NetOp Process Control v. 4.0

NetOp Process Control v. 4.0

NetOp Process Control v. 4.0

© 2007 Danware A/S

Copyright © 2007 Danware Data A/S. All rights reserved.

Document Revision: 2007205

Please send any comments to:

Danware Data A/S

Bregnerodvej 127

DK-3460 Birkerod

Denmark

Tel: +45 45 90 25 25

Fax: +45 45 90 25 26

E-mail: [email protected]

Internet: http://www.netop.com

NetOp Process Control v. 4.0

© 2007 Danware A/S

Warranty

Danware Data A/S warrants the quality of the physical material of the user package, that is manual and CD-ROM. If these items are defective, we will exchange them at no cost within 60 days of purchase from Danware Data.

Disclaimer

Danware Data A/S denies any and all responsibility for damages caused directly or indirectly as a result of any faults with the enclosed programs and/or documentation.

Licence

Danware Data A/S retains the copyright to the user manual. All patent, copyright and other proprietary rights in and to the programs will remain with Danware Data A/S or its licensers.

Your purchase gives you the right to copy and use the programs as described on your Danware

License Certificate included in your package.

Please save your Danware License Certificate. It serves as your legal right to use the software.

You may also need them in order to receive future updates to the product.

Please be careful not to install or run the software on more PCs than your Danware License

Certificates permits you to do.

The programs may be copied for backup purposes only, and only as long as the above mentioned rules are adhered to

Trademarks

NetOp® and the red kite are registered trademarks of Danware Data A/S. All other products mentioned in this manual are trademarks of their respective manufacturers.

Publisher

Danware Data A/S

Technical Editors

Lars Lyhne

Team Coordinator

Allan Iskov

NetOp Process Control v. 4.0

Table of Contents

Part I Welcome

Part II Introduction

Menubar ......................................................................................................................................................... 3

Toolbars ......................................................................................................................................................... 3

Viewpane ......................................................................................................................................................... 4

1

1

Profiles ......................................................................................................................................................... 6

Part III Installation

11

2 Install ................................................................................................................................... 12

Logging ........................................................................................................................................... 21

Part IV Daily Use - Enterprise User

25

© 2007 Danware A/S

Part V Setup the Process Control

Contents

29

Profiles ......................................................................................................................................................... 52

Part VI Handling the Process Control

62

© 2007 Danware A/S

NetOp Process Control v. 4.0

3 Menus ................................................................................................................................... 82

Toolbar ......................................................................................................................................................... 83

© 2007 Danware A/S

1

2

Welcome 1

Welcome

Welcome to Process Control, a Danware Data security software.

This manual will lead you through a default installation and startup of Process Control. Additionally it will present examples of how to configure programs to work with the Process Control.

Available options are explained in the Process Control User’s Manual that is included as a PDF file on the CD and in Process Control Help that can be accessed from the Process Control window after installation.

If you encounter difficulties using this product, first consult with this Help system.

Additional troubleshooting guidance is available in our KnowledgeBase at www.help.netop.com.

The local supplier of your NetOp product is available for advising you on how to obtain maximum benefit from your NetOp product.

As a last resort, you are invited to submit a support request directly to NetOp Support at www.

netop.com/supportnpc by using the ‘Contact Technical Support’ form.

We will get back to you as soon as possible with a solution to your problem.

NetOp Product Services

Introduction

The Process Control is an extremely powerful tool that offers process control and dynamic packet filtering.

Process control gives you the ability to deny any program (process) to run at all, allow communication, only allow communication of a trusted network or prevent any communication.

Packet Filtering is used for restricting the computer's inbound and outbound traffic based on IP addresses, ports and protocols.

Packet Log and Traffic Matrix are two built-in tools used for displaying real-time network activity details such as which IP addresses, ports and protocols a program is trying to use for communication. Make use of this information to configure the Process Control.

The Process Control configuration can either be managed locally on each computer or centralized by the optional NetOp Policy Server. For fault tolerance and load distribution the NetOp Policy

Server has been implemented with a Master Server and multiple Replica Servers ensuring maximum system availability.

See:

Process Control Overview ,

Compatibility and System Requirements

,

About NetOp Process

Control and

Setup Examples

2.1

Process Control Overview

This section describes the fundamental layout of the Process Control and the two models which we use to describe and explain the functionality and handling of the Process Control.

Walk-through the fundamental lay-out and functionalities of the Process Control here: Process

Control Walk-through .

This manual will concentrate on two different setup types: A single user solution and a multi user solution as illustrated in these sections:

SoHo / Single User and Enterprise User .

© 2007 Danware A/S

2 NetOp Process Control v. 4.0

2.1.1

Process Control Walk-through

The Process Control’s graphical user interface consists of seven parts:

Menubar

Toolbars

Viewpane

File Information

Active processes

Process Control Rules

Information

Profiles

© 2007 Danware A/S

Introduction

2.1.2

Menubar

The menu gives you access to all functions in the Process Control.

When you have to access functions which cannot be reached via the shortcuts, we use the following notation:

As an example: To open the Options relating to a Policy Server, we will write:

To setup the Policy Server, click Tools > Options > Policy Server.

See:

Menu Bar

3

2.1.3

Toolbars

The shortcuts - just below the menu bar - consists of the most-used functions.

All of these functions can be found in the menus as well.

Follow these steps to configure the shortcuts to meet your needs:

1. Click the down-arrow in the shortcut menu.

2. Select which functions the shortcut has to contain (indicated by the arrow in the screen shot above).

3. More functions and shortcut menu bars can be accessed in ‘Customize...’.

© 2007 Danware A/S

4 NetOp Process Control v. 4.0

Note: The changes take effect immediately.

See:

Toolbar

2.1.4

Viewpane

The default viewpane changes its contents accordingly to the information you want to see:

In this example you are looking at the Process Control Rules > Programs.

The panes contain lists of programs, ports etc. All of whom can be configured from the selected view itself.

Select an item on the list in the pane and right-click the item to open a menu which include all functions.

The other views will be explained in detail at a later stage.

See: Setup the Process Control Rules and

Handling the Process Control .

© 2007 Danware A/S

Introduction

2.1.5

File Information

This view contains rule status and where the application (the executable file) is saved.

5

This pane allows for you to change the Process Control Rule on the fly for the selected file. Just click the drop-down menu to select another rule.

2.1.6

Active processes

The Last Active Processes pane shows which processes that have been started. The latest is added to the left.

By letting the cursor hover over a process a tooltip is displayed. The tooltip contains the following information:

File name The name of the process.

File path The path from where the process runs.

Process ID The number of the process.

Rule The rule given by you or the administrator, e.g. 'Allow Communication'.

2.1.7

Proces Control Rules

The Process Control Rules pane offers quick and direct access to the different views that define your Process Control.

The selected rule gets displayed in the view pane.

© 2007 Danware A/S

6 NetOp Process Control v. 4.0

See:

Setup Rules

2.1.8

Information

The Information pane offers different tools which can help you to trouble-shoot and analyze your network traffic.

The selected information type gets displayed in the view pane.

See:

Setup the Information

2.1.9

Profiles

The Profiles pane offers the tools to customize and edit your own user profiles. A user profile is a collection of Process Control rules and IP addresses which the user is allowed to connect to.

These profiles greatly enhance the level of security both when the computer is logged on inside the company and especially outside the company’s network.

Once the user profiles have been created, the profiles can shift automatically once they have been created.

See:

Setup Profiles Rules

© 2007 Danware A/S

2.2

About NetOp Process Controll

Introduction 7

Check this window to see which version you are running and the serial number.

Use these numbers when you contact your dealer or NetOp Support.

2.3

Compatibility and System Requirements

These system requirements apply when installing this version of Process Control on a computer:

Computer

Memory

Intel Pentium processor 233 MHz or higher or 100% compatible

Operating System requirement plus additional 32 MB RAM

Video

Disk space

Platform

Any 100% VGA compatible graphics adapter supported by Windows

10 MB free disk space

Windows Vista (32 bit)

Windows XP Professional

Windows XP Home Edition

Windows 2000 Professional

Communication s

At least one network adapter or modem

TCP/IP: Winsock 2 or compatible

Internet access (for initial product registration)

Note: NetOp Process Control does not support any server platforms.

© 2007 Danware A/S

8 NetOp Process Control v. 4.0

2.4

Table Controls

Typically, these controls are available with tables in window panes:

Resize the pane by resizing the window by dragging its borders. Change the width of a column by dragging the right border of its heading. Sort records (ascending/descending) by any column by clicking the column heading. If table contents extend beyond the pane, it has scrollbars.

Click a record to select and highlight it. Click a record and while pressing SHIFT click another record to select and highlight both records and records in between. Click a record and while pressing CTRL click other records to select and highlight clicked records.

2.5

Setup Examples

In this section you will be introduced to a number of scenarios, which will help you to recognize your protection requirements.

See:

SoHo / Single User

,

Enterprise User

,

Working Inside the Company

and

Working Outside of the Company .

2.5.1

SoHo / Single User

A single user or SoHo user (Single office / Home office) can be defined as a Process Control user who does not connect to a company’s network.

Typical setup. A user with a personal Process Control behind a perimeter Process Control connected to the

Internet.

The user connects to the Internet through the Process Control as illustrated above.

In order to protect her computer the user has implemented Process Control rules based on the applications that already run on the computer, combined with bans on certain web-sites.

This provides her with a strict, yet flexible security profile; new programs are not allowed to run

(they will be killed) and children cannot connect to certain web sites.

2.5.2

Enterprise User

The enterprise user is subjected to a number of security policies - both inside and outside of the company. The company naturally wants to prevent malicious software to spread onto all connected computers - without impeding the users’ ease of use.

Balancing the enterprise users’ need for smooth operation and the company’s need for overall security has until now proven to be a difficult task.

The drawings below will - as do the drawing in the previous chapter - serve as example throughout the manual.

See:

Working Inside the Company and

Working Outside of the Company

© 2007 Danware A/S

Introduction 9

2.5.2.1

Working Inside the Company

These users, AC, AD and DE, can physically move about inside and outside the company with their laptops. Without restrictions they will be able to connect to the different domain servers which may be potentially unsafe. However, by introducing multi-level user access the Process Control can limit the connectivity.

The Security Officer who manages the security server and monitors the network creates the different user-profiles based on the security policies that the company sees as imperative.

These Process Control rules allow different users to run different applications, through certain ports with specific protocols and so forth.

The drawing shows three ordinary situations: Wireless users able to move about inside the company, wireless users who return to or visit the company and stationary users.

The security policies that are enforced onto the computers in a network are controlled by a NetOp

Security Policy server. The policy server continuously checks the connected computers against the user profiles stored on it. In case of an attack, the security officer can shut down applications and

LAN on the clients in order to prevent the malicious software to spread.

Typical corporate setup incl. Security Policy Manager, supervised by a Network administrator.

The stationary users pose little trouble for the security officer; the stationary computers are equipped with a security profile which allow them to work with the programs necessary. New programs cannot be installed, and unauthorized programs will simply be killed.

With their ability to work wireless the laptops can be restricted with respect to which sub-nets of the network they are allowed to connect to.

This could mean that the ‘AC’ laptop cannot connect to administration’s sub-net, whereas the ‘AD’

© 2007 Danware A/S

10 NetOp Process Control v. 4.0

laptop could be able to connect to all sub-nets.

In the situation where the ‘DE’ laptop returns to the company two things will happen: The user profile will switch to the ‘at the office’ status on the employee’s laptop, and software that is not allowed by the Policy Server will not be allowed to run on the computer.

