RISING PERSONAL FIREWALL 2009 User Manual

852 views
804 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
852
On SlideShare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

RISING PERSONAL FIREWALL 2009 User Manual

  1. 1. RISING PERSONAL FIREWALL 2009 User Manual
  2. 2. LION-STRONG SECURITY Contents WELCOME TO RISING PERSONAL FIREWALL ...................................................... 4 END USER LICENSE AGREEMENT .......................................................................... 5 QUICK START ............................................................................................................. 8 MAIN INTERFACE ....................................................................................................... 9 SOFTWARE FUNCTIONS AND SETUP ................................................................... 10 NEW FEATURES ....................................................................................................... 11 INSTALLING & UNINSTALLING .............................................................................. 12 Running Environment and Supported Languages.................................................................................... 13 Installing Rising Personal Firewall................................................................................................................. 14 Uninstalling Rising Personal Firewall ........................................................................................................... 17 Installation Wizard............................................................................................................................................... 19 TOOLS ....................................................................................................................... 21 Latest Installer Creation Tool........................................................................................................................... 22 Registration Wizard............................................................................................................................................. 24 UPDATE ..................................................................................................................... 25 Update..................................................................................................................................................................... 26 Network Settings ................................................................................................................................................. 27 User ID .................................................................................................................................................................... 29 COMMONLY-USED FUNCTIONS............................................................................. 30 Two easy steps to change the security level of Rising Personal Firewall 2009............................... 31 Switch Mode.......................................................................................................................................................... 32 Select Language/Skin......................................................................................................................................... 33 Log History ............................................................................................................................................................ 34 Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -2-
  3. 3. LION-STRONG SECURITY Account Management ........................................................................................................................................ 36 Enable/Disable Protection................................................................................................................................. 37 Connect / Disconnect ......................................................................................................................................... 38 Exit ........................................................................................................................................................................... 39 NETCONTROL........................................................................................................... 41 Application Rules ................................................................................................................................................ 43 Module Rules ........................................................................................................................................................ 45 FIREWALL SETTINGS .............................................................................................. 47 Standard Settings................................................................................................................................................ 48 Rising Cloud Security ........................................................................................................................................ 51 Rising Password.................................................................................................................................................. 52 Rules........................................................................................................................................................................ 53 Blacklist ............................................................................................................................................................. 54 Whitelist............................................................................................................................................................. 56 Port Rules ......................................................................................................................................................... 58 Trusted Zone .................................................................................................................................................... 60 IP Rules.............................................................................................................................................................. 62 URL Filter ............................................................................................................................................................... 65 Web Blacklist ................................................................................................................................................... 66 Web Whitelist ................................................................................................................................................... 67 ARP Spoofing Defense ...................................................................................................................................... 68 Static ARP rules .............................................................................................................................................. 70 Intrusion Detection.............................................................................................................................................. 72 Outbound Flood Attack Sensor....................................................................................................................... 73 FAQ AND PORT LIST ............................................................................................... 74 FAQ .......................................................................................................................................................................... 75 Port List .................................................................................................................................................................. 79 SERVICE CONTACT ................................................................................................. 88 Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -3-
  4. 4. LION-STRONG SECURITY Welcome to Rising Personal Firewall End User License Agreement Quick Start Main Interface Software Functions and Setup FAQ and Port List Customer Service Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -4-
