Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Protection against network attacks 139<br />
In addition to the packet filtration rules, the Intrusion Detection System (IDS)<br />
provides additional security at the network level. The goal of the IDS is to<br />
analyze inbound connections, detect port scans on your computer, and filter<br />
network packets aimed at exploiting software vulnerabilities. When running, the<br />
IDS blocks all inbound connections from an attacking computer for a certain<br />
amount of time, and the user receives a message stating that his computer was<br />
subjected to an attempted network attack.<br />
The Intrusion Detection System uses a special network attack database in<br />
analysis, which <strong>Kaspersky</strong> <strong>Lab</strong> adds to regularly, and is updated together with<br />
the application databases.<br />
Your computer is protected at the application level by making your computer’s<br />
installed applications follow Firewall’s application rules for the use of network<br />
resources. Similarly to the network security level, the application level security is<br />
built on analyzing data packets for direction, transfer protocol, and what ports<br />
they use. However, at the application level, both data packet traits and the<br />
specific application that sends and receives the packet are taken into account.<br />
Using application rules helps you to configure specific protection allowing, for<br />
example, a certain connection type to be banned for some applications but not<br />
for others.<br />
There are two Firewall rule types, based on the two Firewall security levels:<br />
• Packet filtering rules (see 12.1.1.3, p. 147). Used to create general<br />
restrictions on network activity, regardless of the applications installed.<br />
Example: if you create a packet filtering rule that blocks inbound<br />
connections on port 21, no applications that use that port (an ftp server,<br />
for example) will be accessible from the outside.<br />
• Application rules (see 12.1.1.2, p. 143). Used to create restrictions on<br />
network activity for specific applications. Example: If connections on port<br />
80 are blocked for each application, you can create a rule that allows<br />
connections on that port for Firefox only.<br />
There are two types of application and packet filtering rules: allow and block.<br />
The program installation includes rules which regulate network activity for the<br />
commonest applications and using the commonest protocols and ports.<br />
<strong>Kaspersky</strong> Internet Security also includes a set of allow rules for trusted<br />
applications whose network activity is not suspect.<br />
<strong>Kaspersky</strong> Internet Security breaks down the entire network space into security<br />
zones to make settings and rules more user-friendly, which largely correspond to<br />
the subnets that your computer belongs to. You can assign a status to each zone<br />
(Internet, Local Area Network, Trusted), which determine the policy for applying<br />
rules and monitoring network activity in that zone (see 12.1.1.5 on pg. 152).<br />
A special feature of Firewall, Stealth Mode, prevents the computer from being<br />
detected from the outside, so that hackers cannot detect the computer to attack