The applications defined by Application Types are identified by the direction of traffic, the protocol being used, and the port number through which the traffic passes. Application Types are a useful way of grouping Intrusion Prevention Rules. They are used to organize Intrusion Prevention Rules with a common purpose into groups. This simplifies the process of selecting a set of Intrusion Prevention Rules to assign to a computer. For example, consider the set of Intrusion Prevention Rules required to protect HTTP traffic to an Oracle Report Server. By grouping Intrusion Prevention Rules into Application Types it is easy to select rules in the "Web Server Common" and "Web Server Oracle Report Server" sets while excluding, for example, the set of rules that are specific to IIS Servers.
Application Type icons:
- Application Types without configuration options
- Application Types that have configuration options
From the main page you can:
- Define a New () Application Type
- Import () Application Types from an XML file (located under the New menu.)
- View or edit the Properties () of an existing Application Type
- Duplicate (and then modify) existing Application Types ()
- Export () one or more Application Types to an XML or CSV file. (Either export them all using the Export button, or choose from the list to export only those that are selected or displayed.)
- Delete an Application Type
- Add/Remove Columns () columns can be added or removed by clicking Add/Remove Columns. The order in which the columns are displayed can be controlled by dragging them into their new position. Listed items can be sorted and searched by the contents of any column.
Clicking New () or Properties () displays the Application Type Properties window.
The name and description of the Application Type. "Minimum Agent
- Direction: The direction of the initiating communication. That is, the direction of the first packet that establishes a connection between two computers. For example, if you wanted to define an Application Type for Web browsers, you would select "Outgoing" because it is the Web browser that sends the first packet to a server to establish a connection (even though you may only want to examine traffic traveling from the server to the browser). The Intrusion Prevention Rules associated with a particular Application Type can be written to examine individual packets traveling in either direction.
- Protocol: The protocol this Application Type applies to.
- Port: The port(s) this Application Type monitors. (Not the port(s) over which traffic is exclusively allowed.)
The Configuration tab displays options that control how Intrusion Prevention Rules associated with this Application Type behave. For example, the "Web Server Common" Application Type has an option to "Monitor responses from Web Server". If this option is deselected, Intrusion Prevention Rules associated with this Application Type will not inspect response traffic over source port 80.
Items in the Options tab control how the Deep Security Manager uses and applies the Application Type. For example, most Application Types have an option to exclude them from Recommendation Scans. This means that if the "Exclude from Recommendations" options is selected, a Recommendation Scan will not recommend this Application Type and its associated Intrusion Prevention Rules for a computer even if the application in question is detected.
The Assigned To tab lists the Intrusion Prevention Rules associated with this Application Type.