  5. 5. LION-STRONG SECURITY End User License Agreement This End User License Agreement (hereinafter referred to as "Agreement") is a legally binding agreement between you (either a natural person, a legal entity or an organization) and Beijing Rising Information Technology Corporation Limited (hereinafter referred to as "Rising"), the copyright owner of Rising software, including but not limited to Rising Antivirus Software, Rising Personal Firewall, hereinafter referred to as "Software". You must read this Agreement before using the Software. Any software, electronic file, etc. related to this Agreement and used by you shall be subject to the terms and conditions of this Agreement. Meanwhile, the Agreement applies to all subsequent releases and updates of this Software. You shall clearly understand that you have absolute freedom to agree or disagree with this Agreement, and your installation, copy, download, access or use in any other ways of this Software means that you agree to be bound by the terms and conditions of this Agreement. This Agreement is as effective as any written agreement signed by you and entered into through negotiations. If you do not agree, please do not use this Software and make sure the integrity of the product and its components. 1. Definitions 1.1 "Software" or "Software Product" refers to: (1) All contents accompanied by a disk, CD or other medium along with this Agreement, including but not limited to the computer information or software owned by Rising or a third party. (2) Related written illustrative materials, product packages and electronic files, as well as (3) Updates, modified versions, altered or added contents of this Software and any related tools (if any) released and licensed by Rising to you. 1.2 "Use" means access, installation, copy or functional use in any other way of the Software based on related documents. 1.3 "Purpose" means the limit and scope for you to use this Software. Your purpose to use this Software shall be determined by the Rising Software you have purchased. For example, Rising Personal Firewall can only be used for personal purpose and you shall not use this product for non- personal or commercial purpose unless a written authorization from Rising is obtained. 2. Intellectual Property Rights This Software and any copy reproduced by you under the authorization from Rising are Rising products. The intellectual property rights are owned by Rising. The structure, organization and codes are all valuable trade secrets and confidential information belonging to Rising. This Software is protected by Copyright Law of the People's Republic of China, related international treaties and applicable laws of the countries where the Software is used. This Software must not be copied beyond the license of this Agreement; otherwise an infringement to Rising's intellectual property right will be constituted. Without prior written permission by Rising, you also shall not reversely engineer, decompile, disassemble the Software, or try in any other way to find its source code. All information about the Software provided by Rising, and obtained by you, can only be used for the purposes licensed by this Agreement. This Software shall not be disclosed to any third party or used to fabricate any software with similar style. This Software shall not be used for any other commercial purpose without authorization. The use of trademark(s) including the logo(s) owned by their owners shall be in compliance with the Trademark Law of the People's Republic of China. The registered trademarks or trademarks owned by Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -5-
  6. 6. LION-STRONG SECURITY Rising include, but are not limited to "Rising", "Rising Software", "Rising Antivirus Software", "Rising Antivirus" and "Rising Personal Firewall", etc. Your use of this Software under the authorization of this Agreement does not imply that Rising transfers its intellectual property rights to you. 3. License for the Software Product This Software Product is protected by Copyright Law of the People's Republic of China and international treaties for copyright, as well as other Chinese laws and international treaties for intellectual property right. Rising grants you a non-exclusive license to use the Software based on this Agreement as long as you follow the terms and conditions of the Agreement. 3.1 Authorized Range of Usage For each copy of Rising's Software Product, Rising authorizes you to use it in one operating system on one PC only. Under the following conditions, however, you can use it in a multi-user environment or on a networked system: (a) Rising has explicitly authorized you in writing to use it in a multi-user environment or on a networked system; or (b) You have already purchased software licenses for each node or terminal you are using. 3.2 Duplicate, Distribution and Spread You shall use or duplicate the Software according to this Agreement. You must make sure that each copy you have duplicated, distributed and spread under the authorization from Rising is integral and veritable, including all information about software, electronic file, copyright and trademark relative to this Software as well as the Agreement. You can duplicate one copy of the Software for the purpose of backup or archive management. However, you shall not install and use it on any other PC. You shall not transfer this copy to any other person unless you are explicitly authorized in writing by Rising. 3.3 Transfer All or part of the Software must not be rented, leased, re-licensed or duplicated to other PC users unless an explicit written authorization is obtained. However, you can transfer your right to use this Software to others under the following assumptions: (a) You simultaneously transfer the Agreement, the Software, and all other software and hardware bundled to this product altogether to others (including all copies, updates and previous versions); (b) You no longer keep any copies, including the backups and updates saved on your PCs; and (c) The receiver accepts the terms and conditions of this Agreement, and any other terms and conditions you have accepted when you legally purchased the Software. 4. Warranty 4.1 Rising grants the warrant to entities/persons that have purchased the Software and are willing to follow the terms and conditions of this Agreement. Within one month since the purchase of this Software, Rising will exchange the software if the Software malfunctions due to error(s) in the storage medium of the Software, and after it is examined and checked by Rising. If the error is caused by Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -6-
  7. 7. LION-STRONG SECURITY misuse, manmade damage, unauthorized use, accident or and the medium is lost, the warranty cannot be covered. While requesting Rising for replacement based on above reason(s), you must return the Software and purchase voucher/invoice to the location of purchase within thirty (30) days after you purchased the Software. 4.2 Rising guarantees that the Software meets the performance requirements described in its instructions. 4.3 Rising makes no warranty on the merchantability and fitness of the Software for some special use in business purpose. 4.4 Rising does not guarantee that the Software is error-free or can function uninterruptedly. Rising makes no warranty that the Software can be effective on any PCs under any conditions. 4.5 You shall know and understand that due to the particularity of antivirus software, this Software may not be effective against each and all existing or future viruses. You agree that Rising is not liable for any loss caused by the use of or failure to use this Software, including but not limited to operating profit/loss, service interruption, loss of business information, document and data, or for other financial losses, even if Rising is notified of the possibility of such losses, unless these losses are caused due to Rising's fault or gross negligence. 5. Termination of License If you fail to follow any term and condition of the Agreement, Rising shall have the right to terminate at any time the license granted to you. After the termination, you shall immediately destroy the original and its copies of the Software, or return them to Rising. This Agreement is governed by the laws of the People's Republic of China. If there is any dispute on the Software with Rising, the lawsuit can be submitted to China International Economic and Trade Arbitration Commission for arbitration in Beijing. For any question on this Agreement, or any information about Rising, please contact Rising at the following address: Address: Room 1305, Zhongke Building, No.22, Zhongguancun Street, Beijing, China ZIP: 100190 Website: http://www.rising.com.cn Tel: (010) 82678800 (Service Hotline) Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -7-
  8. 8. LION-STRONG SECURITY Quick Start 1.Installing, Uninstalling - explaining you the details of the installation and uninstallation procedure. See Installation. 2.Rising Tools - explaing the usage of the Rising Installation Pack Creator and the Registration Wizard. See Tools. 3.Update - explaining how to update Rising Personal Firewall. See Update. 4.Common Functions - explaining the most common functions of Rising Personal Firewall 2009. See Common Functions. 5.Detailed Settings - explaining in detail how to configure the functions of your personal firewall. See Detailed Settings. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -8-
  9. 9. LION-STRONG SECURITY Main Interface The main tab gives you direct access to major functions of Rising Personal Firewall 2009. Main Window Contents Menu Bar: The menu bar is located on the top of the main window, and contains the Actions, Settings and Help menus. Buttons: Buttons are located on the right side of the main window, and contains the Enable/Disable, Connect/Disconnect, Update Now and Log History buttons. Tabs: Tabs are located on the top of the main interface, and contains the Firewall Status, Sysinfo, Web Security, NetControl and News tabs. Last Update: The date and time of the last update is displayed at the bottom of the main window. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -9-
