Kaspersky Embedded Systems Security for Linux
3.3.0
English

Contents

Network Threat Protection

While the Network Threat Protection component is running, the application scans inbound network traffic for activity that is typical for network attacks. Network Threat Protection is started by default when the application starts.

The application receives the numbers of the TCP ports from the current application databases and scans incoming traffic for these ports. Upon detecting an attempt of a network attack that targets your device, the application blocks network activity from the attacking device and logs an event about the detected network activity.

To scan network traffic, the Network Threat Protection task receives port numbers from the application databases and accepts connections via all these ports. During the network scan process, it may look like an open port on the device, even if no application on the system is listening to this port. It is recommended to close unused ports by means of a firewall.

Network Threat Protection settings

Setting

Description

Enable Network Threat Protection

This check box enables or disables Network Threat Protection.

The check box is selected by default.

Action on threat detection

Actions performed upon detection of network activity that is typical of network attacks.

  • Inform user. The application allows network activity and logs information about detected network activity.
  • Block network activity from an attacking device and log information about detected network activity (default value).

Block attacking hosts

This check box enables or disables the blocking of network activity when a network attack attempt is detected.

The check box is selected by default.

Block the attacking host for (min)

In this field you can specify the duration an attacking device is blocked in minutes. After the specified time, Kaspersky Embedded Systems Security allows network activity from this device.

Available values: integer from 1 to 32768.

Default value: 60.

Exclusions

This group of settings contains the Configure button, which opens the Exclusions window, where you can specify a list of IP addresses. Network attacks from these IP addresses will not be blocked.

Page top

[Topic 16393]

Exclusions window

In this window, you can add IP addresses from which network attacks will not be blocked.

By default, the list is empty.

You can add, edit, and remove IP addresses in the list.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top

[Topic 210559]

IP address window

In this window, you can add and edit IP addresses. Network attacks from these IP addresses will not be blocked by Kaspersky Embedded Systems Security.

IP addresses

Setting

Description

Enter an IP address (IPv4 or IPv6)

Entry field for an IP address.

You can specify IP addresses of IPv4 and IPv6 versions.

Page top

[Topic 202336]