Special security settings, 2 special security settings – Kerio Tech Firewall6 User Manual
Page 230
Chapter 17
Advanced security features
230
Number of suspicious connections
Big volume of connections established from the client host is a typical feature of P2P
networks (usually one connection for each file). The Number of connections value defines
maximal number of client’s network connections that must be reached to consider the
traffic as suspicious.
The optimum value depends on circumstances (type of user’s work, frequently used net-
work applications, etc.) and it must be tested. If the value is too low, the system can be
unreliable (users who do not use P2P networks might be suspected). If the value is too
high, reliability of the detection is decreased (less P2P networks are detected).
Safe services
Certain “legitimate” services may also show characteristics of traffic in P2P networks (e.g.
big number of concurrent connections). To ensure that traffic is not detected incorrectly
and users of these services are not persecuted by mistake, it is possible to define list of
so called secure services. These services will be excluded from detection of P2P traffic.
The Define services... button opens a dialog where services can be define that will not be
treated as traffic in P2P network. All services defined in Configuration → Definitions →
Services are available (for details, refer to chapter sect-services"/>).
Warning
Default values of parameters of P2P detection were set with respect to long-term testing. As
already mentioned, it is not always possible to say that a particular user really uses P2P net-
works or not which results only in certain level of probability. Change of detection parameters
may affect its results crucially. Therefore, it is recommended to change parameters of P2P
networks detection only in legitimate cases (e.g. if a new port number is detected which is
used only by a P2P network and by no legitimate application or if it is found that a legitimate
service is repeatedly detected as a P2P network).
17.2 Special Security Settings
WinRoute provides several security options which cannot be defined by traffic rules. These
options can be set in the Security settings tab of the Configuration → Advanced Options section.