  10. 10. LION-STRONG SECURITY Software Functions and Setup New Features Installing & Uninstalling Tools Update Common Functions NetControl Other Settings Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -10-
  11. 11. LION-STRONG SECURITY New Features 1.Rising Cloud Security users form a rapid response network which quickly catches Trojans and other malware. For details, see Rising Cloud Security. 2.Rising Password protects prevents other users and malware from switching off your firewall protection. For details, see Rising Password. 3.Intrusion detection stops hackers and malware from using system or other vulnerabilities to invade your privacy.For details, see Intrusion Detection. 4.Outbound Flood Attack Sensor provides you with additional security. For details, see Outbound Flood Attack Sensor. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -11-
  12. 12. LION-STRONG SECURITY Installing & Uninstalling Running Environment and Languages Installing Rising Personal Firewall Uninstalling Rising Personal Firewall Installation Wizard Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -12-
  13. 13. LION-STRONG SECURITY Running Environment and Supported Languages Software Windows 2000/XP/2003/Vista Hardware Non-Vista: CPU: PIII 500 MHz or higher RAM: 256 MB or above, up to 4GB Display: Standard VGA, 24-bit true color Others: CD-ROM / DVD drive, mouse Windows Vista: CPU: 1 GHz 32-bit (x86) RAM: 512 MB or above, up to 4GB Display: Standard VGA, 24-bit true color Others: CD-ROM / DVD drive, mouse Note: This software does not guarantee complete compatibility with future hardware and software. Languages Rising Personal Firewall is available in Simplified Chinese, Traditional Chinese and English. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -13-
  14. 14. LION-STRONG SECURITY Installing Rising Personal Firewall Step 1: Start your computer and boot Windows 2000/XP/2003/Vista. Close all other applications. Step 2: Click on the icon of the Rising installation program. please see the instructions on the screen. Step 3: You can select "Traditional Chinese", "Simplified Chinese" or "English" as the language displayed during installation. Click "OK" to start the installation. Step 4: Read the "End User License Agreement". Select "I Agree" and click "Next" to continue, or select "I Disagree" to exit. Step 5: Please enter your Product Key and User ID in the following window. Click "Next" to continue. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -14-
  15. 15. LION-STRONG SECURITY Step 6: In the next window you can select "Full Install"or "Minimum Install". Click "Next" to continue. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -15-
  16. 16. LION-STRONG SECURITY Step 7: In "Choose Destination", select the destination folder where you wish to install Rising Personal Firewall and click "Next" to continue. Step 8: In "Select Program Folder", choose the folder you wish to add program shortcuts to and click "Next" to continue. Step 9: In "Installation Information", confirm that your installation settings are correct and click "Next" to continue. Step 10: In the next window, please select "Run Registration Wizard","Run Settings Wizard" and "Run Rising Personal Firewall" and click "Finish". Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -16-
  17. 17. LION-STRONG SECURITY Uninstalling Rising Personal Firewall To start the uninstallation of Rising Personal Firewall: Click Start > Rising Personal Firewall> Add or Remove Components Select Uninstall. To complete the uninstallation, please select "Delete installation directory"and "Restart Windows". Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -17-
  18. 18. LION-STRONG SECURITY Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -18-
  19. 19. LION-STRONG SECURITY Installation Wizard 1. Rising Cloud Security and System Security Test To join later, click Settings>Detailed Settings>Options>Rising Cloud Security.For details, pls. see Rising Cloud Security. 2.Add IP Addresses to Trusted Zones You have reached the Trusted Zone setup.Click "Next" to continue. To change the setup later, click Settings> Detailed Settings>Rule Setup>Trusted Zone. For details, please see Trusted Zones. 3.Enable ARP Spoofing Defense / How to Bind gateway and MAC address To increase your security, select "Bind gateway and MAC address" and "Enable ARP Spoofing Defense". Click "Next" to continue. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -19-
  20. 20. LION-STRONG SECURITY Note: To change the setup later, click Settings>Detailed Settings> ARP Spoofing Defense. For details, please see ARP Spoofing Defense. 4.Enable Rising Password, set password range and configure with which account the firewall will start To strenghten your protection, we strongly recommend to select "Enable Rising Password". Afterwards, decide what the password is needed for and which account the firewall shall use on startup.Click "Finish" to complete the setup. For further details, please see Rising Password. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -20-
  21. 21. LION-STRONG SECURITY Tools Latest Installer Creation Tool Registration Wizard Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -21-
  22. 22. LION-STRONG SECURITY Latest Installer Creation Tool The latest installer creation tool creates a program that allows you to install the latest version of Rising at any time without downloading updates first. Usage Open the main window of Rising Personal Firewall and go to Rising Tools Choose where to save the installation package. Click "Next" to begin the creation. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -22-
  23. 23. LION-STRONG SECURITY Click "Finish" to exit the program. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -23-
  24. 24. LION-STRONG SECURITY Registration Wizard Please follow the instructions on the screen to register your product. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -24-
  25. 25. LION-STRONG SECURITY Update If you cannot access the Internet, please update Rising Personal Firewall via Rising Technical Support. Update Network Settings User ID Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -25-
  26. 26. LION-STRONG SECURITY Update Scheduled Smart Update Rising Personal Firewall can be configured to update in a variety of ways. By default, the system is set to update automatically. You can set the system to update: • Hourly • Daily • Weekly • Manual • Automatic "Hourly": You can set the interval and starting time for the update. "Daily": You can set the interval, starting date and time. "Weekly": You can set the day of the week and the time of day that the update should occur. "Manual": This setting requires that you periodically open the main program of Rising Personal Firewall, go to the "Home" tab and click on the "Update" icon. Setting the box to "Automatic" resets the function to the default. Three easy ways to update Rising Personal Firewall Method 1: Click the Update Now button on the right side of main window Method 2: In the main window, click Actions > Update Now Method 3: Right click the firewall icon in your system tray and choose SmartUpdate When you try to use SmartUpdate, please make sure your computer is connected to the Internet and network settings are correctly configured. Pls.see Network Settings Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -26-
  27. 27. LION-STRONG SECURITY Network Settings Usage Method 1 Open the main window of Rising Personal Firewall 2009. Click Settings > Connection Method 2 Click Settings > Detailed Settings > Options > Connection. Method 3 Right click the firewall icon in the system tray and continue Detailed Settings > Options > Connection. In the Connection window, if Access Internet via proxy server is selected, the user must enter the proxy server IP address, port and user authentication (if required). Click "OK" to save the settings. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -27-
  28. 28. LION-STRONG SECURITY Please ensure that your network settings are correct, otherwise SmartUpdate may not update successfully. If you do not have access to the Internet via a dial-up network, the Access Internet via dial-up network option will not appear in the window. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -28-
  29. 29. LION-STRONG SECURITY User ID SmartUpdate will check your User ID to verify the authenticity of the installed copy of Rising Personal Firewall. With an invalid User ID you will NOT be aple to update your firewall. Usage Open the Rising Personal Firewall main window. In the main window, select Settings from the menu, and then click on User ID to reach the window shown below. While entering the User ID, it will be displayed in the text field as asterisks. Click OK to save your User ID. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -29-
