Intrusion Defense Firewall 1.2 User's Guide - Trend Micro? Online ...

More documents

Recommendations

Info

Configure Server Plug-in-Client Plugin Communications Who Initiates Communication At the default setting (Bi-directional), the Client Plug-in will initiate the heartbeat but will still listen on the Client Plug-in port for Server Plug-in connections and the Server Plug-in is free to contact the Client Plug-in in order to perform operations as required. Server Plug-in Initiated means that the Server Plugin will initiate all communications. Communication will occur when the Server Plug-in performs scheduled updates, performs heartbeat operations (below), and when you choose the Activate/Reactivate or Update Now options from the Server Plug-in interface. If you are isolating the Computer from communications initiated by remote sources, you can choose to have the Client Plug-in itself periodically check for updates and control heartbeat operations. If this is the case, select Client Plug-in Initiated. The following information is collected by the Server Plug-in during a heartbeat: the status of the drivers (on- or off-line), the Client Plug-in's status (including clock time), Client Plug-in logs since the last heartbeat, data to update counters, and a fingerprint of the Client Plug-in's security configuration (used to determine if it is up to date). You can change how often heartbeats occur (whether Client Plug-in or Server Plug-in initiated), and how many missed heartbeats can elapse before an alert is triggered. This setting (like many other settings) can be configured at three levels: on all Computers by setting a system-wide default, only on Computers to which a particular Security Profile has been assigned, and on individual Computers. On the system as a whole. 1. Go to the Server Plug-in's System > System Settings screen and click the Computers tab. 2. Select "Server Plug-in Initiated", "Client Plug-in Initiated", or "Bi-Directional" from the drop-down list in the Client Plug-in Communication panel. Only on Computers to which a particular Security Profile has been assigned. 1. Open the Security Profiles Properties screen of the Security Profile whose communications settings you want to configure. 2. Go to System > System Settings and go to the Computer tab. 3. In the "Direction of IDF Server Plug-in to Client Plug-in communication:" drop-down menu, select one of the three options ("Server Plug-in Initiated", "Client Plug-in Initiated", or "Bi-directional"), or choose "Inherited". If you select "Inherited", the Security Profile will inherit the setting was specified on the Server Plug-in's System > System Settings screen. Selecting one of the other options will override the global selection. 4. Click Save to apply the changes. Only on a Specific Computer. 1. Open the Computer Details screen of the Computer whose communications settings you want to configure. 2. Go to System > System Settings and go to the Computer tab. © Copyright 2010 Trend Micro Inc. www.trendmicro.com All rights reserved. - 78 -
3. In the "Direction of IDF Server Plug-in to Client Plug-in communication:" drop-down menu, select one of the three options ("Server Plug-in Initiated", "Client Plug-in Initiated", or "Bi-directional"), or choose "Inherited". If you select "Inherited", the Computer will inherit the setting was specified on its Security Profile's Details window or on the Server Plug-in's System > System Settings screen. Selecting one of the other options will override the Security Profile and/or the global selection. 4. Click Save to apply the changes. Note that Client Plug-ins look for the IDF Server Plug-in on the network by the Server Plug-in's hostname. Therefore, the Server Plug-in hostname must be in your local DNS for Client Plug-in initiated or bi-directional communication to work. © Copyright 2010 Trend Micro Inc. www.trendmicro.com All rights reserved. - 79 -
Page 1 and 2:
Intrusion Defense Firewall 1.2 for
Page 3 and 4:
Table Of Contents Introduction ....
Page 5 and 6:
Introduction © Copyright 2010 Tren
