62 pure firewall network rules en

5/26/2018 62 Pure Firewall Network Rules En

1/31

Kaspersky PURE 2.0

Firewall:

network rules


2/31

Kaspersky PURE 2.0

1 | 3 0

Content

Firewall rules .............................................................................................................................. 2

Packet rules ............................................................................................................................ 2

Creating a packet rule ......................................................................................................... 2Editing packet rules ............................................................................................................. 7

Application rules ..................................................................................................................... 9Creating application rules .................................................................................................... 9Editing an application rule ................................................................................................. 13

Configuring network service .......................................................................................... 15Allocating range of IP-addresses ................................................................................... 17Extending the range of IP addresses ............................................................................. 20Changing the rule for a group of applications ................................................................ 21Changing the rule priority .............................................................................................. 25

Configuring notifications of changes in the network .............................................................. 26

Advanced Firewall settings ................................................................................................... 28

Firewall working features ...................................................................................................... 30


3/31

Kaspersky PURE 2.0

2 | 3 0

Firewall rulesThere are two Firewallrule types, used to control network connections:

Packet rulesare used to create general restrictions on network activity, regardless

of the applications installed. Example: if you create a packet rule that blocks inbound

connections on port 21, no applications that use that port (an ftpserver, for example)

will be accessible from the outside.

Rules for applicationsare used to create restrictions on network activity for specific

applications. Example: If connections on port 80are blocked for each application,

you can create a rule that allows connections on that port for Firefoxonly.

Packet rules have higher priority than application rules. If both packet rules and rules for

applications are applied to the same type of network activity, this network activity is processed

using the packet rules.

Packet rules

Creating a packet rule

All network connections on your computer are monitored by Firewall. Firewallassigns a

specific status to each connection and applies various rules for filtering of network activity

depending on that status, thus, it allows or blocks a network activity.

Packet rules are used in order to restrict packets transferring regardless applications.

You can specify an action performed by Firewallif it detects the network activity:

Allow

Block

By application rules. The packet rule is not used, but the rule for the application is

used.

The Allowor Blockrules can be logged. In order to do this, check the Log eventsbox in the

Actionsection.

To create a packet rule, for example, to allow remote access to your computer desktop, please

do the following:

1. In the right part of the Firewallsettings window in the Network rulessection, click theSettingsbutton.


4/31

Kaspersky PURE 2.0

3 | 3 0

2. In the Firewall window go to the Packet rulestab.

3. Click the Addbutton. In the Network rulewindow that opens specify the settings for a

rule.


5/31

Kaspersky PURE 2.0

4 | 3 0

4. In the Network rulewindow in the Actionsection select the Allowvariant.

5. In the Namesection click an arrow next to the input field and select the Remote

Desktop item.


6/31

Kaspersky PURE 2.0

5 | 3 0

6. In the Addresssection select Any address.

7. Check the Log eventsbox if you want to log actions performed according to the rule.

8. In the Network rulewindow click the OKbutton. The created rule appears in the list of

packet rules on the Packet ruletab.


7/31

Kaspersky PURE 2.0

6 | 3 0

9. In the Firewallwindow click the OKbutton.

10. In the Settingswindow click the Applybutton.

Now any user has remote access to your desktop.


8/31

Kaspersky PURE 2.0

7 | 3 0

Editing packet rules

All packet rules (default or created by the user) can be edited. For example, if you want to

block remote access to your computer desktop, then edit the Remote Desktop packet rule:

1. In the right part of the Settingswindow of the Firewallcomponent in the Network rules

section click the Settingsbutton.

2. In the Firewallwindow go to the Packet rulestab.

3. In the list of packet rules select the Remote Desktoprule.


9/31

Kaspersky PURE 2.0

8 | 3 0

4. Click the Editbutton. In the Network rulewindow that opens you can edit the settings

of the selected rule.

5. In the Action section change the Allowvariant to Block.

6. In the Address section select the Subnet addressvariant and choose the Public

networksitem from the displayed list.


10/31

Kaspersky PURE 2.0

9 | 3 0

7. In the Network rulewindow click the OKbutton.

8. The made changes are displayed in the Firewallwindow on the Packet rulestab in the

list of packet rules: for the Remote Desktoprule the network type in the Address

column will change to Public networks, and an allowing icon in the Permissioncolumn

will change to a blocking icon.

