Kaspersky Internet Security 2009

Today computers have become quite vulnerable when on the Internet. They are subjected not only to virus infections but other types of attacks as well that take advantage of vulnerabilities in operating systems and software.

Kaspersky Internet Security 2009 contains a special component, Firewall, to ensure your security on local networks and the Internet. It protects your computer on the network and application level and masks your computer on the net to prevent attacks.

Protection on the network level is performed by using global packet filtration rules where network activity is allowed or blocked based on analyzing settings such as packet direction, the data packet transfer protocol, and the outbound packet port. Rules for data packets establish access to the network, regardless of the applications installed on your computer that use the network.

In addition to the packet filtration rules, the Intrusion Detection System (IDS) provides additional security on the network level. The goal of the system is to analyze inbound connections, detect port scans on your computer, and filter network packets aimed at exploiting software vulnerabilities. When running, the Intrusion Detection System blocks all inbound connections from an attacking computer for a certain amount of time, and the user receives a message stating that his computer underwent an attempted network attack.

The Intrusion Detection System is based on using a special network attack database in analysis, which is regularly supplemented by Kaspersky Lab's specialists. It is updated along with the application databases.

Your computer is protected on the application level by applying application rules for using network resources to the applications installed on your computer. Like the network protection level, the application protection level is built on analyzing data packets for direction, transfer protocol, and what ports they use. However, on the application level, both data packet traits and the specific application that sends and receives the packet are taken into account.

Using application rules helps you to configure more specific protection when, for example, a certain connection type is banned for some applications but not for others.

There are two Firewall rule types, based on the two Firewall protection levels: 

• Rules for packet filtering are used to create general restrictions on network activity, regardless of the applications installed. Example: if you create a packet rule that blocks inbound connections on port 21, no applications that use that port (an ftp server, for example) will be accessible from the outside. 
• Rules for applications are used to create restrictions on network activity for specific applications. Example: If connections on port 80 are blocked for each application, you can create a rule that allows connections on that port for Firefox only.

There are two types of rules for applications and rules for packet filtering: allow and block. The program installation includes a set of rules that regulate network activity for the most common applications and using the most common protocols and ports. Kaspersky Internet Security 2009 also includes a set of allow rules for trusted applications whose network activity is not cause for suspicion.

Kaspersky Internet Security 2009 breaks down the entire network space into security zones to make settings and rules more user-friendly, which largely correspond to the subnetworks that your computer belongs to. You can assign a status to each zone (Internet, Local Area Network, Trusted), which determine the policy for applying rules and monitoring network activity in that zone.