network monitor - kaspersky lab | antivirus protection | internet
TRANSCRIPT
Small Office Security 2
Network Monitor
1 | 1 1
Kaspersky Small Office Security 2
Table of content Table of content ............................................................................................................................... 1
Network Monitor ............................................................................................................................... 2
What is Network Monitor ............................................................................................................... 2
Configuring the mode of controlling monitored ports and scanning encrypted connections ......... 4
Creating a list of monitored ports ............................................................................................... 4
Scanning encrypted connections ............................................................................................... 7
Scanning encrypted connections in Opera ................................................................................ 8
2 | 1 1
Kaspersky Small Office Security 2
Network Monitor What is Network Monitor Network Monitor is a tool used to view information about network activities in real time. To run Network Monitor, perform the following actions:
1. Open the main application window. 2. Select the Protection Center tab. 3. In the right part of the window in the Online activity section click on the Network Monitor
link.
The Network Monitor window will provide the information grouped on the following tabs:
► Connections and Ports ► Firewall: rule processing log ► Network traffic ► Blocked computers
Let’s see each tab in details.
• On the Connections and Ports tab lists all the opened ports and active network connections currently established on your computer.
3 | 1 1
Kaspersky Small Office Security 2
For each connection it lists the following information: the name of an application that initiated this connection, the connection protocol, the direction of the connection (inbound or outbound), the connection settings (local and remote ports and IP addresses). Here you can also check the lifetime of this connection and the volume of data sent/received.
• The Firewall: rule processing log tab displays information about the use of packet rules for applications.
The tab displays information about packet rules enforced for applications: event time, Firewall action, application name, protocol, status of the networks for which the rule is applied upon connection, local and external connection addresses. Select the type of events information which will be recorded in the log, using the dropdown list near the top of the tab.
• The Network traffic tab displays information on all inbound and outbound connections established between your computer and other computers, including web servers, mail servers, etc. The following information for each connection is displayed: the name and IP address of the host that the connection is with, and the amount of traffic sent and received.
• The Blocked computers tab lists the blocked computers.
Having detected an attacking attempt on your computer, the program will block any network activity from an attacking computer against your computer. A notification message appears
4 | 1 1
Kaspersky Small Office Security 2
on the screen informing that a network attack attempt was made with the information about an attacking computer; this information is logged on the Blocked computers tab as well.
The IP address of the blocked computer is displayed in the Address field, the time from the moment the computer has been blocked is displayed in the Time field. To unblock the computer activity use the Unblock link in the bottom part of the window.
Configuring the mode of controlling monitored ports and scanning encrypted connections
Creating a list of monitored ports Such protection components as Mail Anti-Virus, Web Anti-Virus and Anti-Spam monitor the data streams transferred via specific protocols and passing certain open ports on your computer. Thus, for example, Mail Anti-Virus analyzes information transferred via the SMTP protocol, and Web Anti-Virus analyzes HTTP packets. You can select one of the two port monitoring modes:
► Monitor all network ports; ► Monitor selected ports only. A list of ports that are used for transmitted email and HTTP
traffic is included in the application package. To add a port to the list of monitored ports, perform the following actions:
1. Open the main application window. 2. In the upper part of the window click the Settings link. 3. In the Protection Center section select Network. 4. In the right part of the window in the Monitored ports section click the Select button.
5 | 1 1
Kaspersky Small Office Security 2
5. In the Network ports window in the upper table click on the Add link. 6. In the Network port window specify the required data:
In order to exclude a port from the list of monitored ports:
1. Open the main application window. 2. In the upper part of the window click the Settings link. 3. In the Protection Center section select Network. 4. In the right part of the Network ports window click the Select button.
6 | 1 1
Kaspersky Small Office Security 2
5. In the Network ports window uncheck the box next to the port's description.
To create the list of applications for which you wish to monitor all the ports, please do the following:
1. Open the main application window. 2. In the upper part of the window click the Settings link. 3. In the Protection Center section select Network. 4. In the right part of the Network ports window click the Select button. 5. In the Network ports window check the Monitor all ports for specified applications box
and click the Add link in the section below.