  30. 30. LION-STRONG SECURITY Commonly-Used Functions Set Security Level Switch Mode Select Language Log History Account Management Enable / Disable Firewall Connect / Disconnect Exit Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -30-
  31. 31. LION-STRONG SECURITY Two easy steps to change the security level of Rising Personal Firewall 2009 1. Open the Rising Personal Firewall main window. 2. Click on the "Security Level" link on the "Firewall Status" tab and change to the preferred security level. Security Level Rules Definition: Low: This setting is appropriate in a trusted network or zone. All network access is allowed unless specifically denied access by the rules. Medium: This setting is appropriate in a normal LAN environment. Print and file sharing are allowed by default, but some potentially dangerous ports are blocked. High: This setting is appropriate when the system is directly connected to the Internet. All network connections are monitored and will be denied, unless specifically allowed access by the rules. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -31-
  32. 32. LION-STRONG SECURITY Switch Mode Here you can switch between the different modes of Rising Personal Firewall 2009. Steps Method 1: 1.Open the Rising Personal Firewall main window. 2.In the main window, select Actions and directly choose your preferred mode. Method 2: 1.Right-click on the Rising Personal Firewall icon in the system tray. 2.Select Switch Mode in the menu and choose your preferred mode. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -32-
  33. 33. LION-STRONG SECURITY Select Language/Skin Here you can choose the standard language and skin for Rising Personal Firewall Select Language Three languages can be selected to be the default language for Rising Personal Firewall: Traditional Chinese, Simplified Chinese and English. Steps 1.Open the Rising Personal Firewall main window. 2.In the main window, select Settings > Select Language and another window will open up. 3.Select a language from this window and click "OK". Select Skin You can choose between three skins for Rising Personal Firewall: Standard, Blue Moonlight and Polar Dust. Steps 1.Open the Rising Personal Firewall main window. 2.In the main window, select Settings > Select Skin and another window will open up. 3.Select a skin from this window and click "OK". Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -33-
  34. 34. LION-STRONG SECURITY Log History Rising Personal Firewall keeps detailed logs of all events relevant for the security of your computer. Steps Method 1: Click the "Log History" button in the main window. Method 2: Select Actions > Log History from the menu bar in the main window. Method 3: Right-click the Rising Personal Firewall icon in the system tray and click "Log History" from the menu. Log Types: There are seven different types of logs: System: This log records firewall system events, such as the firewall being enabled or disabled, or the computer connection and disconnection. Attack Event(s): This log records IP attack events. (Windows 2000 and up) IP: This log records triggered IP layer events. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -34-
  35. 35. LION-STRONG SECURITY Network Connection Attempts: This log records all attempts by applications to create a network connection. Flood Attack Event(s): This log records all detected flood attacks. ARP Spoofing: View the ARP spoofing log. Modify Rule Event(s): This log records all modification of rules. Related Operations: Clean - this button clears all logs and generate a system event. Search - this button opens a search window and you can search for log entries. Backup - this button will first backup the logs and then delete the entries in the current logs. A system even will also be generated. Refresh - a click on this button updates all logs. LogHistory - this button will allow you to select a previously saved log (*.dat) and import it into the current log for viewing. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -35-
  36. 36. LION-STRONG SECURITY Account Management Rising Personal Firewall 2009 provides you with two accounts: Administrator and User. There are two ways to switch between the two accounts: Method 1: Click the Actions menu and select the mode you wish to use. Method 2: In the Firewall Status tab, click on the Current User link to switch between the two accounts. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -36-
  37. 37. LION-STRONG SECURITY Enable/Disable Protection Three easy and convenient ways to enable/disable the firewall protection Method 1: 1. Open the Rising Personal Firewall main window. 2. Click the Enable / Disable button on the right side of the main window. Method 2: 1. Open the Rising Personal Firewall main window. 2. In the main window, select Actions > Start / Stop Protection. Method 3: Right-click the Rising Personal Firewall icon in the system tray and select Start / Stop Protection from the menu. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -37-
  38. 38. LION-STRONG SECURITY Connect / Disconnect Rising Personal Firewall 2009 offers three quick and convenient ways to control your network connection. Steps Method 1: 1. Open the Rising Personal Firewall main window. 2. Click the Connect/Disconnect button on the right side of the main window. Method 2: 1. Open the Rising Personal Firewall main window. 2. In the main window, select Actions > Connect/Disconnect. Method 3: Right-click the firewall icon in the system tray and select Connect / Disconnect from the menu. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -38-
  39. 39. LION-STRONG SECURITY Exit Step Select Actions > Exit from the menu bar in the main window. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -39-
  40. 40. LION-STRONG SECURITY NetControl With application rules, module rules and adjustable options you can monitor the net behaviour of applications and modules. Application Rules Module Rules Options Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -40-
  41. 41. LION-STRONG SECURITY NetControl In this window, you can enable the firewall to recognize trusted applications, activate alerts for all applications and enable module rules. Furthermore, you can decide which action will be taken, when applications without network access rules attempt to create a network connection. Attention please! Enable Module Rules When this option is NOT selected, the firewall will discard existing module rules Default Actions For Programs Not Listed In Application Rules - Five modes: Locked: The action used to determine network access privileges for unlisted programs when Windows is locked. The default action is "Deny". Screen Saver: Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -41-
  42. 42. LION-STRONG SECURITY The action used to determine network access privileges for unlisted programs when Windows is in Screen Saver Mode. The default action is "Deny". Shopping Mode: The action used to determine network access privileges for unlisted programs when the firewall is in Shopping Mode. The default action is "Deny". Logged Out: The action used to determine network access privileges for unlisted programs when no users are logged in. The default action is "Allow". Silent Mode: The action used to determine network access privileges for unlisted programs when the firewall is in Silent Mode. The default action is "Deny". Three default actions Deny: Request for network access by applications not listed in Application Rules will be denied without prompting the user. Allow: Request for network access by applications not listed in Application Rules will be granted automatically without prompting the user. Ask Me: Prompts the user to select what action to perform. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -42-
  43. 43. LION-STRONG SECURITY Application Rules Applications will follow these rules when accessing the network On the tab displayed above you find the following items: Programm name, status and program path You can perform the following actions 1.Add Click the [Add]button or [Add] from the right click menu. A window will open, in which you can select programs you want to add to the list. 2.Modify Click this button or [Modify] from the right click menu. The [Advanced Rule Setup]will open up and you can adjust rule settings according to your needs. When finished, click [OK] to save any changes or [Cancel] to stop editing and close the menu. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -43-
  44. 44. LION-STRONG SECURITY Experienced users find more settings when clicking [Advanced] 3.Delete Click this button or [Delete] from the right click menu. You can also delete selected rules by pressing [Delete] on your keyboard. Directly select several rules by pressing [Ctrl] and [Shift] on your keyboard simultaneously. 4.Import / Export With this function you can conveniently import or backup rules. 5.Delete Invalid Rules "Delete Invalid Rules" from the right click menu. With this function you can delete obsolete rules. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -44-
