defence corporate communication
 
home | about us | structure | publications | bulletins | documents | contact us
home
dod bulletin 2004
     
dod bulletin 2004

30 August 2004: No 65/04

PROTECTION AGAINST MALICIOUS CODE IN THE DOD     (PART 2)

It protects computers against external threats, such as hackers, and from internal threats, such as viruses, worms, trojans and other malware.  It secures computers and servers using several features, including:

·        A firewall that inspects incoming and outgoing network traffic, and either blocks it or allows it, based on rules that have been set up by the central administrator.

·        An application monitoring system, which monitors the applications that are run and prevents those specified by the administrator from starting, or from binding themselves to other programs.

·        An intrusion detection system (IDS) that scans traffic destined for the computer and identifies any potential attacks on the system.

·        An activity log that records information about Desktop Firewall actions.  The central administrator use this log to troubleshoot problems, or review past activities.

DOD policy with regard to network traffic, applications and other areas applicable, will be applied when the rules are determined.

The Desktop Firewall continually monitors the network traffic that the computer sends and receives.  It allows or blocks/denies traffic based on the rules set up by the central administrator on the Firewall Policy on the central Policy Orchestrator (ePO) (the end user will never see or use it).  If the software intercepts traffic that it cannot match against an existing rule, it automatically blocks it.

 

Up to now, the Desktop Firewall has been running in Learn Mode as to confirm the authorised, legal and licensed baseline in practise, before policies are deter-mined and cleaned up.  This will imply that illegal and unauthorised code will not be able to execute in future if not registered on the policy baseline set for the protection against malicious code capability.

                        What is ‘Learn Mode’?

If the firewall’s Learn Mode is enabled for either incoming or outgoing traffic, Desktop Firewall records all network traffic in a log to enable the central administrator to create firewall rules based on information gathered during Learn Mode, which will be set after confirming it as DOD policy. After a predetermined period of ‘learn mode’, the Desktop Firewall will be activated and start to function according to the rules as defined by the administrator.

Should the user experience any problems, log a call through the Problem Logging System to the support personnel.

Enquiries: Project Manager: Sally Baker, tel: (012) 482-2180, cell: 082 806 6138. Malicious Code Manager: Julian Ramiah, tel: (012) 482-2992, cell: 083 376 7518.