7 | 1 1
Kaspersky Small Office Security 2
6. In the menu that will open, select an application. Once you select the Browse item, a window will open in which you should specify the path to an executable file. Once you select the Applications item, the list of applications currently running will open.
7. In the Application window that will open, specify the description for the application selected.
8. To temporarily exclude a program from the list without deleting it, clear the box next to it. In order to apply the configured settings, restart the browser and other network applications.
Scanning encrypted connections Connecting using the Secure Sockets Layer (SSL) protocol protects data exchange channel on the Internet. The SSL protocol allows to identify the parties exchanging data using electronic certificates, encode the data being transferred, and ensure their integrity during the transfer. These features of the protocol are used by hackers to spread malicious programs, since most antivirus programs do not scan SSL traffic. Computer Protection verifies secure connections using Kaspersky Lab certificate. This certificate will always be used to check whether the connection is secure. Further traffic scans via the SSL protocol will be performed using the installed Kaspersky Lab certificate. If an invalid certificate is detected when connecting to the server (for example, if the certificate is replaced by an intruder), a notification will pop up containing a suggestion to either accept or reject the certificate, or view information about the certificate. If the application works in automatic mode, the connection using an invalid certificate will be terminated without any notification. To enable encrypted connections scan, please do the following:
1. Open the main application window. 2. In the upper part of the window click the Settings link. 3. In the Protection Center section select Network. 4. In the right part of the window in the Encrypted connections scan section check the Scan
encrypted connections box. By default the box is unchecked. If the box is unchecked, KSOS 2 does not scan SSL-traffic.
5. Click the Install certificate button.
8 | 1 1
Kaspersky Small Office Security 2
6. In the Certificate window click the Install certificate button. Follow the instructions of the
wizard to install the certificate. Some sites may be unavailable with the scan of encrypted connections enabled even after the certificate installation. The automatic installation of the certificate will only be available in Microsoft Internet Explorer. To scan encrypted connections in Mozilla Firefox or Opera, you should install the Kaspersky Lab certificate manually.
Scanning encrypted connections in Opera Opera browser does not use Microsoft Windows certificate storage. To scan SSL connections when using Opera, you should install the Kaspersky Lab certificate manually. To install the Kaspersky Lab certificate, please do the following: 1. In the browser's menu select Tools-> Settings (or Menu -> Settings-> Preferences). 2. In the Preferences window go to the Additional tab (or Advanced tab). 3. In the left part of the window select Security and click the Manage Certificates button.
9 | 1 1
Kaspersky Small Office Security 2
4. In the Certificate Manager window select the Vendors tab and click the Import button. 5. In the Import Certificate window select the Kaspersky Lab certificate file. The path to the Kaspersky Lab certificate file is %AllUsersProfile%\Application Data\Kaspersky Lab\AVP9\Data\Cert\(fake)Kaspersky Anti-Virus personal root certificate.cer. 6. Click the Install button. The Kaspersky Lab certificate file will be installed. To view the certificate information and to select actions which the certificate will apply, in the list of certificates select the required certificate and click the View button. To install the Kaspersky Lab certificate for Opera version 9.x, please do the following: 1. In the browser's menu select Tools > Preferences (or Menu -> Settings-> Preferences). 2. In the Preferences window go to the Advanced tab (or Advanced tab). 3. In the left part of the window select Security and click the Manage Certificates button.
10 | 1 1
Kaspersky Small Office Security 2
4. In the Certificate Manager window select the Authorities tab and click the Import button.
5. In the Import Certificate window select the Kaspersky Lab certificate file. The path to the Kaspersky Lab certificate file is
11 | 1 1
Kaspersky Small Office Security 2
%AllUsersProfile%\Application Data\Kaspersky Lab\AVP9\Data\Cert\(fake)Kaspersky Anti-Virus personal root certificate.cer. 6. Click the Install button. The Kaspersky Lab certificate file will be installed. If your computer runs under Microsoft Windows Vista or Windows 7, the path to the Kaspersky Lab certificate file will be as follows: %AllUsersProfile%\Kaspersky Lab\AVP9\Data\Cert\(fake)Kaspersky Anti-Virus personal root certificate.cer.