKbutton.4. In the Network rulewindow click the OKbutton.
A method to allocate IP-addresses using Classless Inter-Domain Routing (CIDR) 3has been
implemented in Kaspersky PURE.
CIDRuses Variable Length Subnet Mask (VLSM)whereas in Class Inter-Domain Routing
the mask length is strictly set by 0, 1, 2 or 3 bytes.
For example, lets take a record of the range of IP-addresses as 10.96.0.0/11. In this case the
subnet mask will look as 11111111 11100000 00000000 00000000, or as 255.224.0.0in a
decimal view. 11 bits of the IP-address are allocated to the number of network; the other 21
3CIDR(Classless InterDomain Routing, CIDR) is the method of IP-addressingwhich allows managing the
range of IP-addressflexibly, without rigid frames of the Class Inter-Domain Routing. CIDRallows using the end
resource of IP-addresses economically, thus enhancing efficiency of KSOS 2.
-
5/26/2018 62 Pure Firewall Network Rules En
21/31
Kaspersky PURE 2.0
20 | 3 0
bits (32-11= 21) of the full address are allocated to the local address in the network. To sum
up, 10.96.0.0/11is a range of addresses from 10.96.0.1to 10.127.255.255.
Remember, when defining CIDR-addressing in the networks of the IP-protocol version 4 (IPv4)
in any case the rule will be applied to the whole network.
To convert IP-addressesinto CIDRKaspersky Labexperts recommend using any web site
which provides free service of converting IP-addressesto CIDR-addressing (for example, the
web site http://ip2cidr.com/
).
Extending the range of IP addresses
Each network matches one or more ranges of IP address. If you connect to a network, access
to subnetwork of which is performed via a router, you can manually add subnetworks
accessible through it.
Example: You are connecting to the network in an office of your company and wish to use the
same filtering rules for the office where you are connected directly and for the offices
accessible over the network.Obtain network address ranges for those offices from the network administrator and add them.
To extend the range of network address, please perform the following:
1. In the right part of the Firewallsettings window in the Networkssection select an active
connection and click the Editbutton.
-
5/26/2018 62 Pure Firewall Network Rules En
22/31
Kaspersky PURE 2.0
21 | 3 0
2. In the Network connectionwindow on the Propertiestab in the Additional
subnetworkssection click the Addlink.
3. In the IP addresswindow specify an IP address or address masks.
4. Click the OKbutton.
5. In the Network connectionwindow click the OKbutton.
6. In the Settingswindow click the Applybutton.
Changing the rule for a group of applications
Firewall analyzes the activity of each application running on your computer. Depending on the
threat rating, every application is included to one of the following groups:
Trusted4. Trusted applications are applications with digital signatures of trusted
vendors and applications signatures of those are included to the trusted applications
database. Activities of such applications are monitored by Proactive Defenseand
File Anti-Virus.
4Applications of that group are allowed to performany network activity irrespectively of the network status.
-
5/26/2018 62 Pure Firewall Network Rules En
23/31
Kaspersky PURE 2.0
22 | 3 0
Low Restricted5. Low restricted applications are applications which are without
digital signatures of trusted vendors and which are not included to the trusted
applications database. Nevertheless, the low risk rating is assigned to such
applications.
High Restricted6. High restricted applications are applications without digital
signatures and which are not included to the trusted applications database. The high
risk rating is assigned to such applications.
Untrusted7. Untrusted applications are applications without digital signatures and
which are not included to the trusted applications database. Very high risk rating is
assigned to such applications.
You can modify rules for a whole group.
Custom rules for individual applications have a higher priority than the rules inherited
from a group.If you create an allowed rule for a whole group of applications and a prohibited
rule for a certain application from this group, then any network activity of a certain application
will be restricted according to a rule for this application, because it has a higher priority level.
In order to change rules for a group of applications, for example, if you want that low restricted
programs would have unrestricted rights to the network activity within the local networks,
perform the following actions:
1. In the right part of the settings window of the Firewallcomponent in the Network rules
section click the Settingsbutton.
5Applications of that group are allowedto perform any network activity in non-interactivemode. If you are using
the interactive mode, a notification will be displayed on the screen using which you can allow or block a
connection, or create an application rule using the Wizard.6Applications of that group are not allowedto perform network activity in non-interactivemode. If you are using
the interactive mode, a notification will be displayed on the screen using which you can allow or block aconnection, or create an application rule using the Wizard.7Any network activity is prohibitedfor the applications of that group.
