Trend Micro's PC-cillin Firewall Feature

One of many third-party antivirus/Internet security suites, Trend Micros PC-cillin includes a personal firewall that you can use to protect the system
Nội dung trích xuất từ tài liệu:
Trend Micros PC-cillin Firewall FeatureTrend Micros PC-cillin Firewall FeatureOne of many third-party antivirus/Internet security suites, Trend Micros PC-cillinincludes a personal firewall that you can use to protect the system. The Trend Micro PC-cillin suite is a combination of a personal firewall, an antivirus system, an antispywaresystem, an antispam filter, and an identity-theft protection system through blocking ofphishing and pharming attacks. This product is ideal for end-user, home or small officecustomers who need an all-in-one package to defend against a wide variety of threatsfrom the network. It is not really targeted to the enterprise user because centralizedmanagement and configuration are not available. This section focuses only on thefirewall portion of PC-cillin security suite. Like Windows Firewall, PC-cillin firewall isconfigurable and provides protection against a wide variety of network threats.PC-cillin RequirementsTrend Micros firewall supports Windows systems going all the way back to Windows 98and 98 SE. This backward compatibility is a rare feature for many personal firewallsbecause vendors typically consider those systems so old that they are no longer on themarket. Microsoft no longer supports Windows 98 or 98 SE, but you can still find thesesystems in use. PC-cillin requires systems to meet the specifications described in Table 4-2. Table 4-2. Trend Micros PC-cillin System Requirements Free Disk Minimum Minimum SpaceOperating System Processor Memory Required BrowserWindows 98/98 SE Intel Pentium 128 MB 128 MB Microsoft Internet Explorer 5.5 SP2 or higherWindows ME 233 MHz Netscape 7.1 and above AOL 7.0 and above Firefox 1.0Windows 2000 SP4 Intel Pentium 128 MB 120 MB 300 MHzWindows XP HomeEdition orProfessional SP2How the Trend Micro Firewall WorksThe Trend Micro firewall works as a blend of a traditional stateful firewall and intrusiondetection system (IDS). An IDS monitors the traffic in and out of the protected system forattacks and upon detection of an attack it can alert the user. Most IDSs detect attacks bymatching the network traffic against a signature of the attack. A signature is like afingerprint. It identifies an attack by matching the network traffic (the evidence) againsta known signature describing the attack (the fingerprint). When the traffic matches thesignature, an attack has been detected. As in the case of real evidence, however, thismethod is not foolproof and leads to false positives sometimes. A false positive is a casewhere benign network traffic is mistakenly categorized as an attack and an alert isgenerated for the user.A stateful firewall not only examines the various headers of a packet but also ensures thatthe connection is active by tracking each connection in a state table. Most statefulfirewalls, such as PC-cillin, can also dynamically open secondary ports for protocols thatrequire more than one network port to complete a connection. PC-cillins firewall alsoinspects the contents, too, using a rudimentary built-in IDS. Filtering decisions made bythe firewall are based on defined rules as well as the context that has been established andstored in a state table by previous packets that have already passed through the firewall.The Trend Micro firewall comes with a preset series of policies that end users can modifyto accommodate their specific requirements. The firewall can filter HTTP strings fromserver to server to prevent hybrid attacks such as Nimda and Code Red and to identifyand stop Trojan attacks. Finally, the firewall uses its built-in IDS capabilities to identifyand stop common firewall attacks such as oversize packet fragments, overlappingfragment attack, ping of death, and others. Unfortunately, the IDS signatures are not userupdateable or configurable. If Trend Micro determines that a new IDS signature needs tobe released for the firewall, users can only update the system when Trend Microincorporates that signature into the product. They cannot configure new signatures ontheir own.Configuring the Trend Micro FirewallConfiguring the Trend Micro firewall is straightforward and easy. When the firewallsoftware, which is a part of Trend Micros PC-cillin Internet security suite, has beeninstalled, the main control panel should be opened. This can be done either by right-clicking the Trend Micro Internet security suite icon in the notification area at the lowerright of the Windows taskbar and then choosing the Open Main option or by just double-clicking the icon. Alternatively, the user can open PC-cillins main panel by choosingStart > Programs > Trend Micro PC-cillin > Trend Micro PC-cillin Internet Security2005. To verify that PC-cillin has registered properly in Windows XPs security center,you can launch the security center by choosing Start > Control Panels > WindowsSecurity Center (which brings up the Windows Security Center window displayed inFigure 4-10). From here you can see that the Trend Micro PC-cillin software hasregistered itself as both the firewall for the system (effectively disabling the built-inWindows Firewall) and the antivirus suite for this system. Figure 4-10. ...