3Com 3CR990 Quick Start Manual - Page 13

Browse online or download pdf Quick Start Manual for Network Card 3Com 3CR990. 3Com 3CR990 18 pages. Software for the 3cr990 network interface card (nic) family embedded firewall

Print Page
3Com 3CR990 Quick Start Manual

Importing the "Windows 2000 Standard" Rule Set

Before you create the sample policy, you need to import the Windows 2000
Standard rule set, which will be added to the sample policy in the next section.
To import the Windows 2000 Standard rule set, follow the steps below.
1 From the Main menu, select Import Policy/Rule set. The Import Policy/Rule
Set window appears.
2 Select Rule Set and click Next.
3 Click Browse and navigate to Program Files -> 3Com Corporation -> 3Com
EFW -> predefined-policies-rulesets.xml. Click Next. A list of the rule sets
contained in the file is displayed.
4 Select the Windows 2000 Standard pre-defined rule set and click Next.
A summary window appears, showing the rule set you selected.
5 Click Import. A message appears indicating whether the import was
successful.
6 Click Finish.
After you have imported the Windows 2000 Standard rule set, you can create
a sample policy by following the steps in the section below.

Creating a Policy

In this section you will create a sample policy (called the "No IP Initiation"
policy) that can be used on a system where the security goal is to minimize
the threat to your network if the machine is taken over by a hostile external
or internal agent. To achieve this goal, you will create a policy that:
Allows the system to boot up as a member of a Windows domain
I
(achieved by implementing the Windows 2000 Standard rule set in
step 6 on the next page).
Does not allow the system to initiate any TCP communication beyond
I
that allowed to boot up and connect to the network domain, etc. This
disallowance prevents a hostile agent from using this machine as a
launching point for an attack on the network (achieved by the rule
created in step 7 on the next page).
This type of policy would normally be used for a server machine. It is not
appropriate for an end-user workstation because it would not allow the user
to initiate any network traffic.
Changing the Policy for an EFW NIC
9