2.5.2.2

Working Outside of the Company

As mentioned above the NetOp Process Control offers different user-created profiles to each user in order to enhance the security.

The following chapter lists three examples as can be seen in the drawing below:

Three typical scenarios.

Basically, the Process Control is set up to recognize IP-addresses, MAC-addresses or a domain.

The different addresses are strictly hierarchical ordered. The Process Control will try to validate the address it senses on the input port with its address hierarchy.

Office

When the Process Control recognizes a specified domain, it automatically switches to the assigned profile (Office).

Because it already is protected by the company’s other security measures, the Office profile has no rule but to kill unknown programs.

Home

When the Process Control recognizes a specified MAC address on the gateway (home router), it automatically switches to the assigned profile (Home).

In this example the home net is a Trusted Net and all inbound traffic from all other nets will be blocked.

Hotspot etc.

When the Process Control recognizes none of the above, it automatically switches to the assigned profile (UnknownNet).

In this example, only Internet surfing on port 80 is allowed for outbound traffic. All inbound traffic will be rejected.

© 2007 Danware A/S

3

Introduction 11

See:

Unknown Network Setup

Installation

This chapter explains how to install Process Control on computers running on the operating systems Windows Vista (32 bit), 2000 or XP.

It contains the sections:

Before Install ,

Install

and Setup Wizard

.

3.1

Before Install

Before installing, read the NPCReadMe.txt file that resides in the root directory of the CD. This file contains important general information and may contain update information that was not available when this documentation was last edited.

1. Uninstall or disable other Process Controls.

2. Scan your computer with an updated anti virus product.

3. Save all data and shut down all running Windows applications.

Note: To install a licensed version of Process Control, the computer must be connected to the

Internet. If connected to the Internet by a dial-up connection, the dial-up connection must be running.

See:

Compatibility and System Requirements

© 2007 Danware A/S

12 NetOp Process Control v. 4.0

3.2

Install

Please follow the on-screen instructions.

For special installation methods, see: Installation alternatives .

© 2007 Danware A/S

Installation

3.3

Setup Wizard

When the computer has been restarted after initial installation or when Run Setup Wizard... is selected in the Tools menu, this window will be displayed:

13

Note: We recommend running this setup wizard on your usual local area network after initial installation to automatically configure Process Control for a smooth computer startup.

Click Next > to display this window:

© 2007 Danware A/S

14 NetOp Process Control v. 4.0

After initial installation and computer restart, Process Control records all programs that started running after computer restart and lists them in the table of this window.

The setup wizard suggests to assign to them the Process Control rule ‘Allow Communication’ as shown in the ‘Rule’ column and the attributes ‘Read-only’, ‘Hidden’ and ‘System’ as shown in the

‘Attributes’ column to secure a smooth computer startup in the current environment.

Process Control rules and attributes are explained in Programs.

If running the setup wizard later from the ‘Tools’ menu, this table contains the Program Process

Control rules and attributes specified in the Programs display pane.

Select one of the options:

8 Automatically add all detected programs - Select this option (default selection) to accept the table contents.

m Manually select programs needed for startup - Select this option to enable editing the table contents.

Note: We recommend the default selection.

See:

Setup Programs .

Click Next > to display this window:

© 2007 Danware A/S

Installation 15

After initial installation and computer restart, Process Control detects the names and addresses of local area network computers connected to during computer restart and lists them in the table of this window.

The setup wizard suggests to assign to them the Process Control rule Inbound/Outbound Trust as shown in the ‘Rule’ column and no attributes as shown in the ‘Attributes’ column to secure a smooth computer startup in the current environment.

Process Control rules and attributes are explained in Trusted Nets.

If running the setup wizard later from the ‘Tools’ menu, this table contains the Trusted Net Process

Control rules and attributes specified in the Trusted Nets display pane.

Select one of the options:

8 Automatically detect Local Area Network if present - Select this option (default selection) to accept the table contents.

m Manually Define Local Area Network - Select this option to enable editing the table contents.

Note: We generally recommend the default selection.

See:

Setup Trusted Nets .

If restarting the computer after initial installation without being connected to your usual local area network, no local area network computers will be detected and no trust with them will be suggested.

There will be long delays starting the pc up if LAN trusts are required but not specified. Lack of

LAN trusts will cause the Process Control to block inbound network communication.

To avoid long delays, manually define local area network computers in the table.

Alternatively, before starting up the computer connected to the local area network specify all available IP addresses (0.0.0.0 to 255.255.255.255) as a Trusted Net. This will make the setup

© 2007 Danware A/S

16 NetOp Process Control v. 4.0

wizard run upon startup an replace the all available IP addresses trust by trusts with local area network computers connected to during computer startup.

Click Next > to display this window:

By default, the Port Process Control rule Outbound Traffic is assigned to a predefined selection of commonly used ports. This window offers the alternatives of assigning one of the Process Control rules Outbound Traffic or Blocked in Both Directions to all available port numbers (0-65535).

Process Control rules and attributes are explained in

Setup Ports .

Select one of the options:

8 Permit all outbound traffic (Default) - Select this option to assign the Process Control rule

Outbound Traffic to all available port numbers.

This selection matches checking the Options window General tab Outbound Traffic

Permissions section Permit traffic on all outbound ports box.

m Limit outbound traffic - Select this option (default selection) to apply the Process Control rules assigned in the Ports display pane (default is Outbound Traffic for all specified ports).

m User defined rules - Select this option to assign the Process Control rule ‘Blocked in Both

Directions’ to all available port numbers to open individual ports manually afterwards.

Note: We recommend the default selection.

See:

Setup Ports and

General Options .

Click Next > to display this window:

© 2007 Danware A/S

Installation 17

Click < Back to return to the previous wizard window to change your selections.

Click Finish to leave the setup wizard applying its selections.

See:

Installation Alternatives and Command Line Installation

3.3.1

Installation Alternatives

Installation alternatives enable installing Process Control with little or no user intervention, quietly

(not displaying any windows during installation), on remote computers, in a configured state and by deployment.

The installation of Process Control uses Windows Installer.

The Windows Installer program ‘msiexec.exe’ installs and removes program features specified in an installation package file with the extension msi according to the command syntax: msiexec <Option> <Required parameter> [<Optional parameter>]

The command can contain multiple options and parameters.

Available options are displayed in a window when on a computer with ‘msiexec.exe’ version 3+

(standard in newer Windows) in its \Windows\System32\ directory running the command: msiexec

These options are relevant for Process Control installation alternatives:

Option

/i

/a

Effect

Installs the installation package <Product>.msi in a specified directory. <Path>

\<Product>.msi is a required parameter.

Unpacks the installation package <Product>.msi in a specified directory without

© 2007 Danware A/S

18 NetOp Process Control v. 4.0

/qn

/l*v installing it. <Path>\<Product>.msi is a required parameter.

Executes in quiet mode (no windows displayed) with no user interaction.

Logs all information with verbose output in the log file <Log name>.log. <Path>

\<Log name>.log is a required parameter.

TRANSFORMS=<Transformation file> is a standard optional parameter that applies transformations specified in a required format transformation file with the extension mst.

Other optional parameters can be used.

Note: Command line operations are case sensitive.

See:

Command Line Installation

3.3.1.1

Command Line Installation

The next pages contain examples of command line installation and an example of deployment:

Normal installation

Create a License Registration File

Quiet Installation

Install Process Control in a Configured State

Logging

Deployment

3.3.1.1.1 Normal installation

Run this command for a normal installation from the Process Control installation package ‘setup.

msi’: msiexec /i <Path>\setupenUS.msi

Note: If a parameter contains spaces, it must be enclosed by double quotation marks.

The license number and key can be specified in two added optional parameters:

DW_REG_NUMBER=DWS-X-XXXXXXXXX DW_REG_KEY=XXXXXXXX

If these parameters are used, the window for specifying these numbers will not be displayed, and if the product has already been registered, the window for specifying personal data will not be displayed either.

See:

Command Line Installation , Create a License Registration File

,

Quiet Installation , Install NPC in a Configured State ,

Logging and Deployment .

3.3.1.1.2 Create a License Registration File

Registering during the installation creates a license registration file named npc.lic, it is saved in the directory where Process Control is installed.

To create a ‘npc.lic’ file without installing, run this command: msiexec /a <Path>\setupenUS.msi

To specify the license number, key and personal data from a npc.lic file, use this optional parameter:

© 2007 Danware A/S

Installation 19

DW_LICENSE_FILE=<Path>\npc.lic

instead of the two specified above.

See:

Command Line Installation , Normal Installation ,

Quiet Installation

,

Install NPC in a Configured

State ,

Logging and Deployment .

3.3.1.1.3 Quiet Installation

To install Process Control on multiple computers, a quiet installation with no user intervention is preferable. Run this installation command: msiexec /i <Path>\setupenUS.msi /qn DW_LICENSE_FILE=<Path>\npc.lic

/qn executes the installation in quiet mode with no user intervention, DW_LICENSE_FILE=<Path>

\npc.lic applies the license registration file.

This can be done in two ways:

1. Run this command from each computer pointing to a network directory containing the ‘setup.

msi’ and ‘npc.lic’ files.

2. Place this command in a logon script distributed to selected computers to run it when users log on.

Note: This command causes the computer to reboot without warning.

See:

Command Line Installation , Normal Installation , Create a License Registration File

,

Install

NPC in a Configured State ,

Logging and Deployment .

3.3.1.1.4 Install Process Control in a Configured State

To make life easier for users, not least if user Process Controls are to be controlled from a NetOp

Policy Server, we recommend to install them in a configured state.

To do this, first install one Process Control and configure it exactly as you want user Process

Controls to be configured.

Then, create a transformation file from the configuration of this Process Control.

Follow these steps:

1. In the CD menu, select Tools > Installer Transform, or

2. Run the ‘npcmst.exe’ file that resides on the CD in the \NPC\TOOLS\ directory to display this window:

© 2007 Danware A/S

20 NetOp Process Control v. 4.0

This window creates a mst transformation file from what you specify in the window.

Original MSI [Browse...] - Preferably, you should place your installation files in the same network directory. Copy setup.msi from the \install\<country>\ directory on the

CD to your preferred network directory. Click Browse... to get the setup.msi file from your preferred network directory.

Output transform [Browse...] - In this field enter a file name with the extension mst. Click

Browse... to get the mst-file from your preferred network directory.

License file

(optional)

[Browse...] - This file by default specifies npc.lic pointing to the directory where

Process Control is installed by default. Create a license registration file, see above, and copy it to your preferred network directory. Click Browse... to get the npc.lic file from your preferred network directory.

Verify that the entry in the field points to the npc.lic file in your preferred network directory.

Additional files [Add...][Remove] - Click Add... to display a Windows Open window. Navigate to the directory where your configured NetOp Process Control was installed and

© 2007 Danware A/S

Installation 21

Build select and open all files with the extension .dat to add their paths and names in the pane to apply all of the configuration of your configured Process Control to your .mst file.

Note: The contents of dat files are explained in the NPCReadMe.txt file.

Click this button to build the mst file. While building, look for any alarming warnings in the Build warnings pane.

If the build fails, review specifications and rebuild. When satisfied, close the window.

Now, make a trial installation using your mst file in this command: msiexec /i <Path>\setupenUS.msi TRANSFORMS=<Path>\<Preferred name>.mst

/qn DW_LICENSE_FILE=<Path>\npc.lic

Verify that the newly installed Process Control is configured as desired. If OK, proceed with other installations.