-
5/26/2018 62 Pure Firewall Network Rules En
24/31
Kaspersky PURE 2.0
23 | 3 0
2. In the Firewallwindow go to the Application rulestab.
3. Select the Low restrictedgroup of applications.
4. Click the Editbutton.
-
5/26/2018 62 Pure Firewall Network Rules En
25/31
Kaspersky PURE 2.0
24 | 3 0
5. In the Group ruleswindow go to the Network rulestab and click the Addbutton.
6. In the Network rulewindow in the Actionsection select Allow, and in the Name
section select Any network activityand click the OKbutton.
-
5/26/2018 62 Pure Firewall Network Rules En
26/31
Kaspersky PURE 2.0
25 | 3 0
7. In the Network rulewindow click the OKbutton.
8. In the Firewallwindow click the OKbutton.
9. In the Settingswindow click the OKbutton.
Now all applications of the Low Restrictedgroup have unrestricted right to the network
activity.
Changing the rule priority
The priority of a rule is determined by its position on the list of rules. The first rule on the list
has the highest priority. Each packet rule created manually will be added to the end of the list
of packet rules.
Application groups are integrated by the name of the program and rule priority applies to a
definite group only.
Manually created rules for applications have a higher priority, than the rules inherited from the
group.
To change the rule priority, please perform the following actions:
1. In the right part of the settings window of the Firewallcomponent in the Network rules
section click the Settingsbutton.
2. In the Firewallwindow go to the Application rulestab select the required application.
3. Click the Editbutton.
4. The Application ruleswindow opens. Go to the Network rulestab.
5. Select a rule and move it to the required place in the list by clicking the Move upand
Move downbutton.
-
5/26/2018 62 Pure Firewall Network Rules En
27/31
Kaspersky PURE 2.0
26 | 3 0
6. In the Application ruleswindow click the OKbutton.
7. In the Firewallwindow click the OKbutton.
8. In the Settingswindow click the Applybutton.
Configuring notifications of changes in the network
Network connection settings can be changed during the work. You can receive notifications of
the following modifications in the settings:
When network connection is established.
When the correspondence between MAC address and IP address is changed. The
notification will appear if IP address of a network computer was changed.
When new MAC address appears. The notification appears if a new computer wasadded to the network.
Pay attention, that notifications about changes in the work can be configured only for the
networks with the status Local orTrusted network.
-
5/26/2018 62 Pure Firewall Network Rules En
28/31
Kaspersky PURE 2.0
27 | 3 0
To enable notification about changes to network connection settings, please perform the
following:
1. In the right part of the Firewallsettings window in the Networkssection select an active
connection and click the Editbutton.
2. In the Network connectionwindow go to the Additionaltab.
3. Check the boxes next to the events whose notifications you want to receive.
-
5/26/2018 62 Pure Firewall Network Rules En
29/31
Kaspersky PURE 2.0
28 | 3 0
4. In the Network connectionwindow click the OKbutton.
5. In the Settingswindow click the Applybutton.
Advanced Firewall settings
You can specify additional settings of the Firewalloperation:
Allow active FTP mode. Active mode suggests that to ensure connection between
the server on the client computer a port to which the server will connect will be
opened on the client computer (unlike the passive mode when the client connects to
the server). The mode allows to control which exactly port will be opened. The
mechanism works even if a blocking rule was created. By default, active FTP mode
is allowed.
Block connections if there is no possibility to prompt for action(application
interface is not loaded).This setting allows to avoid disruption of the Firewall
operation when the interface of Kaspersky PURE is not loaded. This is the defaultaction.
Do not disable Firewall until the system totally stops. This setting allows to avoid
disruption of the Firewalloperation until the system is completely stopped. This is
the default action.
By default all settings are enabled.
To modify advanced Firewallsettings, please perform the following:
1. In the right part of the Firewall settings window in the Network rulessection click the
Settingsbutton.
-
5/26/2018 62 Pure Firewall Network Rules En
30/31
Kaspersky PURE 2.0
29 | 3 0
2. In the Firewallwindow go to the Packet rulestab and click the Additionalbutton.
-
5/26/2018 62 Pure Firewall Network Rules En
31/31
Kaspersky PURE 2.0
30 | 3 0
3. In the Additionalwindow check or uncheck the boxes next to the required settings and
click the OKbutton.
4. In the Firewallwindow click the OKbutton.
5. In the Settingswindow click the Applybutton.
Firewall working features
When working with the Firewallcomponent you should remember about the following
peculiarities:
Firewall rules do not influence Network Attack Blocker;
For the zone Local networkICMPpackages are always allowed.
top related