KASPERSKY LAB Kaspersky Anti-Hacker 1.7 USER GUIDE KASPERSKY ANTI-HACKER 1.7 User Guide © Kaspersky Lab http://www.kaspersky.com Revision date: November, 2004 Contents CHAPTER 1. KASPERSKY ANTI-HACKER.................................................................. 6 1.1. What's new in v. 1.7 .............................................................................................. 7 1.2. Distribution Kit........................................................................................................ 7 1.3. Conventions........................................................................................................... 8 1.4. Help Desk for Registered Users ........................................................................... 9 CHAPTER 2. INSTALLING AND REMOVING THE SOFTWARE.............................. 10 2.1. System Hardware and Software Requirements................................................. 10 2.2. Installing ............................................................................................................... 11 2.3. License key installation........................................................................................ 13 2.4. Removing the Program ....................................................................................... 14 CHAPTER 3. STARTING WORK ................................................................................. 16 CHAPTER 4. PREVENTING HACKER ATTACKS WHEN WORKING IN THE INTERNET AND LOCAL AREA NETWORKS ......................................................... 19 4.1. Kaspersky Anti-Hacker Operating Principles ..................................................... 19 4.2. Security Levels .................................................................................................... 20 4.3. Recommended Settings...................................................................................... 21 CHAPTER 5. RUNNING THE PROGRAM .................................................................. 24 5.1. Starting the Program ........................................................................................... 24 5.2. System Menu....................................................................................................... 24 5.3. Main Window ....................................................................................................... 25 5.3.1. Menus ........................................................................................................... 26 5.3.2. Toolbar .......................................................................................................... 28 5.3.3. Workspace.................................................................................................... 30 5.3.4. Status Bar ..................................................................................................... 31 4 Kaspersky Anti-Hacker 5.4. Dialog Boxes' Shortcut Menu.............................................................................. 31 5.5. Rule Wizards ....................................................................................................... 31 5.6. Changing and Saving Interface Settings ............................................................ 32 5.7. Exiting the Program............................................................................................. 34 CHAPTER 6. ENABLING THE SECURITY SYSTEM AND DEFINING ITS SETTINGS.................................................................................................................. 35 6.1. Enabling the Security System and Selecting the Security Level ....................... 35 6.1.1. Enabling the Security System ...................................................................... 35 6.1.2. Selecting the Security Level ......................................................................... 37 6.1.3. Network Event Warning................................................................................ 38 6.1.4. Training Window (Medium Level) ................................................................ 39 6.1.5. The Executable Module Substitution Warning ............................................ 40 6.2. How the Program Responds to Attack ............................................................... 41 6.3. Customizing Application Rules ........................................................................... 43 6.3.1. Managing the Rule List................................................................................. 43 6.3.2. Adding a New Application Rule.................................................................... 46 6.3.2.1. Step 1. Customizing the Rule................................................................ 46 6.3.2.2. Step 2. Rule Conditions......................................................................... 51 6.3.2.3. Step 3. Additional Actions...................................................................... 57 6.4. Customizing Packet Filtering Rules .................................................................... 57 6.4.1. Managing the Rule List................................................................................. 57 6.4.2. Adding a New Rule....................................................................................... 60 6.4.2.1. Step 1. Rule Conditions......................................................................... 60 6.4.2.2. Step 2. Rule Name and Additional Actions........................................... 65 6.5. Intrusion Detection System ................................................................................. 66 6.5.1. Intrusion Detector Settings ........................................................................... 66 6.5.2. The List of Detectable Attacks...................................................................... 67 CHAPTER 7. VIEWING PERFORMANCE RESULTS................................................ 70 7.1. Viewing the Current Status ................................................................................. 70 7.1.1. Active Applications........................................................................................ 70 Contents 5 7.1.2. Established Connections.............................................................................. 73 7.1.3. Open Ports.................................................................................................... 