LANProtector Tutorial 02
Control the Access to a Local Area Network
Goal: I want to ensure that only computers and / or devices I allow can be present in my Local Area Network
Please see Installing and Accessing LANProtector Server on how to deploy LANProtector
Step 1: Create a New Security Project
Step 2: Create a New Ruleset
Step 3: Associate a Network Adapter
Step 4: Define Rules
Step 5: Test Ruleset
Step 6: Upload Project
Step 7: Activate Server
Step 1: Create a New Security Project
To create a new Security Project, use the File | New Project main menu command or keyboard Ctrl + N:
Type in the new Project name and click OK button:
After the Project is created, LANProtector Manager will display three new lists in the main window, Rulesets list, Associated Network Adapters list and Rules list:
To create a new Ruleset, click on the Add button below the Rulesets list:
Type in the new Ruleset Name, click on the Deny All Default Action and click OK button:
The new Ruleset will show up in the Rulesets list on the LANProtector Manager main window. It will show that it is active and that the default action is Deny All meaning it will deny access to the network to any computer or device which does not explicitly have access granted by a Rule in the Rules list.
Step 3: Associate a Network Adapter
Note: during the previous steps it wasn’t mandatory to be connected to a LANProtector Server. However it is necessary to be connected to a Server before associating a Network Adapter to a Ruleset as the available Network Adapters list is retrieved from the LANProtector Server itself.
Click on the Add button below the Associated Network Adapters list:
In the list of the available Server-side Network Adapters, select the one that is connected to the network which needs to be secured and click the OK button:
The newly associated Network Adapter name will show up in the Associated Network Adapters list on the LANProtector Manager main window:
To create a new Rule, use the Rules list toolbar New Rule command. Select a New Host Rule:
Type in the new Rule name to describe what will the Rule do, select the Allow State, type in the IP Address of the computer or device being granted access to the network, check Associate MAC Address, type in the computer or device’s MAC Address and finally click the OK button:
Note: MAC address can usually be found on a label physically attached to a network device. In case of a computer, see the operating system network adapter properties. Associating a MAC address to an IP address will ensure that only specific computer or device can obtain designated IP address on the network. If anyone else tries to obtain that IP address, they will be blocked from accessing the network.
After the Rule is created, it will show up in the Rules list on the LANProtector Manager main window:
Repeat this step as many times as necessary to grant the access to the network to all known computers and devices which are allowed to access the network. All added Rules will show up in the Rules list on the main window:
This step is optional. However performing Ruleset testing before applying it to a LANProtector Server and activating the protection will ensure correct network protection.
To access Ruleset Dry-Testing, use Tools | Dry-Test Current Ruleset main menu command or keyboard F5:
Type in an IP Address to simulate a computer or a device trying to obtain that address. Check Associate MAC Address and type in a MAC address to test with a specific MAC address. Click Test button to test if the specified IP / MAC address pair will be allowed network access:
Repeat this step as many times as needed test complex Rulesets before applying them to a LANProtector server and activating the protection.
Note: Security Projects are always managed “offline” in the LANProtector Manager. In order to make LANProtector Server aware of a Project and apply it to protect a network, the Project must first be applied (uploaded) to the LANProtector Server.
To upload currently active Project to the currently connected LANProtector Server, use the Server | Apply Current Project main menu command or keyboard F7:
Confirm Project upload request by clicking the Yes button:
An informative message will appear to confirm that the Project was successfully uploaded to the Server:
Note: Even though a LANProtector Server has Security Project applied (uploaded), it needs to be activated in order to start protecting the network.
To activate the Server use Server | Activate main menu command or keyboard F8:
When the Server is successfully activated, it will start protecting the network based on the applied Security Project and LANProtector Manager will show the new Server State in the Status bar:
Note: if the LANProtector Server couldn’t be activated for any reason, the Server State in the Status bar will remain Inactive. The reason for the inability to activate the server can be found in the Server Log. To access the Server Log, use the Server | Server Log main menu command or keyboard F9:
The unsuccessful / successful activation message can then be found in the Serve Log window:
