eG Monitoring
 

Measures reported by FireWallStateTest

Primarily, security of a computer is controlled by configurations of the Windows Firewall, which is fully integrated with three firewall profiles. These firewall profiles are group of settings that include firewall rules and connection security rules. These profiles are dynamic and automatically applied to the computer based on how the computer is connecting to the network. So, as the computer moves from one environment to another, the computer security and network behavior changes automatically. The following table provides the brief description about these profiles:

Profile Description
Domain Applied to a network adapter when it is connected to a network on which it can detect a domain controller of the domain to which the computer is joined.
Private Applied to a network adapter when it is connected to a network that is identified by the user or administrator as a private network. A private network is one that is not connected directly to the Internet, but is behind some kind of security device, such as a network address translation (NAT) router or hardware firewall. For example, this could be a home network, or a business network that does not include a domain controller. The Private profile settings should be more restrictive than the Domain profile settings.
Public Applied to a network adapter when it is connected to a public network such as those available in airports and coffee shops. When the profile is not set to Domain or Private, the default profile is Public. The Public profile settings should be the most restrictive because the computer is connected to a public network where the security cannot be controlled. For example, a program that accepts inbound connections from the Internet (like a file sharing program) may not work in the Public profile because the Windows Firewall default setting will block all inbound connections to programs that are not on the list of allowed programs.

Each profile is associated with its own set of configurations and can be tweaked to harden or soften security. In environments where multiple application servers are hosted, administrators would normally set a group policy /security rule on all the servers. For example, administrators may set a group policy to monitor the firewall status of the servers so that they can generate a compliance report as and when necessary. Any violation in the firewall status should be available upfront in the compliance report. eG Enterprise helps these administrators to track such violations and report the same in a hassle-free manner. The FireWallStateTest test offered by the eG Enterprise helps them in this regard!

By periodically running this test, administrators can to figure out the firewall profile that is currently active on the server.

Outputs of the test : One set of results for the target host that is to be monitored.

The measures made by this test are as follows:

Measurement Description Measurement Unit Interpretation
Domain_prfl_status Indicates the current status of the domain profile.   The numeric values that correspond to the above-mentioned measure values are described in the table below:

Measure Value Numeric Value
On 1
Off 0

Note:

By default, this measure reports one of the Measure Values listed in the table above. The graph of this measure however will represent the status of the domain network using the numeric equivalents - 1 or 0.
Private_prfl_status Indicates the current status of the private profile.   The numeric values that correspond to the above-mentioned measure values are described in the table below:

Measure Value Numeric Value
On 1
Off 0

Note:

By default, this measure reports one of the Measure Values listed in the table above. The graph of this measure however will represent the status of the private network using the numeric equivalents - 1 or 0.
Public_prfl_status Indicates the current status of the public profile.   The numeric values that correspond to the above-mentioned measure values are described in the table below:

Measure Value Numeric Value
On 1
Off 0

Note:

By default, this measure reports one of the Measure Values listed in the table above. The graph of this measure however will represent the status of the public network using the numeric equivalents - 1 or 0.