See:

Command Line Installation , Normal Installation , Create a License Registration File

,

Quiet

Installation ,

Logging

and

Deployment .

3.3.1.1.5 Logging

If the installation fails, a log file can be useful to identify when what failed. To create a log file from your installation, add this option and required parameter to your installation command:

/l*v <Path>\<Log name>.log

This will create a log file named <Log name>.log in the specified path. Open it in any text editor, e.

g. Notepad.

If you want to know more about Windows Installer requirements and options, visit the www.

microsoft.com website and search for “Windows Installer”.

See:

Command Line Installation , Normal Installation , Create a License Registration File

,

Quiet

Installation , Install NPC in a Configured State and

Deployment .

3.3.1.1.6 Deployment

An example of deploying the Process Control to a group of users makes use of the Windows

Active Directory functionality.

To do this, first install one Process Control and configure it exactly as you want user Process

Controls to be configured.

Then, create a transformation file from the configuration of this Process Control.

Note: You have to have domain administrator rights to deploy via the Active Directory.

With the transform file ready, follow these steps:

1. Click the ‘Start’ button on the Windows taskbar > Settings > Control Panel > Administrative

Tools.

2. In Active Directories Users and Computers > Active Directory Users and Computers file explorer.

© 2007 Danware A/S

22 NetOp Process Control v. 4.0

Microsoft Group Policy.

3. Select the OU (Organization Unit) to which you want to deploy the Process Control.

Note: It is only possible to select one domain at a time.

4. Right-click the domain and select Properties > Group Policy tap > click Edit

© 2007 Danware A/S

Installation 23

5. Open the folder Software Settings and right-click Software Installation > New > Package

6. Locate the installation file (setup.msi) and click Open

7. Select Advanced and click OK

© 2007 Danware A/S

24 NetOp Process Control v. 4.0

8. In the NetOp Process Control Properties window, select the Modifications pane.

9. Click Add to open a file explorer and locate the *.mst file

10.Click OK and the deployment takes place.

This completes the Active Directories Deployment.

See:

Command Line Installation , Normal Installation , Create a License Registration File

,

Quiet

Installation , Install NPC in a Configured State and

Logging .

© 2007 Danware A/S

4

Daily Use - Enterprise User 25

Daily Use - Enterprise User

This chapter has two separate parts:

The User and

The Network Administrator

The main objective with the Process Control is to secure valuable data, to avoid hacking, to prevent computer breakdowns and maintain a flexible working environment - all at the same time.

To obtain a high degree of flexibility without compromising security issues the NetOp Policy Server is introduced.

The following sections exemplify how these goals can be achieved.

4.1

The User

However, in order to setup a system of a (number of) Process Control(s) being controlled and maintained from a NetOp Policy Server, the user types have to be established.

Three distinctive user types can easily be identified:

No User Control

In an enterprise solution users typically will not have to care about the protection of their equipment.

Some User Control

The user will be allowed to let allowed programs communicate for updates etc.

Full User Control

The user is allowed to set up rules, add programs, block programs, change and add profiles etc.

4.1.1

No User Control

To the user the Process Control only exist as an icon in the system tray.

The Process Control icon can have different looks, depending on its status and on who is controlling it:

The Process Control works and actively scans your computer for unauthorized programs.

The Process Control is not working presently. This only occurs during start-up.

The Process Control works, but has been password protected.

The Process Control works and is being controlled by a Policy Server.

The Policy Server controlled Process Control is presently not working. Occurs during startup.

The Process Control works, but is controlled by a Policy Server which is password protected.

See:

Deployment and

Installation Alternatives .

© 2007 Danware A/S

26 NetOp Process Control v. 4.0

4.1.2

Some User Control

The user does not have a graphical user interface (GUI). And the Process Control exits only as an

icon in the system tray (see No User Control for list of possible icons).

This category of users have software that occasionally needs to look for updates etc.

If you click ‘Yes’ the program will be allowed to communicate. If ‘Remember’ is checked the program will be added to the list of programs.

The flexible configuration of the Process Control makes it possible to let some programs communicate, while others cannot.

4.1.3

Full User Control

The user can have full control of the Process Control and still maintain a high degree of security.

See:

The Network Administrator and Setup the Process Control Rules.

4.2

The Network Administrator

The job of the administrator or security officer is to administrate the user access, to implement overall and individual policies and to monitor the network for outbreaks of virus.

The administrator uses the policy server as a tool that allows him to monitor each computer on the network, update the program list, close the entire network etc.

The network administrator who controls the policy server has to prepare and test a security policy before installing the Process Control on the company’s computers.

In the following you will be presented to a number of examples designed to give a firm grasp of the fundamental use of the Process Control and the Policy Server.

The setup will look like this:

© 2007 Danware A/S

Daily Use - Enterprise User 27

The network administrator is responsible for creating and maintaining the company’s security policies and monitoring the network.

Creating Security Policies

Maintaining Security Policies

Monitoring Network

Debugging User Problems

4.2.1

Creating Security Policies

A security policy is a collection of computer specific rules and at least one user profile.

The computer specific rules deal with programs, ports, protocols, trusted and banned nets, plus at least one (preferably three for laptops) profile.

The task of creating a thorough security policy can be split into three parts:

1. Collecting knowledge of used programs (their ports and communication protocols) in the organization.

2. Building, testing and customizing policies.

3. Installing the Process Control on all computers.

Ad 1:

The network administrator will have to request an inventory list from the users throughout the company. Based upon the lists he creates a list containing the programs that the company accepts.

© 2007 Danware A/S

28 NetOp Process Control v. 4.0

See:

Set up a Profile .

Ad 2:

At the same time the network administrator should create differentiated policy list based on the network structure - as the drawing describes in

Working Inside the Company .

As an example, ‘Accounting’ do not need DTP programs, nor do they need to be able to access the ‘Development’ subnet. Proceed to differentiate the users until all employees have been listed.

Testing the profiles should be conducted before the Process Control is installed throughout your company.

Ad 3:

Once creating and testing the profiles are complete, we suggest you deploy the Process Control to all the users.

4.2.2

Maintaining Security Policies

The contents of security profiles are dynamic. Thus, the administrator has to implement a method to keep them up-to-date.

Both the Process Control and the Policy Server will prompt the user every time a unknown program tries to communicate on the network.

If a new program tries to start, the ‘Unknown Program’ dialogue is displayed. To handle that situation, see

User Prompts and Messages .

4.2.3

Monitoring Network

To monitor the traffic on the network means to be on the look-out for abnormal bandwidth usage, programs that start and close at an abnormal rate etc.

Use these views to monitor: Event Log and Statistics.

The Event Log lists program events (start and stop) for programs which have been set to log events. See

Attributes .

If the program is unknown, no events will be logged. To see which program that causes the traffic, follow these steps:

1. Open the Packet Log.

2. Determine the program.

3. Go to Programs and change its properties. If it is a virus, select ‘Kill Program’.

4. Return to Statistics to verify that the amount of traffic has declined.

© 2007 Danware A/S

Daily Use - Enterprise User 29

4.2.4

Debugging User Problems

When the Process Control has been installed, users may find that certain applications can not run.

Usually the Program Rules and Port Rules are causing the trouble.

Use these views to debug problems:

Packet Log and Traffic Matrix.

Follow these steps:

1. Find the problem causing program in the Programs view and see to which rule it is subjected.

2. If the program is approved, select ‘Allow Communication’.

3. If the user still has problems, select Ports view and see if the program tries to communicate through is open.

4. If the user still has problems, select Trusted Nets and create a trust (remember to check

Banned Nets).

5

Setup the Process Control

This section explains - in easy steps - how the Process Control is set up.

Setup Rules

Setup the Information

Setup the Process Control Rules

5.1

Setup Rules

The five tools in the Process Control Rules allow the administrator to include and exclude programs and IP addresses and setting up port rules.

To fully understand the ways that the rules interact for Programs, Ports, Protocols, Trusted and

Banned Nets, you have to envision a ladder.

The hierarchy of the individual elements determine which actions the user is allowed to do. The figure below gives a rough overview. Each of the elements will be explained below.

© 2007 Danware A/S

30 NetOp Process Control v. 4.0

Setup Programs

Setup Banned Nets

Setup Trusted Nets

Setup Protocols

Setup Ports

5.1.1

Setup Programs

Setting up the programs is probably the single-most important issue in the Process Control.

The first step in setting up the Process Control is to define which programs are allowed to run on the computer.

During the installation of the Process Control, all programs that are present on the computer are regarded as necessary for the computer to function. This poses a serious problem if the computer is contaminated before you install the Process Control.

To see the programs and their matching rules, click the program icon. A complete list of programs is displayed in the view pane.

The Process Control has three main functions with respect to the programs:

Add program rules

Edit program rules

Remove program

See:

Program Rules .

© 2007 Danware A/S

5.1.1.1

Add program rules

Follow these steps:

1. Click ‘Add’ below the Viewpane and a dialogue opens.

Setup the Process Control 31

2. Browse for the new program’s exe-file and select it.

3. Select Attribute, Message (if Attribute = Message) and, most importantly, Rule.

Attribute: It is not necessary to select an attribute, but you can select as many as you see fit.

Message: Enter a message and if Message has been selected in Attributes, the message will be displayed on the screen whenever the program starts or ends.

Rule: There are six different rule types - select the one that fits your requirements the best.

4. Click ‘Ok’ to save the rule and close the window.

See:

Program Rules

© 2007 Danware A/S

32 NetOp Process Control v. 4.0

5.1.1.2

Edit program rules

Follow these steps:

1. Select a program in the viewpane > click ‘Edit’ and a dialogue opens.

2. Change the rule or attribute of the program.

3. Select Attribute, Message (if Attribute = Message) and, most importantly, Rule.

Attribute: It is not necessary to select an attribute, but you can select as many as you see fit.

Message: Enter a message and if Message has been selected in Attributes, the message will be displayed on the screen whenever the program starts or ends.

Rule: There are six different rule types - select the one that fits your requirements the best.

4. Click ‘Ok’ to save the rule and close the window.

Note: If the rules have a padlock attached to them, ordinary users cannot use them.

Multi Edit

It is possible to edit multiple files at once. Follow these steps:

1. Select files.

© 2007 Danware A/S

2. Click 'Edit'

3. Select Attributes (optional).

4. Select Rule.

This concludes multi edit.

5.1.1.3

Remove program

Follow these steps:

1. Select a program in the view pane > click ‘Remove...’

Setup the Process Control 33

2. If the user (or the computer itself) starts the program, the Process Control prompts the user for a rule.

5.1.2

Setup Banned Nets

A Banned Net is a range of remote computer addresses with which your computer shall not be able to communicate.

IP ranges which lie outside the banned IP ranges are not affected by the ban.

See:

Add a Banned Network ,

Edit a Banned Network and Remove a Banned Network

© 2007 Danware A/S

34 NetOp Process Control v. 4.0

5.1.2.1

Add a Banned Network

Follow these steps:

1. Click ‘Banned Nets’ in the ‘Process Control Rules’ and click ‘Add...’ below the viewpane.

2. Give the banned net a name.

3. Enter the ‘Banned IP Range’

4. Select Attribute, Message (if Attribute = Message) and, most importantly, Rule.

Attribute: It is not necessary to select an attribute, but you can select as many as you see fit.

Message: Enter a message and if Message has been selected in Attributes, the message will be displayed on the screen whenever the program starts or ends.

Rule: There are four different rule types - select the one that fits your requirements the best.

5. Click ‘Ok’ to save the trust and close the window.

Note: Commands, buttons and options are enabled if applicable to the current selection unless disabled by the Security Policy assigned by a logged on to NetOp Policy Server, see

Policy Server

© 2007 Danware A/S

Options

.

See:

Attributes .

5.1.2.2

Edit a Banned Network

Follow these steps:

1. Select the banned net.

2. In the file view select a different rule.

Setup the Process Control 35

3. Once selected the rule immediately becomes effective.

Multi Edit

It is possible to edit multiple banned networks at once. Follow these steps:

1. Select banned nets.

2. Click 'Edit'

3. Select Attributes (optional).

4. Select Rule.

This concludes multi edit.

5.1.2.3

Remove a Banned Network

Follow these steps:

1. Click ‘Banned Nets’ in the ‘Process Control Rules’.

2. Select the banned net which has to be removed and click ‘Remove...’

© 2007 Danware A/S

36 NetOp Process Control v. 4.0

3. The banned net is removed.

5.1.3

Setup Trusted Nets

The trusted nets give the network administrator a fast and flexible way of granting access to specific servers on the company’s network.

A trust means that the communication is unrestricted to that specific IP address. All other communication is still subjected to the applied port and protocol rules.

Note: Check the box ‘Show Hidden’ to display records with the attribute ‘Hidden’.

See:

Add a Trusted Network ,

Edit a Trusted Network and Remove a Trusted Network

© 2007 Danware A/S

Setup the Process Control

5.1.3.1

Add a Trusted Network

Follow these steps:

1. Click ‘Trusted Nets’ in the ‘Process Control Rules’ and click ‘Add...’ below the viewpane.

37

2. Give the trusted net a name.

3. Enter the ‘Trusted IP Range’

4. Select Attribute, Message (if Attribute = Message) and, most importantly, Rule.

Attribute: It is not necessary to select an attribute, but you can select as many as you see fit.

Message: Enter a message and if Message has been selected in Attributes, the message will be displayed on the screen whenever the program starts or ends.

Rule: There are four different rule types - select the one that fits your requirements the best.

5. Click ‘Ok’ to save the trust and close the window.

Note: Commands, buttons and options are enabled if applicable to the current selection unless

© 2007 Danware A/S

38 NetOp Process Control v. 4.0

disabled by the Security Policy assigned by a logged on to NetOp Policy Server, see

Policy Server

Options

.

See:

Attributes .

5.1.3.2

Edit a Trusted Network

Follow these steps:

1. Click ‘Trusted Nets’ in the ‘Process Control Rules’.

2. Select the trusted net whose properties you want to change and click ‘Edit...’.

3. A window opens - change the properties.

4. Click ‘Ok’ to save the trust and close the window.

Multi Edit

It is possible to edit multiple trusted networks at once. Follow these steps:

1. Select trusted networks.

2. Click 'Edit'

3. Select Attributes (optional).

4. Select Rule.

This concludes multi edit.

5.1.3.3

Remove a Trusted Network

Follow these steps:

1. Click ‘Trusted Nets’ in the ‘Process Control Rules’.

2. Select the trusted net which has to be removed and click ‘Remove...’

© 2007 Danware A/S

Setup the Process Control 39

3. The trusted net is removed.

5.1.4

Setup Protocols

The protocol rules are per default set to Blocked in Both Directions, except the four most commonly used: IGMP, ICMP, TCP and UDP.

Blocking a protocol will not have any affect on using a program - given that it does not have to communicate.

See:

Edit Protocol Rules

5.1.4.1

Edit Protocol Rules

Follow these steps:

1. Click ‘Protocols’ in the ‘Process Control Rules’.

2. Select the protocol whose properties you want to change and click ‘Edit...’.

© 2007 Danware A/S

40 NetOp Process Control v. 4.0

3. A window opens - change the properties.

4. Click ‘Ok’ to save the trust and close the window.

Protocol Notes

ICMP (Internet Control Message Protocol) is used by e.g. the PING utility detecting if an IP connection is available.

IGMP (Internet Group Management Protocol) provides a way for an Internet computer to report its multicast group membership to adjacent routers. Multicasting allows one computer on the Internet to send content to multiple other computers.

TCP (Transmission Control Protocol) is a commonly used data transmission protocol. Data packets can be lost, duplicated or lose data in transit. TCP detects lost and duplicated packets as well as lost packet data and triggers retransmission until complete data has been received.

UDP (User Datagram Protocol) is a commonly used communication protocol. UDP does not detect lost or duplicate packets or lost packet data.

If the communication of an application fails and you suspect that the failure is caused by a port or

© 2007 Danware A/S

Setup the Process Control 41

protocol problem, you can test it by temporarily assigning the Unrestricted Communication Process

Control rule to the application program file. If communication succeeds in the test, identify the port and protocol used by the application to assign the required Process Control rules to them.

See:

Attributes .

Multi Edit

It is possible to edit multiple protocols at once. Follow these steps:

1. Select protocols.

2. Click 'Edit'

3. Select Attributes (optional).

4. Select Rule.

This concludes multi edit.

5.1.5

Setup Ports

Setting up the ports is the second thing to do in setting up the Process Control it defines which ports the computer is allowed to communicate through.

During the installation of the Process Control, all ports are set to allow communication. This poses a serious problem when the computer is used outside the company’s own secured network. It may be wise to close some ports or restrict their usage outside the company.

To see the ports and their port rule, click the port icon. A complete list of ports is displayed in the viewpane.

The Process Control has three main functions with respect to ports.

Add Port Rule

Edit Port Rule

Remove Port

Port Notes

© 2007 Danware A/S

42 NetOp Process Control v. 4.0

5.1.5.1

Add Port Rule

Follow these steps:

1. Click ‘Add...’ below the viewpane and a dialogue opens.

2. Enter a name for the new port.

3. Enter the range.

4. Select Attribute, Message (if Attribute = Message) and, most importantly, Rule.

Attribute: It is not necessary to select an attribute, but you can select as many as you see fit.

Message: Enter a message and if Message has been selected in Attributes, the message will be displayed on the screen whenever the port is accessed.

© 2007 Danware A/S

Setup the Process Control 43

Rule: There are four different rule types - select the one that fits your requirements the best.

5. Click ‘Ok’ to save and close the dialogue.

See:

Port Rules

.

5.1.5.2

Edit Port Rule

Follow these steps:

1. Select a port in the view pane > right-click the port and a menu opens.

Change the rule or attribute of the port.

2. Select Attribute, Message (if Attribute = Message) and, most importantly, Rule.

Attribute: It is not necessary to select an attribute, but you can select as many as you see fit.

Message: Enter a message and if Message has been selected in Attributes, the message will be displayed on the screen whenever the program starts or ends.

Rule: There are four different rule types - select the one that fits your requirements the best.

3. Click ‘Ok’ to save the rule and close the window.

Note: If the rules have a padlock attached to them, ordinary users cannot change them.

See:

Port Rules

.

Multi Edit

It is possible to edit multiple rules at once. Follow these steps:

1. Select rules.

2. Click 'Edit'

© 2007 Danware A/S

44 NetOp Process Control v. 4.0

3. Select Attributes (optional).

4. Select Rule.

This concludes multi edit.

5.1.5.3

Remove Port

To remove a port from the list, you have to observe the port rule of the first item on the list in the viewpane.

Per default all ports are set to ‘Outbound Traffic’ which means that the user can initiate communication. But by selecting the rule ‘Blocked in Both Directions’ for the top-most item all unlisted ports will be blocked. An unlisted port is a port that does not appear on the list in the view pane.

Follow these steps:

1. Select a port in the view pane.

2. Click ‘Remove...’ and the port no longer is active (given that the first item on the list has been set to ‘Blocked in Both Directions’.

See:

Port Rules

.

Port Notes

Computers communicate through TCP/IP ports numbered in the range 0 - 65535.

Some port numbers are officially assigned to specific applications. The port numbers and ranges specified initially in the Ports display pane are port numbers assigned to generally used applications.

Assigning the Process Control rule Outbound Traffic to a port is quite safe, as it allows outbound and return communication through the port but not communication initiated from outside the computer.

© 2007 Danware A/S

Setup the Process Control 45

If the communication of an application fails and you suspect that the failure is caused by a port or protocol problem, you can test it by temporarily assigning the Unrestricted Communication Process

Control rule to the application program file. If communication succeeds in the test, identify the port and protocol used by the application to assign the required Process Control rules to them.

5.2

Setup the Information

The flow of events on the computer can be used to evaluate net- and user behaviour before or during the setup phase or to diagnose computer behaviour if it has been infected.

The Process Control offers five efficient tools to assist in setting up the Process Control and monitoring the traffic in and out of the computer.

Setup Packet Log

Setup Traffic Matrix

Setup Event Log

Setup Statistics

Setup Program Manager

© 2007 Danware A/S

46 NetOp Process Control v. 4.0

5.2.1

Setup Packet Log

This tab specifies which columns will be displayed in the Packet Log display.

The options pane contains the names of all available column headings in a checkboxed list.

Available column headings include:

·

Process Control information (Filter Action icon and description),

· Process information (Process Name, Process ID, Process Path, Parent Process Name, Parent

Process ID and Parent Process Path) and

· Data packet information (Ethernet number, Ethernet Description, Timestamp and IP header details and data, see below).

Follow these steps:

1. Check boxes to display columns with the headings.

2. Click OK to move checked names to the top of the list before unchecked names.The Packet

Log display pane table will display columns from left to right according to the list top to bottom order of checked names.

3. Drag and drop checked names to achieve the desired table column order.By default, the Packet

© 2007 Danware A/S

Setup the Process Control

Log display pane table will contain these columns in this order:

47

4. Click ‘Ok’ to save and close the window.

Note: The Action icon will always be displayed in the first column. A valid selection must check at least one name. If no name is checked, the default selection will be applied.

See:

Packet Log Options ,

Play Toolbar and

Packet Log Display

.

5.2.2

Setup Traffic Matrix

The matrix lists all traffic to and from the computer. Data originates from the Packet Log. Sender and receiver is clearly stated.

You can change the colors of this view.

Follow these steps:

1. Right-click the view pane to open the menu.

2. Select among the three display options.

© 2007 Danware A/S

48 NetOp Process Control v. 4.0

3. Select the color scheme.

4. If IP Addresses is switched on - right-click to see the computer details.

Right-click packet to see computer details.

5. Select a Connection line across the circle to highlight it and select this command to display this window:

© 2007 Danware A/S

Setup the Process Control 49

6. Click File > Save As to save the information for later use.

See:

Play Toolbar

5.2.3

Setup Event Log

The event log can record everything that goes on your computer.

Follow these steps:

1. Select Tools > Options > Event Log.

2. Check or uncheck which log events that will be written to the event log. Per default all events will be logged.

Note: In addition to the events selected above, records of events a Process Control rule records with the attribute Log always will be displayed.

2. Decide how long time the log events are to be saved.

3. Check the ‘Display No User...’ if the Process Control has to run silent. Silent means that the

Messages set in the Rules section will not be displayed.

See:

Event Log Options ,

Add a Profile and

General Options .

Messages from the Policy Server can be shown if the Process Control is connected to it.

4. The Message dialog appears when a condition in a rule was met - set the time it has to be visible and its transparency.

5. Click ‘Ok’ to save and close the window.

Note: If you want a certain program to be logged, see

Attributes .

The event log can record everything that goes on your computer.

Follow these steps:

1. Check or uncheck which log events that will be written to the event log. Per default all events will be logged.

Note: In addition to the events selected above, records of events a Process Control rule records

© 2007 Danware A/S

50 NetOp Process Control v. 4.0

with the attribute Log always will be displayed.

2. Decide how long time the log events are to be saved.

3. Check the ‘Display No User...’ if the Process Control has to run silent. Silent means that the

Messages set in the Rules section will not be displayed.

See Add a Profile and

General Options .

Messages from the Policy Server can be shown if the Process Control is connected to it.

4. The Message dialog appears when a condition in a rule was met. Set the time it has to be visible when conditions are met and its degree of transparency.

5. Click ‘Ok’ to save and close the window.

5.2.4

Setup Statistics

The statistics view shows the amount in bit or bytes that the Process Control scans.

This display pane displays statistics on sent, received and blocked data packets.

The left meter graph displays the current volume of sent (green), received (blue) and blocked (red) data. The right line graph displays the same values historically.

Select the units that best fit your traffic pattern.

Right-click the view pane to open the menu.

© 2007 Danware A/S

Setup the Process Control 51

Note: By default, Packet Log, Traffic Matrix and Statistics play displaying what is currently happening on the Process Control.

5.2.5

Setup Program Manager

This display pane displays programs running on the computer.

The view pane displays program file records with details in columns according to settings made in

Program Manager Options .

The view is live. It records the traffic on the Process Control.

5.3

Setup the Process Control Profiles

The four actions in the Process Control Profiles allow the administrator to manage the autoswitching user profiles.

All profiles are derived from the 'Main' profile. A new profile automatically inherits rights and rules.

These will be marked with grey letters. Inherited processes, ports, banned/trusted nets and protocols may be altered in the new profile.

Note: If the NPC is controlled by a Policy Server, it is not possible for the individual user to change the profiles. Profiles will be set up on the NetOp Policy Server.

Profiles

Profile Rules

Customize Toolbars

© 2007 Danware A/S

52 NetOp Process Control v. 4.0

5.3.1

Profiles

Profile rules

are created from this window.

This section displays, adds, edits and removes profiles and specifies profile rules.

Initially, a Security Policy has two profiles named 'Main' and 'No rule'. Sub profiles of the main profile can be added to specify different properties for selected Security Policy records when

Process Control computers are used in different environments such as work, home or travel.

Select Profile This drop-down box field displays the name (initially: Main and No rules) of the profile whose records are displayed in the display panes. The drop-down box list contains the names of profiles in the Security Policy. Select a profile name in the list to display it in the view pane.

The Profile Rules screen contains two main view panes: Profile & Priority and Select & Maintain rules for

<profile>.

Profile & Priority

Priority

Profile

The Priority column shows which profile weighs the most. 0 = most important.

The Profile column shows the name of the profile.

Rule

Add...

Indicates whether a rule has been created for the profile.

Click Add to begin creating a new profile:

© 2007 Danware A/S

Setup the Process Control 53

Edit

Enter a profile name and click OK.

Select a profile from the list and click Edit to change the name.

Note: The name of the pre-created profiles (initially named 'Main' and 'No rules') can be edited.

Remove

Tip: If you select 'The Default Gateway must be between these IP / MAC ranges', click 'Edit Rule...' - then the computer's default Gateway address (IP and MAC) will be added automatically.

Select a profile from the list and click Remove to delete it.

Note: The initial profiles (initially named 'Main' and 'No rules') cannot be deleted.

Move up/down Select a profile from the list and click Move Up / Move Down to change the hierarchy of the created profiles. 0 = most important.

Select & Maintain rules for <profile>

Rules

Values

Add rules...

The Rules column shows the rules which will be enforced for the selected profile.

The Values column shows the values of the enforced rules.

Select a profile in the Profile & Priority pane and click Add rules.

Edit Rule...

Select the rules that the profile will be subjected to and click OK. The selected rule is added to the profile.

See:

Setup Profile Rules

Select a rule in the view pane and click Edit Rule or double click a rule to change

© 2007 Danware A/S

54 NetOp Process Control v. 4.0

Remove the values. Not all rules have values.

Select a rule in the view pane and click Remove to delete it from the list.

See:

Setup Profile Rules

5.3.1.1

Setup Profile Rules

When Add Profile is clicked in the

Select & Maintain rules

view pane a dialog opens.

Rule conditions are set in this dialog.

Once the different rules have been added to the selected profile, each checked Profile Rule must be configured.

Note: These rules apply to the connected clients - NetOp Process Control.

Profile Rules > Select conditions

o Must be logged into NetOp Policy Server -

Check this box to assign the selected profile only if the NPC is logged on to a NetOp Policy

Server.

Check this box to make sure that the client - NetOp Process Control - is running before allowing it to access the network.

o My IP must be within these IP ranges -

Check this box to to make sure that the selected profile uses the designated IP range.

© 2007 Danware A/S

Setup the Process Control 55

Follow these steps to set the rule conditions:

1. Double click the rule to open the Maintain Rule window.

2. Select the rule and click Add to open the Rule Condition window

3. Enter the IP range

4. Select whether the entered IP range is included or excluded.

5. Click OK to both windows.

This concludes setting the rule conditions.

o The Default Gateway must be within these IP ranges - see the previous description.

o The Default Gateway must be within these MAC addresses - see the previous description.

o The computer must be on one of these domains - see the previous description.

o Prohibit switching into this profile when rules are not met - Check this box to disable selecting this profile on the client (NPC) if its rule is not met by the computer environment properties.

Note: This condition is not applicable to the lowest priority profile.

Note: Can only be selected if one of the above conditions have been selected.

o Prohibit switching out of this profile when rules are not met - Check this box to lock your profile to the selected profile until conditions are met.

Note: Can only be selected if one of the above conditions have been selected.

Finally, place the profile records in a priority order that will make the profile assignment test work as intended.

Note: Generally, place profile records with a more restrictive rule with a higher priority (lower priority number) than profile records with a less restrictive rule. Otherwise, a less restrictive rule profile may be assigned before the more restrictive rule profile that should be assigned becomes tested.

When profile rules and priority have been specified, click Finish to close the window and apply the specified profile rules.

Note: Profile rules should be tested on a NetOp Process Control to verify that they work as intended.

5.3.2

Profile Rules

The switching capability of the Process Control gives the user maximum flexibility and security.

Based on the recognized IP address the Process Control determines which security profile to apply

- and - importantly, which programs are allowed to run under the selected profile.

The profile system can be regarded as a ladder:

© 2007 Danware A/S

56 NetOp Process Control v. 4.0

Security levels - examples. The level of security imposed by NetOp Process Control varies with the type of profile.

To build the profile system for portable devices is an important task for the administrator. In the following sections you will be guided through three example which includes setting up the three recommended profiles.

See:

Main Setup ,

Home Setup

and Unknown Network Setup .

5.3.2.1

Main Setup

A way of setting up the Process Control for office usage or any safe environment can look like the following example.

Usually a perimeter Process Control constitutes a safe network.

Laptop entering only one sub-net.

In this example the Process Control will respond to an internal network which has been divided into a number of sub-nets. However, Pirjo from the Administration department must not see the other two subnets.

Security is considered to be low.

Follow these steps:

1. On the Profiles rules, select Main.

2. Select the conditions that must be met for the Process Control to switch profile.

© 2007 Danware A/S

Setup the Process Control 57

Customizing profile rules.

4. Click OK to save and close the window.

In the example, four conditions are required for the Process Control to switch into the Main profile.

5. The Process Control computer must be logged into the NetOp Policy Server on the stated domain. This will happen automatically.

6. The Process Control computer has to be on the company’s domain.

7. The user logs on to the company network using his Windows password.

8. If one or none of the conditions above are met, the Process Control will not allow anybody to use the Main profile. Instead it will select another profile from the list whose conditions can be met.

9. Click ‘Finish’ to save and close the window.

See:

Combining Profiles and Rules

.

5.3.2.2

Home Setup

A way of setting up the Process Control for home use can look like the following example.

Laptop connecting to the Internet via ADSL router.

In this example the Process Control computer connects to the Internet via a router.

Security is considered to be medium.

Follow these steps:

© 2007 Danware A/S

58 NetOp Process Control v. 4.0

1. On the Profile & Priority pane, select Home. The Select & Maintain Rules pane displays the settings made for Home.

An ADSL router is comparable to a gateway.

2. Select a rule and click Edit Rule.

3. Select the conditions that must be met for the Process Control to switch profile.

See: MAC address .

4. Click ‘OK’ to save and close the window.

In the example, two conditions are required for the Process Control to switch into the Home profile.

5. The Process Control computer has to be on the MAC address specified on the router and only there.

6. If the condition above is not met, the Process Control will not allow anybody to use the Home profile. Instead it will select another profile from the list whose conditions can be met.

7. Click OK to save and close the window.

See:

Combining Profiles and Rules

.

5.3.2.3

No rules Setup

When the user is roaming - neither at the Main profile nor on the Home profile - NPC will switch to

No rules.

Basically, the No rules profile inherits the rules from the Main and Home profiles. Protecting valuable information is the goal of NPC - this could lead to allowing only a few programs to run.

A NPC computer entering an unknown network - e.g. on a hotel's hotspot.

© 2007 Danware A/S

Setup the Process Control 59

Because No rules is automatically selected if both Main and Home profile rules are not met it is not necessary to add rules for this profile.

See:

Combining Profiles and Rules

.

5.3.2.4

Combining Profiles and Rules

In this example we have three profiles (Main, Home and No rules). The Process Control can allow some programs to run on a profile, and prohibit them on other profiles. The following example will show how.

Follow these steps:

1. On the Process, Profile rules > Main.

2. In Process Control Rules select Programs.

3. Select a program (Windows Media Player) > right-click it > select ‘Kill Program’, This causes the

Process Control to kill the selected program while the profile is ‘Office’.

Change rule.

4. Browse through the program list and select rules where appropriate.

5. Configure the remaining two profiles. In other words, it is possible to force NPC to act differently according to the selected profile.

See:

Setup a Profile

and Setup Rules

.

© 2007 Danware A/S

60 NetOp Process Control v. 4.0

5.3.3

Customize Toolbars

If you want to hide or display the toolbars or elements of it, right-click the Menubar to open the toolbar menu:

Customize the toolbar.

Checkmark the toolbar menus to add to or remove from the toolbar.

Follow these steps:

1. Click ‘Customize...’ to select which toolbars are visible.

Decide toolbar contents.

2. Select the Commands pane and drag-and-drop functionality into any toolbar.

© 2007 Danware A/S

Drag-and-drop function into toolbar.

3. Select the Options pane to setup the behavior of menus.

4. Click Close to save and close the window.

Note: The ‘Reset my usage data’ button has no function.

See:

Customize Default Toolbars

© 2007 Danware A/S

Setup the Process Control 61

62 NetOp Process Control v. 4.0

5.3.3.1

Customize Default Toolbars

Change the toolbars (Process Control Rules, Information etc.) on the fly.

Follow these steps:

1. On the toolbar, click the down-arrow and select ‘Add or Remove Buttons’.

6

2. Click the function you want to add or remove from the toolbar.

Handling the Process Control

This chapter explains how to configure and use your Process Control.

Main sections: Process Control Rules , Process Control Tools ,

Menus

and Policy Server

6.1

Process Control Rules

The Process Control Rule settings are described below.

Program Rules

Port Rules

Protocol Rules

Trusted Nets

Banned Nets

Attributes

6.1.1

Program Rules

There are six rule types. See below for descriptions.

Allow Communication.

Allows communication by this program file across the computer communication interface.

Port, Protocol, Trusted Net and Banned Net Process Control rules apply.

Note: Windows operating system communication across the computer communication interface typically uses the file ntoskrnl.exe. If a more restrictive Process Control rule than

Allow Communication is assigned to ntoskrnl.exe, computer malfunction may occur.

Prompt on communication.Prompts the computer user upon attempted communication by

© 2007 Danware A/S

Handling the Process Control 63

this program file to assign a Process Control rule to it.

Note: By default, this Process Control rule applies to a file for which no record exists in the

Programs display pane.

Deny Communication.

Denies communication by this program file across the computer communication interface.

Kill Program.

Does not allow this program file to run on the computer.

Caution: It is not possible to kill Windows operating system files, as this may cause computer malfunction. One possibility to 'bluescreen' a computer is to switch to the Program

Manager view, select a process (task) and click End Task. The system will be restored upon boot.

Unrestricted Communication.

Allows communication by this program file across the computer communication interface without applying Port and Protocol Process Control rules. Banned Net Process Control rules apply.

Caution: Assign this Process Control rule applying low protection only temporarily for communication troubleshooting.

Trusted Net Only.

Allows communication by this program file across the computer communication interface only with computers on a Trusted Net.

Note: Port and Protocol Process Control rules do not apply to communication with computers on a Trusted Net.

Locked

The rule is controlled by a policy server and cannot be changed by the user.

See:

Policy Server Options .

Note: Communication means sending or receiving data packets.

See:

Setup Programs

6.1.2

Port Rules

There are four port rule types. See below:

Inbound/Outbound Traffic.

Allows inbound and outbound communication through this port.

Outbound Traffic.

Allows outbound communication only through this port.

Inbound Traffic.

Allows inbound communication only through this port.

© 2007 Danware A/S

64 NetOp Process Control v. 4.0

Blocked in Both Directions.

Allows no communication through this port.

Locked

The rule is controlled by a policy server and cannot be changed by the user.

See:

Policy Server Options .

Note: Communication means sending or receiving data packets.

See:

Port Rules

6.1.3

Protocol Rules

There are four protocol rule types. See below:

Inbound/Outbound Traffic.

Allows inbound and outbound communication using this protocol.

Outbound Traffic.

Allows outbound communication only using this protocol.

Inbound Traffic.

Allows inbound communication only using this protocol.

Blocked in Both Directions.

Allows no communication using this protocol.

Locked

The rule is controlled by a policy server and cannot be changed by the user.

See:

Policy Server Options .

Note: Communication means sending or receiving data packets.

See:

Setup Protocols

6.1.4

Trusted Nets

There are four trusted net types. See below:

Inbound/Outbound Trust.

Applies no Port and Protocol Process Control rules to inbound and outbound communication with computers on this Trusted Net.

Outbound Trust.

Applies no Port and Protocol Process Control rules to outbound communication to computers on this Trusted Net.

© 2007 Danware A/S

Handling the Process Control 65

Inbound Trust.

Applies no Port and Protocol Process Control rules to inbound communication from computers on this Trusted Net.

Trust Inactive.

Disables trust in computers on this Trusted Net.

Locked

The rule is controlled by a policy server and cannot be changed by the user.

See:

Policy Server Options .

Trusted Nets - Notes

Note: If you experience difficulties or long delays in logging on to your LAN after installing Process

Control, it will typically be because you have not specified a trusted net including the IP addresses of LAN servers involved in your network logon.

Lack of trusted IP addresses to other computers, printers etc. may cause difficulties in connecting

to them. To learn more, see Setup Wizard

.

See:

Setup Trusted Nets

6.1.5

Banned Nets

There are four banned net types. See below:

Inbound/Outbound Ban.

Allows no inbound or outbound communication with computers on this Banned Net.

Outbound Ban.

Allows no outbound communication to computers on this Banned Net.

Inbound Ban.

Allows no inbound communication from computers on this Banned Net.

Ban Inactive.

Disables ban on computers on this Banned Net.

Locked

The rule is controlled by a policy server and cannot be changed by the user.

See:

Policy Server Options .

See:

Setup Banned Nets

© 2007 Danware A/S

66 NetOp Process Control v. 4.0

6.1.6

Attributes

The properties window for all Process Control Rules can be used to generate more information about the what happens on the computer.

Check boxes to assign attributes to the added record:

Read only

Check this to display a warning if attempting to edit or remove the added record.

Hidden

Check this to hide the added record unless the ‘Show Hidden’ checkbox on the GUI is checked.

Attributes Hidden and Log switched on and ‘Show hidden’ is checked.

System

Check this to disable editing sub-profile properties of the added record.

Log

Check this to log events of the added record in the Event Log

Attribute changed and start and stop logged.

Message Check this to display a user message with events of the added record. Write the message in the Message field on the properties widow.

6.2

Process Control Tools

The Tools section contains these tools:

Process Control Options

Check for New Updates

Run Setup Wizard

Block all Communication

© 2007 Danware A/S

Handling the Process Control 67

6.2.1

Process Control Options

The options section contains the necessary tools for customizing the Process Control to match your requirements.

General Options

Password Options

Policy Server Options

Event Log Options

Packet Log Options

Colors Options

Program Manager Options

6.2.1.1

General Options

The general options tab includes the basic Process Control functionalities which determine how it is displayed, how programs are treated by the Process Control, overall port usage, “DNS” and language selection.

Note: Commands, buttons and options are enabled if applicable to the current selection unless disabled by the Security Policy assigned by a logged on to NetOp Policy Server.

R

Show icon in notification area.

Per default this option is checked. If not, the Process Control can only be opened via the file manager.

See

Notification Area Button Menu .

o o

Minimize to notification area.

If checked, the Process Control icon will not be visible in the notification area.

Run only authorized programs.

Check only this if all legal programs have been identified. May cause program malfunction.

o o

Add unknown programs to local database.

If checked programs automatically will be added on the list of authorized programs.

Note: Is only recommended in safe environments.

Display Message when Program Killed.

When checked a message will be displayed > Setup Programs

This dialog will be displayed:

© 2007 Danware A/S

68

o o

NetOp Process Control v. 4.0

For setting up the behavior of the message, see

Event Log Options .

Enable DNS Auto resolve.

If Remote DNS and Local DNS are checked in Packet Log Options

, this has to be enabled.

Select language.

Select user interface language.

6.2.1.2

Password Options

This tab specifies password protection.

Note: Commands, buttons and options are enabled if applicable to the current selection unless disabled by the Security Policy assigned by a logged on to NetOp Policy Server.

Password Protection

Password Specify the password in this field.

Confirm password

Re-specify the password in this field for confirmation.

Enable/Disable

PW Protection

After specifying the same password in the Password and Confirm Password fields, click this button displaying Enable Password Protection to enable password protection to make the button display Disable Password Protection and disable the fields above. After clicking OK, a padlock will be displayed on the notification area button icon indicating that password protection is applied.

See: Unlock Process Control

.

Password Settings

Use spin box to select for how long the Process Control will remain unlocked before returning to a locked state.

Protect the Process Control setup from unauthorized changes.

Follow these steps:

1. Enter a password.

2. Confirm password.

3. Click ‘Enable Password Protection’.

4. Set the lock timer. If this is set, the Process Control locks automatically when the timer runs out.

5. Click ‘Ok’ to save and close the dialogue.

Important: Users cannot enter the user interface when the Process Control is password protected, thus refraining them from adding programs, opening ports etc.

See:

Unlock the Process Control

Once the Process Control is password protected, all icons in the views are equipped with padlocks

- like this .

Warning: If you password protect NetOp Process Control and forget your password, you cannot open the Process Control window and you cannot change or remove your Process Control installation.

© 2007 Danware A/S

Handling the Process Control

If the specified password is unavailable, the access to Process Control cannot be restored, and Process Control cannot be removed by a user.

In this case, Process Control must be removed by assistance from

Danware. We reserve the right to charge a fee for this assistance.

69

6.2.1.3

Policy Server Options

This tab specifies NetOp Policy Server logon.

Note: If NetOp Process Control shall operate without NetOp Policy Server support, leave this tab empty.

Note: Commands, buttons and options are enabled if applicable to the current selection unless disabled by the Security Policy assigned by a logged on to NetOp Policy Server.

Enter the policy server’s address if the Process Control is part of a policy server controlled system.

Policy Server

Address

Enter the IP address, server name, IP address or DNS name of the Policy Server as prescribed by the NetOp Policy Server administrator.

Click this to log on to the Process Control.

If in a policy server controlled system, the log on can be automatic >

Profile Rules

.

Click this to synchronize the Process Control with the Policy Server immediately.

Usually, the Process Control has an automated policy update schedule.

o

Remember Policy Account Credentials.

Check this box avoid logging on the next time you open the Process Control.

The Process Control log on procedure consists of three levels:

Three examples of authentication.

1.

Windows Authentication

is the most secure log on method. It is based on Windows Active

Directory. It is primarily used on the company network. It is also the first method that the

Process Control will use to log on.

If it fails, it will try...

2.

Policy Server Authentication is the second most secure method to log on. Usually, the Process

Control will promote known IP addresses to this level the second time they are visited.

© 2007 Danware A/S

70 NetOp Process Control v. 4.0

If it fails, it will try...

3.

Anonymous Authentication will be used if the Policy Server does not recognize the IP address

that the Process Control tries to log on from.

Windows Authentication

NetOp Policy Server will initially attempt to identify the Process Control computer by its computer name in Windows Active Directory.

If the Process Control computer is connected to the NetOp Policy Server’s network and a Security

Policy is assigned to the Active Directory Group to which the Process Control computer belongs, it will be logged on.

Policy Server Authentication

If Windows Active Directory logon fails, NetOp Policy Server will attempt to log on the Process

Control computer by a Policy Account specified on NetOp Policy Server.

Policy Account Enter the Policy Account as prescribed by NetOp Policy Server administrator.

Password Enter the password as prescribed by NetOp Policy Server administrators.

If Policy Account logon is successful, the Fire wall will be assigned the Security Policy assigned to the logged on to Policy Account.

Anonymous Authentication

If Policy Account logon fails, NetOp Policy Server will log on the NetOp Process Control computer by Anonymous Account, if enabled on NetOp Policy Server. If enabled, Process Control will be assigned the Security Policy assigned to Anonymous Account.

If logon fails, the button will continue to display Log On.

Note: If the Process Control logs on via anonymous authentication, it remembers the IP address and automatically promotes it to the Process Control Authentication the next time the computer is logged on.

The automated authentication means that the users never have to remember log on credentials.

See:

Profile Rules

.

6.2.1.4

Event Log Options

The event log can record everything that goes on your computer.

Note: If NetOp Process Control is controlled by NetOp Policy Server the user cannot change settings.

Note: Commands, buttons and options are enabled if applicable to the current selection unless disabled by the Security Policy assigned by a logged on to NetOp Policy Server.

Event Log Options

Log Events Checkmark events to be logged to the computer. The log file is saved to: C:

\Program Files\Danware Data\NetOp Process Control\NPCLog.Dat.

To view the contents of the log file, rename it to e.g. *.txt.

R Application Started and Stopped. Check to display records of started and stopped service events. Default: Selected.

R Errors & Alert. Check to display records of error events.Default: Selected.

R User Interaction. Check to display records of user interaction events. Default:

© 2007 Danware A/S

Handling the Process Control 71

Selected.

R Configurations. Check to display records of configuration events. Default:

Selected.

R Events. Check this to display records of user prompt and message events.

Default: Selected.

Event Log Settings

Remove entries To keep the log file handy, select for how long log entries must be saved. Select older than among these settings:

1, 3, 6 or 12 hours, 1 day, 1 week (default), 1 month, 3 months, 1 year or

Indefinitely.

Note: Before selecting, consider which log information you require, the number of logs/day and, importantly, for how long you want to save it.

Messages

¨ Display No User Prompts and Messages. See: User Prompts and Messages .

R Always display Policy Server Messages. If the Process Control is "stand alone" this selection is unavailable.

Log Message Dialog

Use spin box to select for how long the message dialog is visible.

Use spin box to select the level of transparency of the message dialog.

Follow these steps:

1. Check or uncheck which log events that will be written to the event log. Per default all events will be logged.

Note: In addition to the events selected above, records of events a Process Control rule records with the attribute Log always will be displayed.

2. Decide how long time the log events are to be saved.

3. Check the ‘Display No User...’ if the Process Control has to run silent. Silent means that the

Messages set in the Rules section will not be displayed.

See Add a Profile and

General Options .

Messages from the Policy Server can be shown if the Process Control is connected to it.

4. The Message dialog appears when a condition in a rule was met. Set the time it has to be visible when conditions are met and its degree of transparency.

5. Click ‘Ok’ to save and close the window.

6.2.1.5

Packet Log Options

This tab specifies which columns will be displayed in the Packet Log display pane.

Note: Commands, buttons and options are enabled if applicable to the current selection unless disabled by the Security Policy assigned by a logged on to NetOp Policy Server.

Available column headings include:

This pane contains the names of all available column headings in a checkboxed list, see below.

© 2007 Danware A/S

72 NetOp Process Control v. 4.0

Follow these steps:

1. Check boxes to display columns with the headings.

2. Click ‘Ok’ to move checked names in front of the unchecked names. The Packet Log display pane table will display columns from left to right according to the list top to bottom order of checked names.

3. Drag and drop checked names to achieve the desired table column order.

4. Click ‘Ok’ to save and close the window.

Checked Column Headings are displayed in the view pane.

Note: To arrange columns to your preferences, drag and drop the Column Headings.

See:

Setup Packet Log .

IP Header Details

All data packets sent between different computers include an IP header that serves as an address label including information on the data packet and instructions on how it must be handled. The IP header contains these details:

Action

Data

Ethernet

Ethernet Description

IP Checksum

IP Flags

IP Header Length

IP Identification

IP Offset

IP Version

Length of datagram

Local DNS

Local IP Address

Local MAC

The way Process Control acts on a given event.

The binary dump of the selected packet or process.

Indicates the protocol family of the data in this packet.

The description of the Ethernet type.

The IP header checksum. A simple checksum of the bytes in the IP

Header.

None, some or all of the following flags may be set in the IP Header:

More fragments: Indicates that this packet has been split into multiple packets and that this is not the last packet.

Do not fragment: Indicates that this packet is not supposed to be split into multiple packets during transmission.

The IP header size in bytes.

Distinguishes this packet from other packets sent from the same IP

Address. If a packet is split (fragmented) during transmission, all the packets will still have the same IP identification.

If this packet has been split into multiple packets this indicates the number of bytes that were in the previous fragments. This is ‘0’ if the packet has not been split or this is the first fragment of a split packet.

This indicates if this packet is in the IP version 4 or IP version 6 format.

The length of the data following the IP header in bytes.

The DNS name corresponding to the IP Address of this computer as it appears in this packet.

The IP Address of this computer as it appears in this packet.

The MAC Address of this computer as it appears to this packet.

© 2007 Danware A/S

Handling the Process Control 73

Local Port

Parent Process ID

The port number on this computer as it appears to this packet.

Distinguishes this running program (process) from all other programs running on this computer at the same time, including other programs with the same name.

Parent Process Name The name of the file containing the program that started this program.

Parent Process Path The directory containing the file containing the program that started this program.

Process ID

Process Name

Process Path

Protocol

Distinguishes this running program (process) from all other programs running on this computer at the same time, including other programs with the same name.

The name of the file this program was started from.

The process runs from this location on the computer.

TCP Checksum

TCP Flags

Identifies how the remainder of the packet is formatted. IANA (www.iana.

com) assigns this number that ranges from 0 to 255.

The name of the protocol that defines the rest of the packet Protocol description

Remote DNS

Remote IP Address

Remote MAC

This DNS name corresponding to the IP Address of the other computer as it appears in this packet.

The IP Address of the other computer as it appears in this packet.

The MAC Address of the other computer as it appears in this packet.

Remote Port The port number on the other computer as it appears in this packet.

TCP Acknowledgement Confirms that the TCP packet with that value as TCP sequence plus data length has been received in the opposite direction.

A simple checksum of all the bytes after the TCP Header.

None, some or all of the following flags may be set in the TCP Header:

FIN: Indicates that this is the end of the transmission.

SYN: Indicates that this is the beginning of the transmission.

RST: Indicates that the other end does not know of this transmission or is actively refusing it.

PSH: Indicates that the date in this packet and all previous packets should be processed now and not queued.

ACK: Indicates that the TCP acknowledgement-field in this packet should not be ignored.

URP: Indicates that this packet or a later packet contains urgent data.

ECE: Indicates that the Internet is clogged in the opposite direction and requests that data is sent at a lower transmission rate. If both ECE and

SYN are sent this just indicates that the sender is able to use the ECE and CWR flags.

CWR: Indicates that this packet with ECE set has been received and that the transmission rate has been lowered. If all of ECE, SYN and CWR are

© 2007 Danware A/S

74 NetOp Process Control v. 4.0

set in the first packet of a transmission it indicates that the sender is able to use ECE and CWR flags.

Offset from start of TCP header to data (size of TCP Header).

TCP Offset

TCP Sequence Number of bytes since the first packet of the connection in question plus a random start number generated when the connection was started.

This many bytes from the start of the data in this packet is urgent.

TCP Urgent

TCP Windows How many bytes may be sent in the opposite direction without waiting for an acknowledgement from the sender.

The date and time of an event.

Timestamp

TOS (Type of service) Contains various flags indicating the priority of this packet and how routers should handle various transmission problems. The exact format of this field is different depending on which version of the IP Standard was used as the operating system was created.

TTL (Time to Live) The time to live number that specifies the maximum number of network connection elements (routers, etc.) the data packet can pass. When the data packet passes a network connection element, the TTL number is decreased by 1. When the count reaches 0, the data packet is discarded.

UDP Checksum

UDP Length

A simple checksum of all the bytes after the IP Header (UDP Header + data).

The UDP Header size in bytes.

Note: Some protocols (such as HOPOPT and ICMP) do not use any port. They are assigned a port named NULL with number 0 (zero). This port can be configured to allow or disallow traffic that is not using any port.

With certain Internet communication, Process Control can assign a dynamic (different for each occasion) Local Port number to allow for return communication.

See:

Port Rules

.

Packet Log Display

This view basically consists of three panes.

© 2007 Danware A/S

Handling the Process Control 75

Packet Log Display: Colored characters indicate header information, grey characters indicate data.

Adding and removing columns is done in Tools > Options > Packet Log.

Adjusting the panes are done by pulling the buttons.

Use the Legend to determine which packet types the Packet Log lists.

Follow these steps:

1. In the tool bar, click the Legend button.

© 2007 Danware A/S

76 NetOp Process Control v. 4.0

2. Check/uncheck the log items. Changes are immediate and only apply the view - all events are

saved for as long as the depth of the log allows. See Event Log Options .

3. You can also change the color scheme. Change it by selecting from the drop-down menu. See

Colors Options .

6.2.1.6

Colors Options

This tab specifies Color Schemes for Traffic Matrix and Packet Log.

The ‘Matrix’ and ‘Packet Log’ have similar contents.

Color

Scheme

Add...

The field of this drop-down box displays the name of the selected color scheme

(initially Default). The drop-down box list contains the names of available color schemes, initially Default and Grayscale for Matrix and Default, High Contrast White and High Contrast Black for Packet Log. Select a color scheme name in the list to display it in the field.

Click this button to display this window:

© 2007 Danware A/S

Handling the Process Control 77

Color

Scheme

Name

Remove...

Property

Value

Specify in the field a name for the added Color Scheme.

Note: An added color scheme initially has the property values of the color scheme named Default. Property values can be edited from the Property and Value dropdown boxes.

Click this button to display a confirmation window to confirm removing the color scheme whose name is displayed in the Color Scheme drop-down box field.

Note: Initial color schemes cannot be removed.

The field of this drop-down box displays a property of the color scheme selected in the Color Scheme drop-down box. The drop-down box list contains the names of available properties, see below. Select a property name in the list to display it in the field.

The field of this drop-down box displays the value of the property selected in the

Property drop-down box. The drop-down box list contains available values, see below. Select a value in the list to display it in the field.

Note: Initial color schemes cannot be edited.

See:

Color Definitions

6.2.1.6.1 Color Definitions

Matrix Properties

Background Color

Circle Color

Start Color

End Color

Selected Color

Text Color

Selected Text Color

Dispersion

Rate

Matrix Values

Colors

Display background color.

Circle color.

Connection line initial color.

Connection line final color.

Selected connection line color.

Computer address color.

Selected computer address color.

Number of connection line color shades between Start Color and End

Color

Milliseconds displaying each connection line color shade between Start

Color and End Color.

64 named colors.

© 2007 Danware A/S

78 NetOp Process Control v. 4.0

Dispersion

Rate

2-255.

30-1000.

Packet Log Properties

Accepted Inbound Traffic

BG

Inbound packet records background color.

Accepted Inbound Traffic

FG

Inbound packet records character color.

Accepted Outbound

Traffic BG

Accepted Outbound

Traffic FG

Background BG

Outbound packet records background color.

Outbound packet records character color.

Background FG

Blocked Inbound Traffic

BG

Unfilled area background color.

Unfilled area foreground color.

Blocked Inbound packet records background color.

Blocked Inbound Traffic

FG

Blocked Inbound packet records character color.

Blocked Outbound

Traffic BG

Blocked Outbound

Traffic FG

Blocked Outbound packet records background color.

Blocked Outbound packet records character color.

Broadcast BG

Broadcast FG

Pass By BG

Pass By FG

Broadcast packet records background color.

Broadcast packet records character color.

Pass By packet records background color.

Pass By packet records character color.

Program closed records background color.

Program closing down

BG

Program closing down

FG

Program killed BG

Program closed records character color.

Program killed FG

Program killed records background color.

Program killed records character color.

Program starting up BG Program opened records background color.

Program starting up FG Program opened records character color.

Selected BG

Selected FG

Packet Log Values

Colors

Selected records background color.

Selected records character color.

64 named colors.

© 2007 Danware A/S

Handling the Process Control 79

6.2.1.7

Program Manager Options

This tab specifies which columns will be displayed in the Program Manager display pane table.

Available column headings include:

This pane contains the names of all available column headings in a checkboxed list, see below.

Follow these steps:

1. Check boxes to display columns with the headings.

2. Click ‘Ok’ to move checked names in front of the unchecked names. The Packet Log display pane table will display columns from left to right according to the list top to bottom order of checked names.

3. Drag and drop checked names to achieve the desired table column order. It is also possible to re-arrange the columns in the view.

4. Click ‘Ok’ to save and close the window.

Note: To arrange columns to your preferences, drag and drop the Column Headings.

Column Headings

File Name

Original File Name

Internal Name

File Description

File Version

File Path

Comments

Checksum

Company Name

Legal Copyright

Product Name

Product Version

Process ID

Parent Process ID

Time Stamp

Rule

Attribute

Inbound Traffic

Outbound Traffic

Blocked Inbound Traffic

Name of the record file.

Name of the record file when originally created.

Internal name of the record file, if any.

Description of the record file, if any.

Version of the record file.

The file runs from this location on the computer.

Comments from the program.

Checksum of the record file identifying it.

Name of the company that supplied the record file.

Legal copyright information for the record file.

Name of the product that the record file belongs to.

Version of the product that the record file belongs to.

Process identification (PID) of the record file, if unidentified 0 (zero).

Process identification (PID) of the file that can open the record file, if any.

Time when the record file was opened.

Process Control rule assigned by Process Control to the record file.

Attributes assigned by Process Control to the record file.

Number of bytes in inbound packets of the record file.

Number of bytes in outbound packets of the record file.

Number of bytes in blocked inbound packets of the record file.

© 2007 Danware A/S

80 NetOp Process Control v. 4.0

Blocked Outbound Traffic Number of bytes in blocked outbound packets of the record file.

Inbound Packet Number of inbound packets of the record file.

Outbound Packet Number of outbound packets of the record file.

Blocked Inbound Packet Number of blocked inbound packets of the record file.

Blocked Outbound Packet Number of blocked outbound packets of the record file.

Note: The file icon will always be displayed in the first column. A valid selection must check at least one name. If no name is checked, the default selection will be applied.

Note: Any .exe, .dll or executable binary file (except 16 bit files) contains a field named

VS_VERSIONINFO that has these fields: File Description, Company Name, File Version, Internal

Name, Original Name, Product Name, Product Version and Comment. It is optional whether the field are filled.

6.2.1.8

Notification Area Button Menu

Select this command to open the Process Control window.

Select this command to close the Process Control window.

Select the Block All Communication button to cut off all communication. Use it if your computer is attacked.

Switch profile...

This command expands into the main profile and available sub-profiles.

Note: If selecting a profile fails, it will typically be because its profile rule prohibits switching into it if its profile rule is not met, see

Setup the Process Control Profiles

.

About...

See: About NetOp Process Control .

Exit...

Select this command to unload the Process Control user interface and remove all elements of it including the notification area button from the screen. This also causes that no user messages or prompts will be displayed.

Note: While the user interface is unloaded, Process Control continues to run on the computer. User prompts and messages will not be displayed, see

User Prompts and Messages . When the user interface is reloaded, any user prompts and

messages accumulated while unloaded will be displayed.

To load the user interface, select:

Start > All > Programs > Process Control > Process Control or run (double-click) the file NPCConf.exe that resides in the directory where Process Control is installed.

Note: If logged on NetOp Policy Server, commands, buttons and options may be disabled.

© 2007 Danware A/S

Handling the Process Control 81

6.2.1.9

Unlock the Process Control

Follow these steps:

1. Open the Process Control. You are prompted to enter the password.

2. Enter the password.

3. To unlock the Process Control, click Unlock. NetOp Process Control is open.

4. Go to Tools > Options > Password

5. Click Disable Password Protection and enter the password in the pop-up.

6. Click Unlock in the pop-up and OK in the Password option tab.

7. The Process Control is now enabled.

Once the Process Control is unlocked the padlocks disappear from the icons.

Warning: If you password protect NetOp Process Control and forget your password, you cannot open the Process Control window and you cannot change or remove your Process Control installation.

If the specified password is unavailable, the access to Process Control cannot be restored, and

Process Control cannot be removed by a user.

In this case, Process Control must be removed by assistance from Danware. We reserve the right to charge a fee for this assistance.

6.2.2

Check for New Updates

It is recommended to check for updates for the Process Control regularly.

Follow these steps:

1. On the Process Control > Tools > Check for New Updates...

2. Select the appropriate language.

3. Save the ‘setup.msi’.

4. Open the ‘setup.msi’ from its location and click ‘Run’ > Process Control Setup Wizard opens.

See

Setup Wizard .

Note: The settings will not be changed during the update session.

Note: If controlled by a Policy Server, the updates are automatic or acknowledged by the user.

6.2.3

Run Setup Wizard

See Setup Wizard

.

6.2.4

Block all Communication

If a malicious program slips past the perimeter Process Control all (unprotected) computers are exposed. If this happens, click either on the user interface or in: Tools > Block All Communication.

© 2007 Danware A/S

82 NetOp Process Control v. 4.0

6.3

Menus

The menus in the Process Control user interface consist of two types: the standard menu and the user defined toolbars. Both are described below.

Menu Bar

Toolbar

6.3.1

Menu Bar

The standard menu gives access to all functions of the Process Control.

Contents:

File

Edit

View

Tools

Help

Save As: Allows you to save a log file. Only active when Event Log or Packet

Log are active.Use this command to export your data to other applications.

Exit: Close the Process Control interface. Since it is always on, it will continue to protect your computer.

Add: Depending on the selected view, click this to add a record.

Edit (Ctrl+C): Edit the properties of the selected record.

Remove (Ctrl+R): Removes the selected record.

Select All (Ctrl+A): Select all records in the chosen view.

The View menu consists of three short cut sections: Process Control Rules,

Information and Show/no show Toolbar and Status Bar.

Process Control Rules: Click any icon to switch to the corresponding view.

Information: Click any icon to switch to the corresponding view.

Toolbar: Select this command to hide/display toolbars. When toolbars are displayed, the command is checkmarked (default: checkmarked).

Status Bar: Select this command to hide/display the status bar. When the status bar is displayed, the command is checkmarked (default: checkmarked).

Options: Click to open Options-section. See

Process Control Options .

Check For new Updates: See

Check for New Updates

.

Run Setup Wizard: See

Setup Wizard .

Block All Communication: See

Block all Communication .

Contents: Open the help system.

Online Support: Open www.netop.com

.

Online Registration: Open a step-by-step registration wizard.

About: See

About NetOp Process Control .

© 2007 Danware A/S

Handling the Process Control 83

6.3.2

Toolbar

The toolbar consists of up to five predefined elements:

Process Control Rules Toolbar

Information Toolbar

Play Toolbar

Options Toolbar

Profiles Toolbar

See:

Customize Toolbars and

Customize Default Toolbars .

If you want to hide or display the toolbars, right-click the menubar to open the toolbar menu:

Customize the toolbar.

Checkmarked toolbar menus are visible.

6.3.3

Process Control Rules Toolbar

Select the view by clicking an icon.

Each icon serves as a short-cut.

To set up Process Control rules, see

Setup the Process Control Rules

and Customize Toolbars .

6.3.4

Information Toolbar

Select the view by clicking an icon.

Each icon serves as a short-cut.

To set up Information, see

Setup the Information and

Customize Toolbars .

© 2007 Danware A/S

84 NetOp Process Control v. 4.0

6.3.5

Play Toolbar

Select the view by clicking an icon.

The playing of Packet Log, Traffic Matrix and Statistics is controlled from these play controls:

Play Click the Play button to start playing after Pause or Stop. While playing, the toolbar button is highlighted (default: playing).

Pause When selecting Play after Pause, new data will be added to existing data. While paused, the toolbar button is highlighted.

Stop When selecting Play after Stop, existing data will be cleared and new data will be added. While stopped, the toolbar button is highlighted.

Clear Click the Clear button to clear the records pane contents without changing the current Play, Pause or Stop status.

Legend Click the Legend button to show/hide the legend.

6.3.6

Options Toolbar

Select a function by clicking an icon.

Options Click the Options button to open Process Control Options.

Sidebar Click the Show/Hide Sidebar button to show or hide the sidebar.

Block all Click the Block All Communication button to cut off all communication. Use it if your computer is attacked.

See:

Customize Toolbars .

6.3.7

Profiles Toolbar

Select a function by clicking an icon.

Add Click the Add Profile button to enter a profile name.

Note: You will have to select the new profile and click ‘Edit’ to start configuring it.

Click the Edit Profile button to customize the selected profile.

Edit

Remove Click the Remove Profile button to delete the selected profile.

Rules Click the Set Rules to Profile button to configure the selected profile.

Select a profile from the drop-down list.

© 2007 Danware A/S

Handling the Process Control

See:

Setup the Process Control Profiles and

Customize Toolbars .

85

6.3.8

User Prompts and Messages

If a program that has been assigned the Process Control rule Prompt for Communication or no

Process Control rule attempts communication, the user will be prompted by this window:

Note: Commands, buttons and options are enabled if applicable to the current selection unless disabled by the Security Policy assigned by a logged on to NetOp Policy Server, see

Policy Server

Options

.

Yes Click this button, press ENTER or click the title bar ‘Close’ button to close the window allowing communication.

Note: If you are in doubt whether it is safe to allow communication or not, consult with your system or network administrator.

Click this button to close the window denying communication.

No

Details Click this button to display/hide the lower extension of the window.

Note: If the same window is displayed repeatedly after allowing communication, it is because the program attempting communication times out during user interaction in this window. Check the Remember box below to assign the Process Control rule

Allow Communication to the program file. Then, the program file will no longer prompt for communication.

Details Display this to assist you in identifying the program file and the purpose of its communication.

Select task The field of this drop-down box displays the default program Process Control rule selection Allow Communication. The drop-down box list contains the names of available program Process Control rules, and Open Containing Folder.... Select Open

Containing Folder... to display the directory containing the file attempting communication. Select a Process Control rule to apply it to the file attempting communication and close the window.

Remember Leave this box unchecked (default: unchecked) to apply your selection for this occasion only. Check the box to assign the applied Process Control rule to the program file record in the Programs display pane

Several Process Control functionalities can display a user message upon a specified event. Click the message window to acknowledge the message and close the window.

Applying a message to a program will cause the Process Control to display a message whenever the program is started and stopped. The message looks like this:

© 2007 Danware A/S

86 NetOp Process Control v. 4.0

The message is semi-transparent and by default displays the program and the action.

See Event Log Options to set up messages.

In the properties pane of Programs, Ports, Protocols, Trusted and Banned Nets it is possible to enter a user-defined message.

Note: No user prompts and messages will be displayed if the ‘Display No User Prompts and

Messages’ box is checked on the Options window General tab. Program communication requests will be denied.

Note: If the user interface is unloaded no user prompts and messages will be displayed. When the user interface is reloaded, any user prompts and messages accumulated while unloaded will be displayed, see

Notification Area Button Menu .

6.4

Handling the Policy Server

NetOp Policy Control is designed to be logged on to a NetOp Policy Server to operate as an element in an organizational distributed NPC system, but it is also designed to run as a standalone application.

The responsibility for specifying policy rules in a stand-alone NetOp Policy Control computer, disallowing unknown programs attempting to run, lies solely with the computer user.

In a distributed system, this responsibility can be partly or fully left to the administrators of an organizational NetOp Policy Server to relieve individual computer users from this task and apply organization-wide policies and rules.

A NetOp Policy Server distributed system is fully and continuously scalable from one stand-alone

NetOp Policy Control to a multi-site distributed NPC system with several NetOp Policy Servers and several thousands NetOp Policy Controls.

For more information, check wilt the documentation for NetOp Policy Server.

© 2007 Danware A/S

Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement

Table of contents