QUICKSTART GUIDE

 

One of our major concerns while developing Botshield was, not to overburden our customer with options

and configurations. Daily experience proves: The best protection is the one that works – instantly and

without being configurated in a long and error-prone process.

 

Thats why Botshield opens a quickstart assistant right after starting our software for the first time.
This quickstart guides you through the first steps – to guarantee the safety systems quick and trouble

free start of operation.

 

First, it's essential to deactivate the Windows firewall and install the WinPCap driver on your system.
This driver is acknowledged as industrial standard  and enables our software to log your traffic.
WinPCap´s latest version is part of Botshields download file – you can install it within a few clicks.

 

 

If both basic requirements are fullfilled, you can continue to the following step.

 

 

The basic configuration menu includes four basic steps.

First, please select your networking device, which connects your server to the internet.

Then choose the relevant IP address by clicking the choice box.

If Internet Information Server (IIS) is already installed, your standard web root directory is preset.

Otherwise, please select your main directory under "web root directory" (if you are using Apache, this

would be C:\<path>\htdocs, just as an example). Right after that, our software will preconfigure the

root drive and web-directory, which enables the Filesensor function to monitor and inform you about

modifications in these important directories.

 

Third step is to prompt in your system administrators email address. Botshield is preconfigured to send

daily reports, alerts and other relevant notifications to this address.

 

To enable Botshield to send you mail, it´s essential to complete the fourth and last step:
Please specify a SMTP Server – localhost is preset to port 25. If a mail server is active on your server,

sending should work by now – at least on a local base.

Naturally you are free to chose any other mail server hosted on another system too.

Password authentification method should remain preset as "autodetect", for Botshield determines the

working method automatically.

 

If all information are inserted, you can continue to the last final area.

Here you can define, which of Botshields features shall be activated right after starting our software:

 

 

If you, for example, don´t want Botshields IP Blacklist to support your system, you can deactivate

this feature right now.

Of course you are given the possibility to change this component-configuration freely at any given time.

 

 

After clicking "start botshield" the service application will be installed on your system.

You will be led to the configuration of Botshields core feature:

 

Portshield.

 

This tool monitors activated ports and blocks attacks with the given parameters.

 

 

The column "count" defines the number of detections of an suspicious IP address within the span

of seconds prompted in "SPAN".

If  this number is reached, the IP address will be blocked via firewall for the amount of time defined

in the "BLOCK" column. We recommend not to change this detail configuration, but to activate/deactivate

and customize wanted ports and standard ports for the particular services.

 

Just as an example: If your system is threatened by heavy brute force attacks on RDP-Port 3389,

you can expand the span of time as long as you wish.

But please keep in mind: If your specifications are too restricting, there is the possibility that Botshield

recognizes your own users as attackers who, for example, forgot their password and repeatedly prompt

in wrong data.

This would lead to a lockout for the preselected time.

If all configurations are made, please click the OKAY Button.

Botshield is now activated and ready to secure your server 24/7.

 

Certainly it won´t be long until our software detects first unusual activities or attacks.

You will be informed about that – via daily report and right on our user interfaces start screen:

 

 

The first column "last hour" notifies you about all detected incidents within the last hour.
Just click on one of the buttons to gain furher information – well arranged and detailed in our monitoring

protocol.

 

By the way:

While working on your server on an extended level it can happen, that Filesensor detects many

modifications. To avoid unnecessary fail alerts, you can de- and reactivate the whole Botshield

security system or its single components by clicking on the button(s) in the right area of the start screen.

 

 

We hope this quickstart guide could help you to bring Botshield right into service.

 

Please be patient and don´t hesitate to contact us for further service.