Applies to Kaspersky Internet Security 2012
During Internet use, a computer is exposed not only to infection by viruses, but also various types of attacks that exploit vulnerabilities in operating systems and software.
The Firewall component included in Kaspersky Internet Security 2012 provides security during use of local networks and the Internet. The Firewall applies rules to all network connections. A rule is an allowing or blocking action by the Firewall upon detection of a connection attempt.
Protection from various types of attacks is provided on two levels: network and application.
Network protection is provided through the use of global rules for network packets, by which on the basis of analysis of the following parameters:
Direction of movement of the packet;
Protocol through which the packet is transferred;
Source or destination port of the packet;
network activity is either allowed or blocked.
Application protection is provided by applying rules for the use of network resources by the applications installed on your computer. As with network protection, application protection is formed by analysis of these same parameters. However, for application protection, account is taken not only of the characteristics of the network packet, but also of the specific application to which the packet is addressed or which initiated the delivery of the packet. The use of rules for applications makes it possible to apply more specific protection settings by which, for example, a certain type of connection is blocked for some applications but not for others.
Types of Firewall rules
There are two types of rules, based on the two types of protection offered by the Firewall:
. These are used for introducing general restrictions on network activity, regardless of which applications are installed. Example: when a packet rule is created for blocking an incoming connection to port 21
, no application using this port (such as an ftp
server) is accessible from the outside.
Rules for applications
. These are used for introducing restrictions on network activity for a specific program. Example: if connections to port 80
are blocked for all programs, you can create a rule allowing connections with this port only for the Firefox
Rules for packets and rules for applications may allow and block.
To simplify the configuration and application of rules in Kaspersky Internet Security 2012, the whole network space is divided into security areas, often corresponding with the subnetworks to which the computer is connected. You can give each of the areas a status: Trusted, Local or Public Network, which forms the basis for defining the policy for applying rules and controlling activity in that area.