I've heard a number of interesting ideas around Basic System Defense usage. Basic System Defense is the feature that allows you to define up to 32 inbound and 32 outbound ports of allowed traffic.
As a teaser to the article series, see the following diagram and brief explanation:
- Target Client Computer - Unbeknownst to the user, the system has an outdated security solution and has been infected by a virus\worm. The user is experiencing delayed performance and unexplained events which prompt a call to the IT Support Helpdesk.
- IT Support Technician - Receives support request to address the user's system troubles. Early diagnosis reveals the system has been infected. The user's system must be isolated from the network, meaning that communications in or out of the client must be restricted and remediated. The support technician will be using a Microsoft remote desktop to interact with the remote client computer, and will need to install files from a network share. (A similar concept would apply for PC Anywhere… yet to demonstrate the capability, I purposely chose this setup. Please keep reading)
- Altiris Notification Server - The technician accesses the Altiris Console to invoke a Network Filter. However, the default network filter limits traffic to a very limited set of functions between the Notification Server and a target Intel® vPro™ technology system. If the standard Network Filter is used, Microsoft remote desktop and file transfer will be restricted. Therefore, a customized network filter is required, which is provided via the Altiris Enterprise Network Filter (ENF) Utility. The customized filter will allow Microsoft remote desktop ONLY between the IT Support Technician PC and the Target Client Computer. (NOTE: The ENF is a free add-on for Altiris v6 environments, and included in Altiris v7 environments.
Interested to read more on this, obtain sample configuration files, and understand how additional usages can be accomplished?
Take a look at the following series - I've included the individual links, but each article also includes the pre\post links within the series:
- Part 1 - http://www.symantec.com/connect/articles/part-1-using-network-filtering-enhance-your-security-control
- Part 2 - http://www.symantec.com/connect/articles/part-2-using-network-filtering-enhance-your-security-control
- Part 3 - http://www.symantec.com/connect/articles/part-3-using-network-filtering-enhance-your-security-control
If you have additional ideas on use System Defense - please share