I am clearly in learning mode, so please bear with me…
I’ve read through the introduction to CIS and am still confused about a number of things. Here’s the first.
I’m trying to understand the relationship among the rule settings for direction (In / Out), Source (IP & port), and Destination (IP & port). For example, in my log, I see an action for Target (aka, Direction): In; Source: (a device on my home network); and Destination: (my PC).
Is the “Target (Direction)” into my PC or into the network device? Since the log is generated by CIS (on my PC), I would assume that “In” always means, “into my PC”, but…
Since “Source” is a device on my home network, I would assume that the action was initiated by the device (and not by my PC)? But now, I wonder if the “Target (Direction)” actually refers to the source of the action, which would mean that the device is requesting an incoming response.
So I’d like to know how to interpret “Target (Direction)”, “Source”, and “Destination”, all within the context of one another.
See my confusion? I’d appreciate it if anyone could clarify this for me. Thanks.
In refers to traffic coming into the local computer. This traffic was not initiated by the local computer, the communication is/was started by an external source. Out means the communication was started locally and is going out the computer into the big scarey world for networks.
Then there seems to be redundancy in the three terms; i.e., if direction is “In”, the destination must be an address or interface on the local machine; if direction is “Out”, the source must be an address or interface on the local machine. So isn’t the direction parameter redundant?
This example tells me, there is an [Action] ex. (Blocked or Asked), was applied for a [Connection] (In or Incoming), and the [Source] of this incoming connection attempt was that of your [Device] (on your home network), and this [Device] is attempting to connect to the [Destination] (Your PC).