Specifications
Trend Micro™ OfficeScan™ 10 Administrator’s Guide
7-4
• LAND Attack: A type of attack that sends IP synchronization (SYN) packets with
the same source and destination address to a computer, causing the computer to
send the synchronization acknowledgment (SYN/ACK) response to itself. This can
freeze or slow down the computer.
Firewall Violation Outbreak Monitor
The OfficeScan firewall sends a customized notification message to specified recipients
when firewall violations exceed certain thresholds, which may signal an attack.
Client Firewall Privileges
Grant client users the privilege to view their firewall settings on the OfficeScan client
console. Also grant users the privilege to enable or disable the firewall, the Intrusion
Detection System, and the firewall violation notification message.
Firewall Policies and Profiles
The OfficeScan firewall uses policies and profiles to organize and customize methods
for protecting networked computers.
Tip: Multiple firewall installations on the same computer may produce unexpected results.
Consider uninstalling other software-based firewall applications on OfficeScan clients
before deploying and enabling the OfficeScan firewall.
The following steps are necessary to successfully use the OfficeScan firewall:
1. Create a policy. The policy allows you to select a security level that blocks or allows
traffic on networked computers and enables firewall features.
2. Add exceptions to the policy. Exceptions allow clients to deviate from a policy.
With exceptions, you can specify clients, and allow or block certain types of traffic,
despite the security level setting in the policy. For example, block all traffic for a set
of clients in a policy, but create an exception that allows HTTP traffic so clients can
access a Web server.
3. Create and assign profiles to clients. A firewall profile includes a set of client
attributes and is associated with a policy. When a client matches the attributes
specified in the profile, the associated policy is triggered.