  45. 45. LION-STRONG SECURITY Module Rules Modules will follow these rules when accessing the network. On the tab displayed above you find the following items: Module name, status and program path You can perform the following actions 1.Add Click the "Add"button or "Add" from the right click menu. A window will open, in which you can select programs you want to add to the list. 2.Modify Click this button or Modify from the right click menu. The Edit Module Rule window will open up and you can adjust rule settings according to your needs. When finished, click "OK" to save any changes or "Cancel" to stop editing and close the menu. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -45-
  46. 46. LION-STRONG SECURITY Experienced users find more settings when clicking "Advanced" 3.Delete Click this button or "Delete" from the right click menu. You can also delete selected rules by pressing "Delete" on your keyboard. Directly select several rules by pressing "Ctrl" and "Shift" on your keyboard simultaneously. 4.Import / Export With this function you can conveniently import or backup rules. 5.Delete Invalid Rules "Delete Invalid Rules" from the right click menu. With this function you can delete obsolete rules. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -46-
  47. 47. LION-STRONG SECURITY Firewall Settings Standard Settings Advanced Settings Rising Cloud Security Rising Password Rules URL Filter ARP Spoofing Defense Intrusion Detection Outbound Flood Attack Sensor Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -47-
  48. 48. LION-STRONG SECURITY Standard Settings The Standard Settings contain settings pertaining to firewall start options, log record options, etc. System Protection Automatic Start: The firewall will start automatically when Windows boots up. This is the default setting. Manual Start: The firewall will not start unless manually started by the user. Create Logs Choose what type of events will be recorded in the logs, such as Rule Edit events,Protection events etc. Blocked Net Access Attempts Rising Personal Firewall blocked attempts by applications to create a network connection. When done configuring the standard settings, click the Apply button to apply the new settings. Click the OK button to save the new settings. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -48-
  49. 49. LION-STRONG SECURITY Advanced Settings Two ways to access the Advanced Settings Method 1 Open main window of Rising Personal Firewall Click Settings > Detailed Settings Click Options> Advanced Method 2 Right click the firewall icon in the system tray. Select "Detailed Settings" Click Options> Advanced In this window you can configure the Rule order, system protection before login,security news and system messages via status baloon or sound alert: Others Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -49-
  50. 50. LION-STRONG SECURITY Enable RFW Before Login Enabling this option allows the firewall to start and protect the computer at system boot up, even if a user does not login. This option is enabled by default. Show Status This option controls whether a pop-up balloon is used to display the status of the firewall. It is checked by default. Show Security News Product and security news will be downloaded and displayed in the "News" tab of your personal firewall. This option is enabled by default. Sound Alert This determines whether the computer will play a sound alert when the firewall detects any attack. Click "Browse" to select a sound file (*.wav) for the alert. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -50-
  51. 51. LION-STRONG SECURITY Rising Cloud Security We invite you to join Rising Cloud Security. Together, our users form a rapid response network which quickly catches Trojans and other malware. How to join Open the main window of Rising Personal Firewall Click Settings> Detailed Settings>Options> Rising Cloud Security Select "Join Rising Cloud Security" Please enter your email address so Rising can contact you. Please also select the following options: Automatically send possible malware Possible malware will be automatically send to the Rising viruslab. Automatically report potentially dangerous sites Potentially dangerous sites will be automatically reported to the Rising viruslab. After the installation you can directly join Rising Cloud Security.And also run a system security test, which will increase the speed of future scans. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -51-
  52. 52. LION-STRONG SECURITY Rising Password Protect your firewall by enabling the Rising Password. Steps Open the main interface of Rising Personal Firewall. Click Settings>Advanced Settings>Options> Rising Password Select "Enable Rising Password" Choose what you want to protect with the Rising Password: "Select All" for complete protection or manually select on or all of the following options: "Disable firewall","Switch Mode","Add/remove components, restore","Firewall rule settings" Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -52-
  53. 53. LION-STRONG SECURITY Rules These are the settings for IP filtering rules, including: "Blacklist" Specified IP addresses in this list are denied communication with your computer. "Whitelist" Specified IP addresses in this list are permitted to communicate with your computer; fully trusted computers can be added here. "Ports" Allow or deny communication using specific ports. This can be configured for both incoming and outgoing data. "Trusted Zones" Computers in the trusted zone are allowed to communicate with this computer. "IP" Contains settings for the IP layer filter rules. The filter rules configure what packet types are allowed or refused. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -53-
  54. 54. LION-STRONG SECURITY Blacklist Specified IP addresses on this list are denied all connections with the computer. You can add IP addresses that have been the source of previous attacks. Content The list displays Rule Name, IP Address, Created By and Duration. Rules that are checked will be enabled. Operation: 1. Add You can click the "Add" button, or right-click the list and select "Add" from the popup menu. This opens the "Add Blacklist Rule" window. You can input a rule name, and then select what type of IP address you wish to block. "Specific" will only block one particular IP address while "Address Range" will block addresses which fall into the range you specify. Below you can enter the IP address or range of IP addresses. Afterwards, click "OK" to save the rule, or press "Cancel" to quit without saving. 2. Edit Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -54-
  55. 55. LION-STRONG SECURITY Select the rule you wish to edit, then right-click select Edit from the popup menu. This will open the "Edit Blacklist Rule" window. Edit the rule settings, and then click "Save" to apply the changes, or "Cancel" to quit without saving. You can also double-click a rule to open the "Edit Blacklist Rule" window. 3. Delete Select the rule you wish to delete and click on the Delete button. You can also right-click the rule and select Delete from the popup window. A message prompt will appear and ask for confirmation. Click "Yes" to confirm deletion or click "No" to quit. Alternatively, after selecting a rule from the list, you can press the "Delete" key to delete the selected rule. 4. Import Click the "Import" button and select the rule file (*.fwr) you wish to import. Afterwards, press the "Open" button to begin importing. If there are rules in the Blacklist Rules list, you will be asked if you want to delete the existing rules. Choosing "Yes" will delete all the rules in the Blacklist rules list and add the imported rules to the list. Choosing "No" will only add the imported rules to the list. "Cancel" will quit the import operation. 5. Export Please select the file(s) you wish to export. Click the "Export" button and choose the folder you want to save the rule file to. Enter a name for the rule file. Finally, click the "Save" button to finish saving the file. If the file already exists, you will be asked whether you want to overwrite or not. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -55-
  56. 56. LION-STRONG SECURITY Whitelist Specified IP addresses on this list are always permitted network access with the computer. For example, a VPN server can be added onto this list. Operation This list displays the rule name and the IP address. Rules that are checked will be enabled. Usage: Add You can click the "Add" button, or right-click the list and select "Add" from the popup menu. This opens the "Add Whitelist Rule" window. You can input an URL and decide if this rule should apply to everyone or only to the administrator." Edit Select the rule you wish to edit, then right-click select "Edit" from the popup menu. This will open the "Edit Website Whitelist Rule" window. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -56-
  57. 57. LION-STRONG SECURITY Edit the rule settings, and then click "Save" to apply the changes, or "Cancel" to quit without saving. You can also double-click a rule to open the "Edit Whitelist Rule" window. Delete Select the rule you wish to delete and click on the Delete button. You can also right-click the rule and select Delete from the popup window. A message prompt will appear and ask for confirmation. Click "Yes" to confirm deletion or click "No" to quit. Alternatively, after selecting a rule from the list, you can press the "Delete" key to delete the selected rule. Using the "Ctrl" and "Shift" keys, multiple rules can be selected at once. Holding down the "Ctrl" key while clicking on rules will add to the selected rules. To use the "Shift" key to add rules, you will first need to click on a rule. Afterwards, hold down the "Shift" key and click on another rule. This will select all the rules in between, including the two that you clicked. Import Click the "Import" button and select the rule file (*.fwr) you wish to import. Afterwards, press the "Open" button to begin importing. If there are rules in the Whitelist Rules list, you will be asked if you want to delete the existing rules. Choosing "Yes" will delete all the rules in the Whitelist Rules list and add the imported rules to the list. Choosing "No" will only add the imported rules to the list. "Cancel" will quit the import operation. Export Please select the file(s) you wish to export. Click the "Export" button and choose the folder you want to save the rule file to. Enter a name for the rule file. Finally, click the "Save" button to finish saving the file. If the file already exists, you will be asked whether you want to overwrite or not. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -57-
  58. 58. LION-STRONG SECURITY Port Rules The port rules settings can be used allow or deny communications through specific ports. Content The list displays the port number, permission status, the TCP/IP protocol this rule pertains to, and the type of computer this rule applies to. Rules that are checked will be enabled. Operations Add You can click the "Add" button, or right-click the list and select "Add" from the popup menu. This opens the "Add Port Rule" window. Input the port number(s) and then select the TCP/IP protocol, the type of computer, and the permission setting. Click "OK" to save this rule, or press "Cancel" to exit. Multiple ports can be added by separating them with commas, e.g. 22, 88, 1024. You may also select a range of port numbers by using a dash ("-"). The value 3000-4000 means all port numbers between 3000-4000, inclusive. Edit Select the rule you wish to edit, then right-click select "Edit" from the popup menu. This will open the "Edit Port Rule" window. Edit the rule settings, and then click "Save" to apply the changes, or "Cancel" to quit without saving. You can also double-click a rule to open the "Edit Port Rule" window. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -58-
  59. 59. LION-STRONG SECURITY Delete Select the rule you wish to delete and click on the Delete button. You can also right-click the rule and select Delete from the popup window. A message prompt will appear and ask for confirmation. Click "Yes" to confirm deletion or click "No" to quit. Alternatively, after selecting a rule from the list, you can press the "Delete" key to delete the selected rule. Using the "Ctrl" and "Shift" keys, multiple rules can be selected at once. Holding down the "Ctrl" key while clicking on rules will add to the selected rules. To use the "Shift" key to add rules, you will first need to click on a rule. Afterwards, hold down the "Shift" key and click on another rule. This will select all the rules in between. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -59-
  60. 60. LION-STRONG SECURITY Trusted Zone Configuring the Trusted Zone settings allows the user to differentiate LAN connections from other network connections. You can set an IP address range in Trusted Zones. Alternatively, you may also specify an individual LAN computer. By default, remote computers will not be added into this zone. If your computer is directly connected to Internet (e.g. dial-up), it is suggested you do not add your IP address range to the trusted zone. The list displays the rule name, Local IP, and Remote IP in the current trusted zone. "Local IP" refers to the IP address used by your computer, and "Remote IP" is the IP address of the remote computers that you trust. Operation: Add You can click the "Add" button, or right-click the list and select "Add" from the popup menu. This opens the "Trusted Zone Rule" window Input the rule name and the local and remote IP. Click "OK" to save this rule, or press "Cancel" to exit. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -60-
  61. 61. LION-STRONG SECURITY When "Local IP type" is set to "Specific address", you can click "Browse" to select a local IP. Edit Select the rule you wish to edit, then right-click select "Edit" from the popup menu. This will open the Trusted Zone Rule window. Edit the rule settings, and then click "Save" to apply the changes, or "Cancel" to quit without saving. You can also double-click a rule to open the Trusted Zone Rule window. Delete Select the rule you wish to delete and click on the "Delete" button. You can also right-click the rule and select "Delete" from the popup window. A message prompt will appear and ask for confirmation. Click "Yes" to confirm deletion or click "No" to quit. Alternatively, after selecting a rule from the list, you can press the "Delete" key to delete the selected rule. Using the "Ctrl" and "Shift" keys, multiple rules can be selected at once. Holding down the "Ctrl" key while clicking on rules will add to the selected rules. To use the "Shift" key to add rules, you will first need to click on a rule. Afterwards, hold down the "Shift" key and click on another rule. This will select all the rules in between, including the two that you clicked. Permissions for a selected Trusted Zone: Below the "Trusted Zones" list, you can enable or disable the options "Allow inbound/outbound ping", "Allow inbound connection from remote high-risk ports in local LAN", and "Allow outbound connection from local high-risk ports in local LAN". Enabling these options will allow access to ports known to be used by Trojans. Any change to the settings will be applied automatically. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -61-
  62. 62. LION-STRONG SECURITY IP Rules The section contains the filter rules for the IP layer. Operation: Please note that adding too many rules will lower overall system performance. If configuring the firewall for a specific application, you may add a rule in Application Rules. The firewall will then automatically open the required port when needed. There is no need to add prevention rules either, since such rules are built into the firewall and will be updated automatically. Display The list displays the status of an IP filter rule, the name of the rule, the permission status, the protocol used, incoming data ports, outgoing data ports, and alert notification status. The IP filter rules are sorted based on the order in which the IP packets are filtered. Rules that are checked will be enabled. Add You can click the Add button, or right-click the list and select Add from the popup menu. This opens the "IP Rule Setup" window. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -62-
  63. 63. LION-STRONG SECURITY Enter a name for the rule, select the default action used when a data packet matches this rule and what to do with the packet that triggered the rule. Select the local computer address and the remote computer address. Click "Next" to continue. If the local IP is set to Specific address, you can click the Local IP link to select a local IP. You may also input the local IP manually. In the next window, select the protocol, remote port and local port. You can enable "Check characteristics" and "Specified TCP Flags". Click "Next" to continue. Finally, you can configure what alerts you want to receive when a match is found: Animate system tray icon: The Firewall tray icon will start flashing when an IP packet is found that matches the rule. Show popup window: A window will appear notifying the user that an IP packet was found that matches the rule. It will also contain detailed information about the packet. At the bottom of the window, the user can configure what alerts to use in the future. Show balloon: A popup balloon will appear and notify the user that an IP packet was found that matches the rule. The notice will automatically disappear after a set number of seconds. Sound alert: The firewall will play a sound alert when a matching IP packet is found. Record in log: The firewall will record the event into the log when a matching IP packet is found. Edit Select the rule you wish to edit, then right-click select "Edit" from the popup menu. This will open the "Edit IP Rule" window. The edit components are the same as the ones found in the "Add IP Rule" window. After the settings have been changed, click "Save" to apply the changes, or "Close" to quit without saving. You can also double-click a rule to open the "Edit IP Rule" window. Delete Select the rule you wish to delete and click on the "Delete" button. You can also right-click the rule and select "Delete" from the popup window. A message prompt will appear and ask for confirmation. Click "Yes" to confirm deletion or click "No" to quit. Alternatively, after selecting a rule from the list, you can press the "Delete" key to delete the selected rule. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -63-
  64. 64. LION-STRONG SECURITY Using the "Ctrl" and "Shift" keys, multiple rules can be selected at once. Holding down the "Ctrl" key while clicking on rules will add to the selected rules. To use the "Shift" key to add rules, you will first need to click on a rule. Afterwards, hold down the "Shift" key and click on another rule. This will select all the rules in between, including the two that you clicked. Import Click the "Import" button and select the rule file (*.fwr) you wish to import. Afterwards, press the "Open" button to begin importing. If there are rules in the IP Rules list, you will be asked if you want to delete the existing rules. Choosing "Yes" will delete all the rules in the IP rules list and add the imported rules to the list. Choosing "No" will only add the imported rules to the list. "Cancel" will quit the import operation. Export Please select the file(s) you wish to export. Click the "Export" button and choose the folder you want to save the rule file to. Enter a name for the rule file. Finally, click the "Save" button to finish saving the file. If the file already exists, you will be asked whether you want to overwrite or not. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -64-
  65. 65. LION-STRONG SECURITY URL Filter The URL Filter protects against phising and other malicious websites. To filter websites automatically, please make sure that "Block phishing and other malicious websites" and "Enable Web Black and Whitelist" are selected. You can add known safe sites to the Web Whitelist. With "HTTP Monitor" you can monitor the traffic from a specific port/proxy server. Program Monitor You can exclude known safe programs from firewall monitoring. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -65-
  66. 66. LION-STRONG SECURITY Web Blacklist URLs on the Web Blacklist cannot be visited as long as the firewall protection is enabled. Configuration Open the main window of Rising Personal Firewall Click Settings > Detailed Settings > URL Filter > Web Blacklist Usage Add Click on this button to add further potentially malicious sites to the blacklist. Edit Modify any rule in the list. Delete Remove rules from the list. Import Import proven rule settings from another computer or your backup. Export Save your rules as .fwr file for later usage. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -66-
  67. 67. LION-STRONG SECURITY Web Whitelist URLs on the Web Whitelist will NOT be restricted as long as the firewall protection is enabled. Configuration Open the main window of Rising Personal Firewall Click Settings > Detailed Settings > URL Filter > Web Whitelist Usage Add Click on this button to add further known safe you frequently visit to the whitelist. Edit Edit any rule in the list. Delete Remove rules from the list. Import Import proven rule settings from another computer or your backup. Export Save your rules as .fwr file for later usage. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -67-
  68. 68. LION-STRONG SECURITY ARP Spoofing Defense ARP spoofing is occurs when a computer sends false ARP packets are to a local area network in order to trick other computers and/or the LAN gateway to trust it. This is done either to prevent data from being sent or received from a certain computer, or to spy on the data that is being sent or received to that computer. Rising Personal Firewall 2009 has improved its ARP spoofing defense in particular to this kind of attack. The settings in ARP Spoofing decide which ARP packets are accepted or rejected (see below). "Enable ARP Spoofing Defense": "Check ARP cache every": to check ARP cache list in the firewall and system on a regular basis for comparison. The default is one minute but youd can reset the interval; "Enable Static ARP Rules": when it is checked, static ARP rule set by the user can be valid; "Block IP conflict attacks": after it is checked and when the firewall detects any IP address conflict from LAN computer, the attack will be blocked and attack information will be recorded in the log; Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -68-
  69. 69. LION-STRONG SECURITY "When ARP spoofing packets are blocked": You can choose "Popup balloon", "Animated system tray icon" and "Sound alert". ARP spoofing events will be recorded when "Record in log" is checked. "Defense Range": include all computer in LAN: When this is checked, ARP spoofing defense will protect all LAN computers. include specified computer addresses and fixed addresses: When this is checked ARP spoofing defense will protect designated LAN computers. Click "Add Gateway" to add the gateway address to the list of protection. You can click "Add" to add IP address or "Delete" to remove IP address. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -69-
  70. 70. LION-STRONG SECURITY Static ARP rules Static ARP rules are used to determine whether an IP or MAC address is real (see figure). If another computer tries to spoof an IP or MAC address, the connection will be blocked and the user alerted. You can add static ARP rules to protect your computer's ARP table. Steps: Click on the "Add" button to go to the Static ARP Rules page. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -70-
  71. 71. LION-STRONG SECURITY Please input the rule name, IP address and MAC address. Click "OK" to finish the input. Please note: Enable Spoofing Defense must be checked for Static ARP Rules to work. When the contents of an ARP packet are in conflict with an existing ARP rule, the firewall will alert the user. In the alert window, the user can click on the Details button to view more information. The details window will show the user the IP and MAC address of the blocked computer and the one stored in the static ARP rule. If the new computer is trusted, the user can have the firewall update the static ARP rule automatically. You can also click on each static ARP rule to edit it manually. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -71-
  72. 72. LION-STRONG SECURITY Intrusion Detection Rising Personal Firewall offers additional protection against a wide variety of cyber attacks against software vulnerabilities. Usage Select "Enable intrusion detection feature" The detection rules are selected by default. Click "Apply" and "OK" to save your changes. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -72-
  73. 73. LION-STRONG SECURITY Outbound Flood Attack Sensor On this page, you can enable outbound flood attack sensor for SYN, ICMP and UDP Floods. Click "Apply" to apply your configuration and "OK" to save your changes. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -73-
  74. 74. LION-STRONG SECURITY FAQ and Port List Frequently Asked Questions Port List Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -74-
  75. 75. LION-STRONG SECURITY FAQ Q: My ADSL fails to dial up. How to can I set it correctly? A: Your ADSL service provider may be using DHCP to assign IP addresses. Please make sure "Allow Dynamic IP" is enabled in IP Layer Rules. Q: How do I modify the contents of a rule? A: Double-click the rule to be modified in the relevant rule window. Q: When does the rule modification take effect? A: Rule will take effect right away without needing to restart. Q: How to I delete rules in batches? A: Use Shift + mouse click or Ctrl + mouse click to select the rules to be deleted. Then click the "Delete" button. Q: Why are there not many IP rules? A: When applications need to open an IP port, the system will automatically open it on the IP layer. Therefore, it is unnecessary to add IP rules for specific applications. Protection rules are configured by the system itself with automatic update, so IP rules can be automatically updated without the need for user intervention. Q: How do I open specified rules in the default IP rules? A: Just click the specified rule on the first column in the IP Rules list. Changes will take effect once the rule is enabled. Q: How do I share resources? A: Using the high security level, you can modify the local IP address as your PC's address, and modify the remote IP address as your LAN's IP scope. You can also add IP rules to allow the remote party to access ports 137-139 and 445 (if the other party is access shared resources). Using the medium security level, resource sharing is automatic. Q: How do I share a network connection? A: It is recommended to open ADSL routing mode and installing dial-up software on a host when setting up the gateway as the modem's IP for other PCs. You can open the proxy rule in IP Rule settings on the gateway computer connected with network, and modify the previous item. Then you can use the proxy network software to share a network connection. You can also install all patches and switch to normal security level. Q: How to adjust the order priority in the IP Rule list? A: You can move it by pressing CTRL + up or CTRL + down. Q: How do I recover the IP Rule list? A: First make sure to backup the IP rules you have added by exporting them to a file. Then import UserRule.rs in the installation directory, while clearing all existing rules. This will import originally installed rules. This file may be changed after each update, but will not take effect automatically. Q: How to I modify the IP alert method? A: If an alert menu is shown when an alert is displayed, the user can view the contents of the matching IP data packet, and modify the alert method. You can also open the IP Rule list to find the related rule, double-click to edit it, and modify the alert method. Q: Why is it that some IP alert methods cannot be modified? A: The Alert method for the attack rule is locked, and doesn't allow for modification. The user will not be prompted only while the firewall is in Silent Mode. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -75-
