Using the Set up Wizard

The Set Up Wizard is used to perform the initial configuration of KFSensor.
Each step of the wizard is described below.

After the Set Up Wizard is run, KFSensor will be ready to detect attacks on the system.

Set Up Wizard - Port Classes

To make it easy to set up common ports KFSensor has a set of pre-defined listen definitions.
The definitions are grouped into the classes in the wizard enabling you to add different types of ports.

  1. Windows Workstation
    These include the basic ports opened in Windows workstations and servers.
  2. Windows Server
    These include ports opened in Windows servers.
  3. Windows Internet Services
    These are Internet facing servers, such as POP3 and FTP.
  4. Windows Applications
    Windows applications with well known security risks.
  5. Linux (services not usually in Windows)
    These include services such as SOCKS, mySQL and Telnet.
  6. Trojans and worms
    Malware such as SubSeven and Blaster open ports to allow remote control.

It is possible to remove all ports of a class by unselecting the class.

To pick up the maximum about of attacks select all the port classes.

You can also run the Set Up Wizard again later to add additional components.

Set Up Wizard - Native Services

If service is already using a port then KFSensor cannot use it as well to run a simulated version of the service.

There are two options when this occurs:

Keep the existing services running and get KFSensor to monitor the activity of those existing services. By checking a port the wizard will convert the listen definition to a native type.

To allow KFSensor to try and run its own simulated service then uncheck the port. The native service running on the port will then need to be shut down to allow KFSensor to take over the port.

To make things easy the Scenario -> Edit Active Scenario dialog has a button "Convert To Native..." that display the Convert To Native dialog box. This allows you to choose which ports in error should be converted to Native.

Set Up Wizard - Domain

  • Domain Name

    This is the domain name used to identify the server to a visitor.
    It is used in several Sim Servers.

    This could be the real domain name of the machine or a fictitious one. If you pick a fictitious one, try not to use a real domain belonging somebody else.

    If you are using KFSensor inside a corporate environment then create a sub-domain of your corporate domain name.
    e.g. testserver.yourcompany.com

Set Up Wizard - EMail Alerts

KFSensor can send alerts by email.
The settings in the wizard are the minimum needed to enable this feature.

For more details on the options available see the EMail Alerts dialog box.

Set Up Wizard - Systems Service

A systems service is a special type of application that Windows runs in the background and is similar in concept to a UNIX daemon.

The KFSensor Server becomes independent of the logged on user, so the user can log off and another person can log on without affecting the server.

The KFSensor Server can be configured to start automatically when the system starts, before a user logs on.

The user must be logged in as the Administrator in order to install a systems service.

For more information see the Running the KFSensor Server section of the manual.

Next: Basic testing

KFSensor On-Line Manual Contents