Automatically Define Network Protection

Goal: I want to secure a network by observing existing network activity and create protection Rules based on gathered information

Please see Control the Access to a Local Area Network for a basic LANProtector usage tutorial
Step 1: Create a Passive Ruleset
Step 2: Scan the Network
Step 3: Automatically Define Rules

Step 1: Create a Passive Ruleset

                Note: Before continuing, this tutorial assumes that there is already an existing or new Security Project open in the LANProtector Manager and that the Manager is connected to a LANProtector Server:

Add a new Ruleset by clicking the Add button below the Rulesets list on the LANProtector Manager main window:

Type in any name and just click OK button to create an Allow All Ruleset for passive scanning purposes only:

Click on the Add button below the Associated Network Adapters list (this will only work if there is LANProtector Server already connected):

Add one or more network adapters connected to networks which need to be observed for network activity to define protection Rules:

Once the Network Adapters have been added to the Ruleset, upload the Ruleset to the connected LANProtector Server by using Server | Apply Current Project main menu command (keyboard F7):

Activate the LANProtector Server by using Server | Activate or keyboard F8:

                Final result should confirm that the Server has been activated in the LANProtector Manager Status bar:

 

Step 2: Scan the Network

                Once the LANProtector Server is up and running, currently in Allow All mode, network is passively being scanned and information gathered about active network computers and devices. To view passive Network Activity, use Tools | View Network Activity main menu command or keyboard F11:

Select the active scan-only Ruleset from the list of Server-side Rulesets and click OK button:

To automatically update Network Activity information, click the Auto-Refresh toolbar button or use keyboard F6:

Once the computers and devices become active on the network, they will appear in the Network Activity Monitor list, which is now automatically refreshed every 3 seconds. As this process of network monitoring is exclusively passive and doesn’t generate any network traffic, it may take some time to discover all of the peers on the network.

 

Step 3: Automatically Define Rules

                Note: LANProtector Manager main window and Network Activity Monitor windows can remain open at the same time and independently accessed.

                First create a new Ruleset in the main LANProtector window by clicking the Add button below the Rulesets list on the LANProtector Manager main window (please see Step 1). Type in Ruleset name and set Default Action to Deny All, and finally click the OK button.

Make sure to select the newly created protection Ruleset in the Rulesets list on the LANProtector Manager main window:

By selecting another Ruleset, the Associated Network Adapters list and Rules list will show the newly selected Ruleset’s associated Network Adapters and Rules. Also any automatically added Rules will be added to the currently selected Ruleset in the Rulesets list on the main window.

                Associate the desired Network Adapters to the new protection Ruleset by using the Add button below the Associated Network Adapters list on the main window:

Move back to Network Activity Monitor window or reopen it if it was closed (please see Step 2 in the second case). Initiate automatic Rule creation by double-clicking an entry in the Network Activity Monitor list or by selecting Create New Rule command from the right-click context menu:

Modify the default offered Rule to set State to Allow All and update Rule name. Finally click the OK button:

The new Rule will be added into the Rules list of the currently selected Ruleset on the LANProtector Manager main window:

Repeat the Rule addition from the Network Activity Monitor to the Rules list as many times as needed and finally re-apply the updated Security Project to the LANProtector Server using Server | Apply main menu command or keyboard F7:

LANProtector Server will then protect the network based on the defiled protection Ruleset, allowing only computers and devices specified in the Rules list and blocking everything else from accessing the network.

                Removing Scan Only Ruleset is optional as it doesn’t perform any action on the network because of its Allow All default action.

 

                Note: automatic creation of Rules based is also possible using the Server Log view, accessible using Server | Server Log main menu command or keyboard F9:

               

                To initiate creation of a Rule based on Server Log gathered information, use the mouse right-click context menu commands Create New Rule: