Chapter 4: Configuring RealSecure Desktop Protector

Back Tracing

Introduction

RealSecure Desktop Protector can track an intruder’s activities to help you determine

 

what an intruder did to your computer. This topic explains how to gather and use this

 

information.

How does back

Back tracing is the process of tracing a network connection to its origin. When somebody

tracing work?

connects to your system over a network such as the Internet, your system and the

 

intruder's system exchange packets. Before an intruder's packets reach your system, they

 

travel through several routers. RealSecure Desktop Protector can read information from

 

these packets and identify each router the intruder's packets had to travel through.

 

Desktop Protector can often identify the intruder's system in this way.

Back tracing

When Desktop Protector back traces an intruder, it attempts to gather the IP address, DNS

information

name, NetBIOS name, Node, Group name, and MAC address. Skilled intruders will often

 

try to block Desktop Protector from acquiring this information.

Procedure

To set up back tracing:

1.From the Main Menu, select ToolsÆEdit BlackICE Settings.

2.Select the Back Trace tab.

3.Type the severity level for an indirect trace in the Indirect Trace Threshold box.

Note: The default threshold for an indirect trace is 3. With this setting, any event with a severity of 3 or above triggers an indirect back trace.

4.Do you want Desktop Protector to query Domain Name Service servers for information about the intruder?

If yes, select DNS lookup.

If no, clear DNS lookup.

5.Type the severity level for a direct trace in the Direct Trace Threshold box.

Note: The default threshold for the direct trace is 6. With this setting, any event with a severity of 6 or above triggers a direct back trace.

6.Do you want Desktop Protector to determine the computer address of the intruder's computer?

If yes, select NetBIOS nodestatus.

If no, clear NetBIOS nodestatus.

Direct and indirect Desktop Protector can trace intruders directly or indirectly. tracing

An indirect trace uses protocols that do not make contact with the intruder's system, but collect information indirectly from other sources along the path to the intruder's system. Indirect back tracing does not make contact with the intruder's system, and therefore does not acquire much information. Indirect traces are best suited for lower- severity attacks.

A direct trace goes all the way back to the intruder's system to collect information. Direct back tracing makes contact with the intruder's system and therefore can acquire a lot of information. Direct back traces are best for high-severity attacks, when you

50

Page 57 Page 59
Page 58
Image 58
Internet Security Systems Desktop Protector, 3.5 manual Back Tracing, Information, How does back, Tracing work?
Page 57 Page 59

3.5, Desktop Protector specifications

Internet Security Systems Desktop Protector 3.5 is a robust cybersecurity solution designed to provide comprehensive protection for personal computers and workstations. As cyber threats continue to evolve, this software aims to protect users against malware, phishing, and other malicious attacks with its advanced feature set and technologies.

One of the main features of Desktop Protector 3.5 is its real-time scanning capability. It constantly monitors files and applications on the system for any signs of malicious activity. This proactive approach ensures that harmful software is detected and neutralized before it can execute, providing users with peace of mind as they navigate the internet or access sensitive information.

Another significant feature is the integrated firewall. This firewall effectively controls incoming and outgoing traffic, offering an additional layer of protection by blocking unauthorized access to the user's network. Users can configure the firewall settings to tailor their security level according to their specific needs, ensuring flexibility and adaptability.

Desktop Protector 3.5 also incorporates advanced heuristic analysis technology. Unlike traditional antivirus solutions that rely primarily on known malware signatures, heuristic analysis examines the behavior of files and applications. This allows the software to identify and block new or unknown threats based on their potential behavior, significantly enhancing its detection capabilities.

The software's user-friendly interface makes it accessible to users of all technical backgrounds. With straightforward navigation and intuitive controls, even those who are not tech-savvy can efficiently manage their security settings and monitor their system's health.

Moreover, Desktop Protector 3.5 offers automated updates, ensuring that the security software remains current with the latest threat definitions and security patches. This feature guarantees that users are always safeguarded against emerging threats without requiring manual intervention.

Another noteworthy characteristic is its low system impact; Desktop Protector 3.5 is designed to operate seamlessly in the background. Users can work, play, or browse the internet without experiencing noticeable lag or performance issues, making it an ideal security solution for both personal and professional environments.

With its combination of powerful features, advanced technologies, and user-centric design, Internet Security Systems Desktop Protector 3.5 stands out as a reliable choice for anyone seeking to enhance their cybersecurity posture in an increasingly digital world.
Top Page Image Contents