9. In the Firewallwindow click the OK button.

10. In the Settingswindow click the Apply button.

Now only users of local and trusted networks have access to your computer desktop

Application rules

Creating application rules

You can create applications1rules for more subtle filtering of the network activity, edit rules for

a group of applications or for an individual application in a group.

Custom rules for individual applications have a higher priority than the rules inherited from a

group.

When creating an application rule, you can define an action to be performed by Firewallupon

detection of this type of the network activity when working with an application:

Allow;

Block;

Prompt(user) for action.

An allowing or blocking action of a rule can be displayed in a report, for this during the rule

creation in the Actionsection, check the Log eventsbox.

1Application rules monitor connections only by TCP and UDP protocols.


11/31

Kaspersky PURE 2.0

10 | 3 0

To create a rule for an individual application, for example a rule blocking the QIP internet pager

any network activity outside your local and trusted networks, perform the following actions:

1. In the right part of the Settingswindow in the Network rulessection click the Settings

button.

2. In the Firewall window on the Application rulestab select QIP 2012.

3. Click the Editbutton.

4. In the Application ruleswindow that opens, go to the Network rulestab.

5. At the top of the window click the Addbutton.


12/31

Kaspersky PURE 2.0

11 | 3 0

6. In the Network rulewindow perform the following actions:

In the Actionsection select the Blockaction; In the Namesection select the Any network activity service;

In the Addresssection select the Subnet addressvariant and in the displayed list

select Public networks;

Check the Log eventsbox if you want to log actions performed according to the

rule;

Click the OK button.


13/31

Kaspersky PURE 2.0

12 | 3 0

7. The created rule will appear in the Application rules window on the Network rulestab

in the list of rules for QIP 2012.


14/31

Kaspersky PURE 2.0

13 | 3 0

8. Click the OKbutton in the Application ruleswindow.


10. In the Settingswindow click the Applybutton

Editing an application ruleFor the default network rules created by Kaspersky PURE you can edit only an action(such

rules cannot be deleted). For this, perform the following actions:


button.

2. In the Firewall window on the Application rulestab select a required application.

3. Click the Editbutton. In the Application ruleswindow that opens, go to the Network

rulestab.

4. From the list of rules for an application, select a rule whose action you want to change.

5. In the Permissioncolumn for the selected rule right-click the action icon.

6. From the context menu select the required action:

Allow

Block

Prompt for action

7. In the Application ruleswindow click the OK button.




15/31

Kaspersky PURE 2.0

14 | 3 0

For a network rule created by the user you can edit all earlier created settings. For this,

perform the following actions:


button.

2. In the Firewallwindow on the Application rulestab select an application whose ruleyou want to edit.

3. Click the Edit button. In the Application ruleswindow that opens, go to the Network

rulestab.

4. From the list of rules select a rule you want to edit.


6. In the Network rulewindow change the required settings.


16/31

Kaspersky PURE 2.0

15 | 3 0

7. In the Network rulewindow click the OK button.

8. In the Application ruleswindow click the OK button.



Configuring network service

When creating any network rule you should specify the network service. Settings

characterizing the activity of the network for which a rule is created are described by the

network service.

You can select type of the network activity from the list or create a new type.

Network service includes the following parameters:

Name. Preferably use the names which would explicitly describe the rule. Forexample, DNS over TCP.


17/31

Kaspersky PURE 2.0

16 | 3 0

Protocol. Firewall restricts connections via TCP, UDP, ICMP, ICMPv6, IGMPand

GRE2protocols. If protocol ICMPor ICMPv6was selected as the protocol, you can

specify the type and the code of the ICMP packet.

Direction. Firewall controls connections with the following directions:

Inbound.A rule is applied to data packets received by your computer.

2TCP, UDP, ICMP, ICMPv6, IGMP, GREare protocols (sets of rules) of the data transfer in the network.

ICMP-packetis a packet which contains the error message about the error or any other exceptional situationwhich occurred during the data transfer. The fields code and type of the ICMP-packetcorrespondingly contain

the type and code of the occurred situation.


18/31

Kaspersky PURE 2.0

17 | 3 0

Inbound (stream). The rule is for network connections created from another

computer.

Inbound/Outbound. The rule is for inbound and outbound data packets and data

streams regardless the direction.

Outbound.A rule is applied to data packets transferred from your computer.

Outbound (stream). The rule is only for network connections created by your

computer.

Remote and Local ports. You can specify ports which are used by your and remote

computers for TCPand UDPprotocols. These ports will be controlled by Firewall.

