F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 8.00 - Administrator's Manual - page 216
216
3. To start the creation of the new rule, click
Add Before
. This starts the
Firewall Rule Wizard.
4. In the Rule Type window select Allow.
5. In the Remote hosts window select Any remote host.
6. In the Services window select Ping from the Service drop-down list,
and both from the Directions drop-down list.
7. In the Advanced Options window select the following options:
Security alert from the Send alert drop-down list
Network Event: Potentially Dangerous Service Allowed from the
Alert trap drop-down list
You can also enter a comment for the alert in the Alert comment
field.
8. In the Summary window you can verify that the rule is correct and
enter a descriptive comment for the rule.
9. Click
to save the policy data.
10. Click
to distribute the policy.
11. You can now test the rule by pinging one of the managed hosts and
checking that an alert is created and displayed on the Alerts tab.
6.7
Configuring the Intrusion Prevention
The Intrusion Prevention monitors inbound traffic and tries to find
intrusion attempts. It can also be used to monitor viruses that try to attack
computers in the LAN. The Intrusion Prevention analyses the payload
(the contents) and the header information of an IP packet, and compares
this information with the known attack patterns. If the information is similar
or identical to one of the known attack patterns, the Intrusion Prevention
creates an alert and takes the action it has been configured to take.