Page 7 and 8:
DPI (Deep Packet Inspection) Rules
Page 9 and 10:
Server Plug-in Interface © Copyrig
Page 11 and 12:
Task Pane Clicking an element in th
Page 13 and 14:
Shortcut Menus Many of the IDF Serv
Page 15 and 16:
Click Add/Remove Widgets... at the
Page 17 and 18:
Reports IDF Server Plug-in produces
Page 19 and 20:
Note that if you apply other settin
Page 21 and 22:
The Computer's status will be displ
Page 23 and 24:
Computer Details The Computer's Det
Page 25 and 26:
Alerts Alerts are displayed the sam
Page 27 and 28:
Security Profiles Security Profiles
Page 29 and 30:
Firewall (Events, Rules, and Statef
Page 31 and 32: Firewall The information box will t
Page 33 and 34: Interface: The MAC address of the i
Page 35 and 36: Firewall Rules Firewall Rules exami
Page 37 and 38: Options Alert Select whether or not
Page 39 and 40: TCP The Firewall Rule engine, by de
Page 41 and 42: The ICMP (pseudo-)stateful mechanis
Page 43 and 44: DPI Events By default, the IDF Serv
Page 45 and 46: DPI Rules Whereas Firewall Rules an
Page 47 and 48: you which rule on which Computer(s)
Page 49 and 50: Components IP Lists Reusable lists
Page 51 and 52: MAC Lists Use the MAC Lists section
Page 53 and 54: Contexts Contexts are a powerful wa
Page 55 and 56: Schedules Schedules are used by var
Page 57 and 58: System Events The System Event log
Page 59 and 60: System Settings The System > System
Page 61 and 62: example, your network has no DNS an
Page 63 and 64: Firewall and DPI Network Engine Mod
Page 65 and 66: ESTABLISHED Timeout: How long to st
Page 67 and 68: Interface Isolation Interface Isola
Page 69 and 70: Analysis The Analysis screen allows
Page 71 and 72: Notifications Alert Notification (f
Page 73 and 74: System Alert Configuration View Ale
Page 75 and 76: Backup Perform regular database bac
Page 77 and 78: Updates Security Updates Security U
Page 79 and 80: How To... Customize the Dashboard H
Page 81: Configure Alerts There are just ove
Page 85 and 86: Set Up Email Alerts IDF Server Plug
Page 87 and 88: 3. Start the " Intrusion Defense Fi
Page 89 and 90: Configure Logging By default, IDF S
Page 91 and 92: Configure Port Scan Settings The ID
Page 93 and 94: click it to view its Details window
Page 95 and 96: Interface Information IP Informatio
Page 97 and 98: System Event Log Format System Even
Page 99 and 100: Backup and Restore IDF Intrusion De
Page 101 and 102: CALL sqlcmd -S localhost\IDF -E -v
Page 103 and 104: Upgrade the Server Plug-in The Offi
Page 105 and 106: Manually Uninstall a Client Plug-in
Page 107 and 108: #Wed Jun 11 16:19:19 EDT 2008 datab
Page 109 and 110: Migrate a Single Managed Computer t
Page 111 and 112: counter3s counter3ports counter3ips
Page 113 and 114: Reference © Copyright 2010 Trend M
Page 115 and 116: managed Computer and the wizard wou
Page 117 and 118: The Inherit checkbox determines whe
Page 119 and 120: 4. In the Properties window, click
Page 121 and 122: 8. The final step in the Firewall s
Page 123 and 124: Click OK when you're done. Apply th
Page 125 and 126: Firewall IP Activity (Prevented) Fi
Page 127 and 128: The FORCE ALLOW rule can be placed
Page 129 and 130: 1. First enable stateful inspection
Page 131 and 132: Tap Mode IPv6 Packet Max Incoming C
Page 133 and 134:
3602 Windows Service Error 3603 Fil
Page 135 and 136:
Creating and Applying New Firewall
Page 137 and 138:
Creating Custom DPI Rules Trend Mic
Page 139 and 140:
Memory Allocation Error Out Of Orde
Page 141 and 142:
Firewall Events CE Flags Event Note
Page 143 and 144:
Inheritance and Overrides Settings
Page 145 and 146:
In the Properties window for this F
Page 147 and 148:
Required Ports A number of ports mu
Page 149 and 150:
Firewall Rule Sequence Packets arri
Page 151 and 152:
191 Alert Changed 192 Alert Ended 1
Page 153 and 154:
473 DPI Rule Exported 474 DPI Rule
Page 155 and 156:
726 Get Client Plug-in Events Faile
Page 157:
Privacy Policy Trend Micro, Inc. is
show all

Intrusion Defense Firewall 1.2 User's Guide - Trend Micro? Online ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?