HP T5700 HP Sygate Security Agent User Guide - Page 55
software. When OS Fingerprint Masquerading is enabled, the Agent modifies TCP/IP
View all HP T5700 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 55 highlights
Configuring the Agent's Settings Automatically allow all known DLLs Automatically allows DLL modules that are commonly loaded by the network application. Disabling this feature will cause the engine to prompt for permission on all new DLLs that are loaded, and may cause very frequent prompting when using a complex network application, such as an Internet browser. By default, this option is enabled in the Agent. Enable anti-MAC spoofing Allows incoming and outgoing ARP traffic only if an ARP request was made to that specific host. It blocks all other unexpected ARP traffic and logs it in the Security Log. By default, this option is enabled on the Agent. Some hackers use MAC spoofing to attempt to hijack a communication session between two computers in order to hack one of the machines. MAC (media access control) addresses are hardware addresses that identify computers, devices, servers, routers, etc. When Computer A wants to communicate with Computer B, it may send an ARP (Address Resolution Protocol) packet to the computer. Enable anti-IP spoofing IP spoofing is a process used by hackers to hijack a communication session between two computers, which we will call Computers A and B. A hacker can send a data packet that causes Computer A to drop the communication. Then, pretending to be Computer A, the hacker can communicate with Computer B, thus hijacking a communication session and attempting to attack Computer B. Anti-IP spoofing foils most IP spoofing attempts by randomizing the sequence numbers of each communication packet, preventing a hacker from anticipating a packet and intercepting it. It is recommended that you enable this option along with Enable OS fingerprint masquerading. By default, this option is enabled on the Agent. Enable OS fingerprint masquerading Keeps programs from detecting the operating system of a device running the Agent software. When OS Fingerprint Masquerading is enabled, the Agent modifies TCP/IP packets so it is not possible to determine its operating system. It is recommended that you enable this option along with Enable anti-IP spoofing, discussed previously. By default, this option is enabled on the Agent. NetBIOS protection Blocks all communication from computers located outside the Agent's local subnet range. NetBIOS traffic is blocked on UDP ports 88, 137, and 138 and TCP ports 135, 139, 445, and 1026. Be aware that this can cause a problem with Outlook if connecting to an Exchange server that is on a different subnet. If that occurs, you should create an advanced 45