Novell Documentation: Novell BorderManager 3.8

Application Level Filtering

One of the most important NCF features is application-level filtering. This lets you decide which applications should have access and which should not.

The dialog box used to control applications can be accessed by right-clicking the system tray icon and then clicking Options > Application. You can also access it from the main window using the Options > Application menu path.

Figure 10
Options (Application Tab)

NCF divides applications into three categories:

Blocked ---All activities of this group are blocked. We recommend that you add to this group all applications that do not need Internet access, such as text editors, calculators, etc.
Partially Allowed ---NCF allows access to the Internet for these applications based on the rules that were created by you manually or from presets. Only specified application activity is allowed. We recommend that you put most of your applications in this group.
Trusted ---All activities for these applications are allowed. We do not recommend that you include an application in this group unless you trust it absolutely.

There is no need to add your applications to these groups manually. Rules Wizard automatically does this for you.

You can change an application's status at any time. Applications can simply be dragged-and-dropped from one category to another.

You can also directly add an application by either of the following methods:

Drag the application's icon from Windows Explorer or your desktop into the Options > Application dialog box.
Click Add, browse to the location of the application's .exe file, then click Open.

If the same application is already listed in another category, it will be deleted from that other category.

To change any of the detailed settings for the selected application, click Edit.

Whenever an application is dragged to the Partially Allowed applications category of the Options > Application tab, or is in any other way added to this category, the Rules dialog box is displayed.

Figure 11
Rules Dialog Box

Using this dialog box, you have full control of any of the different protocol settings by selecting it and then clicking Modify. For details, see Creating Rules for Applications.

A simpler approach is to use the Preset button to select the general type of application that best applies. The settings for these presets are optimized for most purposes. We recommend that even advanced users use these presets and then modify their settings later as needed.

It is possible to create several different rules for the same application. However, NCF uses the first instance of a rule having criteria that matches the application's activity and ignores all subsequent ones. The rules in the firewall rules list are processed in the order in which they are listed. When a rule matches, searching of the rules list stops. In other words, any other rules that match this type of communication are ignored if they are further down the list than the first rule that matches. You can use the Move Up and Move Down buttons to change the sequence of rules and determine which NCF will use. If no rule is found, NCF displays the Rules Wizard dialog box or simply blocks the connection, depending on whether you are running NCF in Rules Wizard or Block Most mode. An empty check box in the list of rules means that rule will not be applied.

Clicking the Preset button displays a drop-down list similar to the following:

For more information about rule creation, see Creating Rules for Applications.

NCF not only monitors applications but also monitors the components of each application. So, when a component of an application has changed and the application is about to establish a connection, NCF will ask you to allow or permit this. The purpose of the Component Control is to make sure those components are not fake and malicious. Some Trojan horses can be injected as a module of a legitimate application (for example, your browser) and thereby gain the privileges needed to go online. NCF allows you to view the components it monitors for each application by clicking the Components button in the Applications dialog box, which displays the following window:

Figure 13
Components Window

You can view the details of any component by selecting it. You can remove a component from the list by selecting it and then clicking Remove.

You can also select one of the Component Control levels by clicking the drop-down menu at the top of the window:

Normal ---Monitors all new and updated components and remembers the legitimate ones.
Maximum ---Monitors all components.
Off---Switches off the Component Control.