76 7.2. Using the Logs..................................................................................................... 78 7.2.1. Displaying the Logs Window........................................................................ 79 7.2.2. The Logs Window Layout............................................................................. 79 7.2.2.1. Menus..................................................................................................... 80 7.2.2.2. Report Table .......................................................................................... 80 7.2.2.3. Tabs........................................................................................................ 81 7.2.3. Selecting the Log .......................................................................................... 81 7.2.3.1. Security Log ........................................................................................... 81 7.2.3.2. Application Activity ................................................................................. 82 7.2.3.3. Packet Filtering ...................................................................................... 83 7.2.4. Defining Log Settings ................................................................................... 84 7.2.5. Saving the Log to a File................................................................................ 85 APPENDIX A. INDEX .................................................................................................... 86 APPENDIX B. FREQUENTLY ASKED QUESTIONS ................................................. 87 APPENDIX C. KASPERSKY LAB................................................................................. 88 C.1. Other Kaspersky Lab Products .......................................................................... 89 C.2. Contact Information............................................................................................. 93 APPENDIX D. LICENSE AGREEMENT ...................................................................... 96 CHAPTER 1. KASPERSKY ANTIHACKER Kaspersky Anti-Hacker is a personal firewall that is designed to safeguard a computer running a Windows operating system. It protects the computer against unauthorized access to its data and external hacker attacks from the Internet or an adjacent local network. Kaspersky Anti-Hacker performs the following functions: · Monitors the TCP/IP network activity of all applications running on your machine. If it detects any suspicious actions, the program notifies you and if required, blocks the suspect application from accessing the network. This allows you to preserve confidential data on your machine. For example, if a Trojan tries to transmit any data from your computer, Kaspersky Anti-Hacker will block this malware from accessing the Internet. The SmartStealthTM technique makes it difficult to detect your computer from outside. As a result, hackers will lose the target and all their attempts to access your computer will be doomed to fail. Besides, this allows for prevention of the DoS (Denial of Service) attack of all types. At the same time you will not feel any negative influence of this mode while working on the Web: the program provides conventional transparency and accessibility of the data. Blocks the most common hacker network attacks by permanently filtering the incoming and outgoing traffic, and also notifies the user about any such attacks. Monitors for attempts to scan your ports (these attempts are usually followed by attacks), and prohibits any further communication with the attacking machine. Allows you to review the list of all established connections, open ports, and active network applications, and if required, lets you terminate unwanted connections. Allows you to secure your machine from hacker attacks without special configuration of program settings. The program allows simplified management by choosing one of five security levels: Block all, High, Medium, · · · · · Kaspersky Anti-Hacker 7 Low, Allow all. By default the program starts with the Medium level, which is a training mode that will automatically configure your security system depending on your responses to various events. · Allows flexibility of security system configuration. In particular, you can set the program to filter network operations into wanted and unwanted, and you can configure the Intrusion Detection System. Allows you to log certain security-related network events to various special-purpose logs. If required, you can define the detail level of the log entries. · The program may be used as a separate software product or as an integral component of various Kaspersky Lab's solutions. Attention!!! Kaspersky Anti-Hacker does not protect your computer from viruses and malicious programs that can destroy and/or corrupt your data. It is advised that you use Kaspersky Anti-Virus Personal for this purpose. 1.1. What's new in v. 1.7 Unlike version 1.5, the new version of the program supports operation under Windows XP with Service Pack 2 installed. 1.2. Distribution Kit The distribution kit includes: · · · · A sealed envelope containing installation CD with software files for the product This user guide A license key included into the distribution package or written on a special diskette License agreement 8 Kaspersky Anti-Hacker Before you unseal the CD envelope, be sure to review the license agreement thoroughly. The License Agreement (LA) is a legal agreement between you (either an individual or a single entity) and the manufacturer (Kaspersky Lab) describing the terms on which you may employ the anti-virus product which you have purchased. Please ensure you read all the terms of the LA! If you do not agree to the terms of this LA, Kaspersky Lab is not willing to license the software product to you and you should return the unused product to your Kaspersky Anti-Virus dealer for a full refund, making sure the envelope containing the CD (or diskettes) is sealed. By unsealing the envelope containing the CD (or the diskettes) you agree to all the terms of the LA. 1.3. Conventions In this book we use a number of conventions to emphasize various important parts of the document. The table below details the conventions used. Convention Bold font Meaning Menu titles, menu commands, window titles, dialog elements, etc. Additional information, notes. Critical information. Attention! Note. Kaspersky Anti-Hacker 9 Convention Meaning Actions that must be taken. To start the program, follow these steps: 1. ...