Allocating range of IP-addresses

While creating the rule's conditions you can specify the network service and the network

address. You can use an IP addressas the network address or specify the network status. In

the latter case the addresses will be copied from all networks that are connected and have the

specified status at this moment.

You can select one of the following statuses:


19/31

Kaspersky PURE 2.0

18 | 3 0

Any addressthe rule will be applied to any IP address;

Subnetwork addresses with statusthe rule will be applied to IP addresses of all

networks that are connected and have the specified status at the moment:

Trusted networks

Local networks

Public networks Addresses from groupthe rule will be applied to IP addresses included into the

specified range. Select one of the existing groups of addresses. If no range of IP

addresses in any group satisfies you, create a new one.


20/31

Kaspersky PURE 2.0

19 | 3 0

For this perform the following steps:

1. At the bottom part of the section click on the Addlink.

2. In the IP address or DNS namewindow specify the addresses from the group.

3. Click the OKbutton.4. In the Network rulewindow click the OKbutton.

A method to allocate IP-addresses using Classless Inter-Domain Routing (CIDR) 3has been

implemented in Kaspersky PURE.

CIDRuses Variable Length Subnet Mask (VLSM)whereas in Class Inter-Domain Routing

the mask length is strictly set by 0, 1, 2 or 3 bytes.

For example, lets take a record of the range of IP-addresses as 10.96.0.0/11. In this case the

subnet mask will look as 11111111 11100000 00000000 00000000, or as 255.224.0.0in a

decimal view. 11 bits of the IP-address are allocated to the number of network; the other 21

3CIDR(Classless InterDomain Routing, CIDR) is the method of IP-addressingwhich allows managing the

range of IP-addressflexibly, without rigid frames of the Class Inter-Domain Routing. CIDRallows using the end

resource of IP-addresses economically, thus enhancing efficiency of KSOS 2.


21/31

Kaspersky PURE 2.0

20 | 3 0

bits (32-11= 21) of the full address are allocated to the local address in the network. To sum

up, 10.96.0.0/11is a range of addresses from 10.96.0.1to 10.127.255.255.

Remember, when defining CIDR-addressing in the networks of the IP-protocol version 4 (IPv4)

in any case the rule will be applied to the whole network.

To convert IP-addressesinto CIDRKaspersky Labexperts recommend using any web site

which provides free service of converting IP-addressesto CIDR-addressing (for example, the

web site http://ip2cidr.com/

).

Extending the range of IP addresses

Each network matches one or more ranges of IP address. If you connect to a network, access

to subnetwork of which is performed via a router, you can manually add subnetworks

accessible through it.

Example: You are connecting to the network in an office of your company and wish to use the

same filtering rules for the office where you are connected directly and for the offices

accessible over the network.Obtain network address ranges for those offices from the network administrator and add them.

To extend the range of network address, please perform the following:

1. In the right part of the Firewallsettings window in the Networkssection select an active

connection and click the Editbutton.


22/31

Kaspersky PURE 2.0

21 | 3 0

2. In the Network connectionwindow on the Propertiestab in the Additional

subnetworkssection click the Addlink.

3. In the IP addresswindow specify an IP address or address masks.

4. Click the OKbutton.

5. In the Network connectionwindow click the OKbutton.


Changing the rule for a group of applications

Firewall analyzes the activity of each application running on your computer. Depending on the

threat rating, every application is included to one of the following groups:

Trusted4. Trusted applications are applications with digital signatures of trusted

vendors and applications signatures of those are included to the trusted applications

database. Activities of such applications are monitored by Proactive Defenseand

File Anti-Virus.

4Applications of that group are allowed to performany network activity irrespectively of the network status.


23/31

Kaspersky PURE 2.0

22 | 3 0

Low Restricted5. Low restricted applications are applications which are without

digital signatures of trusted vendors and which are not included to the trusted

applications database. Nevertheless, the low risk rating is assigned to such

applications.

High Restricted6. High restricted applications are applications without digital

signatures and which are not included to the trusted applications database. The high

risk rating is assigned to such applications.

Untrusted7. Untrusted applications are applications without digital signatures and

which are not included to the trusted applications database. Very high risk rating is

assigned to such applications.

You can modify rules for a whole group.

Custom rules for individual applications have a higher priority than the rules inherited

from a group.If you create an allowed rule for a whole group of applications and a prohibited

rule for a certain application from this group, then any network activity of a certain application

will be restricted according to a rule for this application, because it has a higher priority level.

