Kaspersky Firewall anti-hacker setup Tips

Kaspersky's own firewall, "anti-hacker" although simple, but I will be enough. It took so long to have a little experience to share with you.

Settings for "Application":

For applications, we know that they all have the suffix ". exe" name, which is the executable file, and all programs run, including viruses, to perform tasks with executable files. The "Application" item in "anti-hacker" is used to monitor the network status of an application, and the user chooses "allow" or "block" to control whether it is networked or not. We can use this setting to monitor all applications to be networked, and allow and block.

When you set up "anti-hacker" as "learning (Training) mode", any application that does not set rules and wants to be networked will pop up the window and ask the user. We can also set it on our own.

Into the "Kabbah Kis main interface--settings--anti-hacker--click the first ' Settings ', then go to the Settings window, and then select Application Rules. If you want to add a rule, select "Add", edit the Rule select "edit", delete rule Select "Delete", also can "import" and "Export" database (no use).

When you want to add, select "Add", there will be a "browse" and "Application" options, the "Application" option is already running the application, "Browse" you need to find the application to add rules. After the selection, enter the editing interface, and then click "Add", the edit window appears. The rule name is best filled in with the name of the application. "Remote IP Address" means "whether to allow programs to access this remote IP address", such as QQ issued after it to connect the IP QQ server; Remote port "means" whether to allow the program through a certain IP (not its own) access to a certain port, such as QQ issued after it to connect QQ server IP port; Local port "means" whether the program is allowed to access through a port of its own IP; " Time range means "Allow or prevent this program from making network access during this time." Additional operation we all know what it means, and we will not introduce it. Are you done? You also need to set up in the "Rule description", select "Allow or block", "out of the Net", "TCP or UDP packets", "Port, IP and Time" settings.

After setting up, you can at any time in the "template" of the rules of the "Allow or block" settings, do not need to re-enter the modification.

Settings for package filtering rules:

What is "packet filtering"? That is, through the firewall settings, monitoring package characteristics to "release or block", "Allow, block or limit" the number of packets per IP transmission and connection, block attacks, prohibit access to certain sites. Isn't that the most basic feature of "firewalls"? Yes! With the "packet filter", it is a "firewall".

On the setup, and the application is virtually the same, just a "local IP address." Now, I want to introduce how to set up "IP address". As with application rules, there are many choices after entering remote or local IP addresses, "Computer IP address (that is, set an individual address alone)", "IP address range", and "subnet address." "Subnet Address" application is not much, I am not very understand, do not introduce. "Local IP Address" settings, enter their own local area network IP on the line (excluding themselves), "IP address range" is also the input of the LAN within the scope of the allowed; This is a connection within the LAN. "Remote IP Address" application is not much, I will not introduce.

For packet filtering, the rules with Kabbah are generally enough, and no new rules need to be added.

Settings for area:

Areas are already existing and connected networks, where you can add a trust mechanism for new network connections. The default generally has an "internet" set to "Internet". The LAN will have another connection, preferably the local network. Stealth mode will hide your IP address, protect security.

The difference between "Internet", "local network" and "trustworthy" is:

Internet: Block file and printer sharing, prevent error reporting, apply application rules and packet filtering rules; (apply to public networks)

Local network: Allow file and printer sharing, allow error reporting, apply application rules and packet filtering rules (applied to network with Gateway, LAN)

Trusted: Allows file and printer sharing, error reporting, application rules, and packet filtering rules. (Allow any connection)

You don't have to set it up, you will be prompted automatically when you connect to the new network (the Internet is the default).

"Additional" in the basic need not set, with the best recommended.

Intrusion Detection System:

This is the default to open, is sure to open, according to other people's point of view, in the "Settings" can be "block attack the computer" that time limit of the check out, and will not affect intrusion detection and prevention. The time limit is only used to block your network so that attackers (hackers) cannot connect to your computer, which is not much use. The default 60 minutes is too long, which means you won't be able to surf the internet for one hours after the attack. Can be set to 2 minutes if you are not at ease.

In short, Kabbah's "anti-hacker" individual users (not always under attack) is enough, hackers are generally not boring to the point of attacking PCs. If you don't trust, turn off the "anti-hacker" and install a firewall you trust.