  76. 76. LION-STRONG SECURITY Q: How do I maximize system protection? A: Please set the security level to high and disable all IP rules that you do not use. If your computer needs to function as a gateway, please modify the IP address range to be the same as the resource-sharing address range. If the IP address you use is 192.168.80.255, then modify the remote IP address from 192.168.80.0 to 192.168.80.255. Q: Why can RsRule.fwr, DefRH.fwr, DefRM.fwr, DefRL.fwr not be imported to IP rule? A: These rules are already build-in and do not need to be imported. They are also updated automatically, so you do not need to worry about these rules. Q: Why are there programs with an application size of 0 and an unknown version and company? A: Do not worry, if the program size is "0", you may delete it. Q: When switching modes, why is the connected program still allowed access in the new mode? A: This is designed for the system to maintain the continuity of the network and prevent problems. Therefore, before you start shopping online, please check your active connections and exit all unnecessary programs. Q: What's the difference between Standard Mode, Shopping Mode and Silent Mode? A: These are the three modes that the user can manual switch in the firewall. Using Standard Mode, the user will be prompted when a program trying to access the network is not listed in Application Rules. The other modes will deny access by default. Using Silent Mode, the user will not receive an alert, while the other two modes will alert the user. Q: When the application program accesses the network, the prompt window closes within 60 seconds. How can I stop it from closing? A: Double-click the area of the prompt window which displays the risk level to keep it from closing. Q: When an application program tries to access the network, I select "Deny". This causes an error. How to I change the default action? A: Open Application Rules and select the application that needs to be modified. Double-click to open detailed settings and select the action you want the firewall to do when in the different modes. Click the Save button to save and exit. Q: Why can't the application program access the network before firewall installation? A: If the firewall is launched after an application program has already started running, the application's network activities will not be identified by the Rising firewall. You will need to close the program and restart it, or reboot the computer. Q: Why does the firewall tray icon show an IP address and rule name, but not the version of the firewall like it usually does? A: When the system detects a match between a data packet and an IP rule, the remote IP address and the name of matched rule will be displayed. Q: There is an unknown application program that I see in network activity. How do I get rid of it? A: Under SysInfo> Processes you can find the connection information of the unknown program, right-click the program and select "End this process". However, try not to terminate any system processes. Otherwise a prompt will be displayed that the computer will restart in 60 seconds. Q: How do I clear all of the logs? A: If you click "Backup" to save the logs, then the current logs will all be cleared. Q: How to view the most recent logs? A: Click "Refresh" to view the most recent logs, which are sorted by type and time. The newest log is on the top. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -76-
  77. 77. LION-STRONG SECURITY Q: How do I view previous logs? A: Click the "Log History" button and select the log file to be viewed. The file is named as RfwLog.year/month/day/hour/minute/second.dat. Q: The firewall prompts me about an attack. How to do I find more detailed information in the log? A: Open "Log History" and then "IP" to find detailed information on any attacks detected by the firewall. Q: How come my logs are getting so big that I start running out of hard disk space? A: If you are running out of hard disk space, you can modify rules to never record log information. When a rule is added, the default setting is to record into the log. If it is not needed, you can uncheck the log option. Q: When IP data packet information is displayed, the prompt window closes within 30 seconds. How can I stop it from closing? A: Double-click the prompt window to prevent it from closing. Q: I do not have enough time to clearly see the contents of an IP data packet since it is changing so rapidly. A: When you receive many data packets matching the IP rules, the firewall will notify you of the latest packet, which is the most current event. You can go to the Log Viewer to see information on previous packets. Q: During startup, the firewall prompts me that there is a failure with service communication. What can I do? A: You can try to manually open it again. Otherwise you will have to re-install it if it continues to fail. If the service fails even after re-installing, please contact Rising Customer Service. Q: When the firewall starts up, why does it prompt for missing files? A: You will need to re-install the firewall because some necessary files are missing. Q: Why can't some PC in the LAN connect to my PC? A: If any PC in the LAN is virus infected and sends data packets with viruses to your PC, Rising firewall will identify it and deny access. You can find this PC's IP address in the log. Q: If the security level is set to high, how do I use a community broadband that requires dial-up authentication? A: Please add the IP address of the authentication server in the dial-up software, since the server name is invalid in such a case. You can also switch the firewall to the medium security level, but that will open shared access. It is suggested you only allow the authenticated server to share resources with you and deny sharing with other machines. Q: I'm a broadband user. Why is there an error prompt after the firewall starts up? A: Please enable dynamic IP in the IP Rules list, because the dial-up software uses DHCP. Q: Why can't I connect to a VPN server? A: Please enable VPN in the IP Rules list, since port 500 is needed to negotiate the key. If Microsoft's pptp or l2tp is used, please open port 1701 and 1723 for the TCP protocol. Q: I'm a Windows XP SP2 user. How can I disable the Windows firewall? A: You need to be a system administrator and run the command "net stop sharedAccess". If network sharing is needed, please do not disable this service. Q: Why can't I connect to a LAN printer? A: Please set the firewall in the computer connecting with the printer to the medium security Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -77-
  78. 78. LION-STRONG SECURITY level. You can also add the printer or the IP address of the computer connected to the printer into the trusted zone. Q: After updating, the update program prompts for reboot. Why can't the firewall be opened without a reboot? A: Updates can bring important changes, so a reboot is sometimes needed to ensure that the firewall will run smoothly. Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -78-
  79. 79. LION-STRONG SECURITY Port List TCP Ports 7 = echo 9 = discard 11 = systat 13 = Daytime 15 = NETSTAT PORT 17 = qotd 18 = Message Send Protocol 19 = chargen 20 = ftp-data 21 = File Transfer 22 = SSH PORT 23 = Telnet 25 = SMTP 31 = Masters Paradise Trojan 37 = time 39 = rlp 41 = DeepThroat Trojan 42 = WINS Host Name Server 43 = nicname WhoIs 58 = DMSetup Trojan 59 = DCC 63 = WHOIS PORT 69 = Trivial File Transfer 70 = Gopher 79 = Finger 80 = WEB 88 = kerberos 101 = hostname 102 = iso 107 = rtelnet 109 = pop2 110 = pop3 111 = sunrpc 113 = IDENT 117 = uucp 119 = nntp 121 = JammerKillah Trojan 135 = loc-srv 138 = HideStole 139 = NETBIOS Session 143 = IMAP4 146 = FC-Infector Trojan 158 = pcmail 170 = print 179 = BGP 194 = IRC PORT 213 = TCP OVER IPX 220 = IMAP3 389 = LDAP 406 = IMSP PORT 411 = DC++ 421 = TCP Wrappers 443 = HTTP over TLS/SSL 445 = Windows NT / 2000 SMB 456 = Hackers Paradise Trojan Lion-Strong Security Beijing Rising Information Technology Co.,Ltd. © 2008-2009 All Rights Reserved -79-

×