In order to change rules for a group of applications, for example, if you want that low restricted

programs would have unrestricted rights to the network activity within the local networks,

perform the following actions:

1. In the right part of the settings window of the Firewallcomponent in the Network rules


5Applications of that group are allowedto perform any network activity in non-interactivemode. If you are using

the interactive mode, a notification will be displayed on the screen using which you can allow or block a

connection, or create an application rule using the Wizard.6Applications of that group are not allowedto perform network activity in non-interactivemode. If you are using

the interactive mode, a notification will be displayed on the screen using which you can allow or block aconnection, or create an application rule using the Wizard.7Any network activity is prohibitedfor the applications of that group.


24/31

Kaspersky PURE 2.0

23 | 3 0

2. In the Firewallwindow go to the Application rulestab.

3. Select the Low restrictedgroup of applications.



25/31

Kaspersky PURE 2.0

24 | 3 0

5. In the Group ruleswindow go to the Network rulestab and click the Addbutton.

6. In the Network rulewindow in the Actionsection select Allow, and in the Name

section select Any network activityand click the OKbutton.


26/31

Kaspersky PURE 2.0

25 | 3 0

7. In the Network rulewindow click the OKbutton.


9. In the Settingswindow click the OKbutton.

Now all applications of the Low Restrictedgroup have unrestricted right to the network

activity.

Changing the rule priority

The priority of a rule is determined by its position on the list of rules. The first rule on the list

has the highest priority. Each packet rule created manually will be added to the end of the list

of packet rules.

Application groups are integrated by the name of the program and rule priority applies to a

definite group only.

Manually created rules for applications have a higher priority, than the rules inherited from the

group.

To change the rule priority, please perform the following actions:

1. In the right part of the settings window of the Firewallcomponent in the Network rules


2. In the Firewallwindow go to the Application rulestab select the required application.


4. The Application ruleswindow opens. Go to the Network rulestab.

5. Select a rule and move it to the required place in the list by clicking the Move upand

Move downbutton.


27/31

Kaspersky PURE 2.0

26 | 3 0

6. In the Application ruleswindow click the OKbutton.



Configuring notifications of changes in the network

Network connection settings can be changed during the work. You can receive notifications of

the following modifications in the settings:

When network connection is established.

When the correspondence between MAC address and IP address is changed. The

notification will appear if IP address of a network computer was changed.

When new MAC address appears. The notification appears if a new computer wasadded to the network.

Pay attention, that notifications about changes in the work can be configured only for the

networks with the status Local orTrusted network.


28/31

Kaspersky PURE 2.0

27 | 3 0

To enable notification about changes to network connection settings, please perform the

following:

1. In the right part of the Firewallsettings window in the Networkssection select an active

connection and click the Editbutton.

2. In the Network connectionwindow go to the Additionaltab.

3. Check the boxes next to the events whose notifications you want to receive.


29/31

Kaspersky PURE 2.0

28 | 3 0

4. In the Network connectionwindow click the OKbutton.


Advanced Firewall settings

You can specify additional settings of the Firewalloperation:

Allow active FTP mode. Active mode suggests that to ensure connection between

the server on the client computer a port to which the server will connect will be

opened on the client computer (unlike the passive mode when the client connects to

the server). The mode allows to control which exactly port will be opened. The

mechanism works even if a blocking rule was created. By default, active FTP mode

is allowed.

Block connections if there is no possibility to prompt for action(application

interface is not loaded).This setting allows to avoid disruption of the Firewall

operation when the interface of Kaspersky PURE is not loaded. This is the defaultaction.

Do not disable Firewall until the system totally stops. This setting allows to avoid

disruption of the Firewalloperation until the system is completely stopped. This is

the default action.

By default all settings are enabled.

To modify advanced Firewallsettings, please perform the following:

1. In the right part of the Firewall settings window in the Network rulessection click the

Settingsbutton.


30/31

Kaspersky PURE 2.0

29 | 3 0

2. In the Firewallwindow go to the Packet rulestab and click the Additionalbutton.


31/31

Kaspersky PURE 2.0

30 | 3 0

3. In the Additionalwindow check or uncheck the boxes next to the required settings and

click the OKbutton.



Firewall working features

When working with the Firewallcomponent you should remember about the following

peculiarities:

Firewall rules do not influence Network Attack Blocker;

For the zone Local networkICMPpackages are always allowed.

62 pure firewall network rules en

Documents

application rules

pure firewall network

editing packet rules

various rules

rules forapplications

contentfirewall rules

network rules5262018

network service