My personal
About me, some
pictures, news,
related stuff
My
Politics
Read about my
and political
views
My
Forum
Read and write to my
security related
forum online!
My
Paypal
Please donate for my
"birthday present" :)
My PGP Keys
Download
and
use to protect
our privacy
Webstats
Here you can view
stats about my sites
visitors etc.
|
|
Firewalls
and ZoneAlarm Guide and Tips
To
put it simple, firewall, and only a firewall, lets the user decide
what programs are allow to connect to net and what connection
are allowed from the net to the users computer. Without firewall,
anything can go to net from the computer and something can even
come from the net to your computer, usually without the user knowing
anything about whatsoever! Firewall is a must to anyone with "always
on" internet connection, but it is highly recommend to all
users that have even some kind of internet connection. If setup
properly, it NEVER has any harmfull effects on your computer.
Firewalls
- what for?
Firewall is a either a hardware based solution or a program, that
is meant to limit access to your computer from the network, and
on the otherhand from your computer to the network. There are
plenty of different firewalls, but the ZoneAlarm firewall described
here is simple, reliable and free. If used properly, firewall
gives you excellent protection against direct attacks from the
network, because computers ports cant be seen in the network if
the firewall is setup properly. If there where open ports on the
computer, that would basicly mean that there was some service
open which is possible to be contacted via net. As there are no
ports available, naturally there is nothing to contact with from
the net.
With proper firewall, one can also very effectively prevent the
computer to be transformed into "zombie" or otherwise
became under some hackers command, even if the settings on the
computer where insecure or harmfull programs are run in the computer.
However, it must be stated clearly that firewall does NOT replace
antivirus software or being cautious. It doesnt prevent files
on your computer to be corrupted nor spreading of viruses and
worms. It does, however, usually prevent harmfull trojan horse
programs and other backdoor programs from contacting net and opening
your computer to some hacker. It also prevents programs from sending
information about you to their manufacturer (like spyware programs)
if you dont allow the particular program to go access internet.
At
this point, I need to mention about WindowsXP:s "firewall".
In short: Avoid it if you can! It only closes inbound ports from
connections. It doesnt prevent outbound connections or specify
which programs can connect to net. So, dont use it. Get rid of
it totally and install ZoneAlarm or similiar instead. Also, you
may have heard about "Black Ice Defender" or "BID".
Again, forget it too. Its NOT a real firewall, its just an inbound
port blocker. It doesnt allow outbound filtering. Some people
find it usefull to check who is knocking their ports, but otherwise
its pretty much useless. Get rid of it and install REAL firewall
like ZoneAlarm.
If you are using WindowsXP SP2, then your might not need to
bother yourself with installing ZoneAlarm. SP2 Internet Connection
Firewall does its job much better than earlier versions of it.
If you dont want to mess with 3rd party firewall like ZoneAlarm,
stay with SP2 Internet Connection Firewall! Also, ZoneAlarm does
not work with latest versions of F-Secure products, so if you
are using F-Secure, better dump ZoneAlarm and trust ICF or F-Secures
firewall (if it has one!)...
However,
please notice, that before you have option to go to internet and
download ZoneAlarm, you NEED to have some firewall running to
block inbound traffic...if you dont, your computer gets infected
before you have installed ZoneAlarm. In this case, use WindowsXP
firewall, you can find the guide on how to enable it in my Win2k/XP
page.
Its
very easy to install and use ZoneAlarm. First, you must download
the firewall setupfiles to your own computer from their homepage,
which is at http://www.zonelabs.com
and there "ZoneAlarm - free download". Save the file
to your hard drive and run it by doubleclicking the file. Next
we will go throught some issues related to ZoneAlarm. You can
get to ZoneAlarm settings later on from the down-right cornet
of your screen (if the ZoneAlarm is running) as an "ZA"
icon. By doubleclicking it you can go to settings, or you can
close the firewall by right clicking it and selecting "Shutdown
ZoneAlarm" and answering "Yes".If you are more
intrested about firewalls and ports and what are spesific ports
used for (like you are wondering about some alerts), I recommend
reading http://www.robertgraham.com/pubs/firewall-seen.html
Here
is "Personal Firewall FAQ" by firewallguide. Also
some information about firewalls, securing your network connection
etc. etc.
Now,
follow these steps and I will show you how to install and configure
your ZoneAlarm firewall properly. You should use the settings
shown here so you dont get into trouble and everything keeps rolling
smoothly... Im you get your ZA settings somehow messed up, you
can reset them by first shutting down ZA and then deleting the
content of C:\windows\internet logs\ folder.
|
This is the first thing that you will come up when you
start installing. You can "browse" to install
ZA in different directory, which is something your should
do. This helps to defend it against some trojans or worms
in the future, since its harder for them to locate ZA
files and tamper them. Click next to continue...
|
|
You can type in any name and email address here. There
is no need to register or get information about updates
etc. You can as easily check them from the www-site every
now and then. Click next...
|
|
Then you have to read and accept Licence Agreement and
click Install...
|
|
After that, you are asked to provide some information
about you. Ofcourse, nobody is forcing you to be honest
here... ;) Click Finish...
|
|
Its a good idea to start ZA so you can start to fix the
settings... Click Yes...
|
Next you will see ZoneLabs offering you ZoneAlarmPro.
Its a good firewall so if you want firewall that has
more options and security, then I suggest you invest
few $$$:s for it. But lets move on, select "Select
ZoneAlarm" and click Next to continue...
|
An other offer for you to buy ZoneAlarmPro. Its a good
firewall so if you want firewall that has more options
and security, then I suggest you invest few $$$:s for
it. But lets move on, click Next to continue...
|
Installation is now complete. But you better move on
to the settings, click Next to continue...
|
OK, lets get started with the settings. ZoneAlarm is
famous about creating panic among novice users because
it creates alerts about "normal" network activity.
Its a good idea to just turn off these alerts, since
you can and you should check them anyway from the ZA
logs afterwards. And if you manage to get a trojan into
your computer, its very likely that it will attempt
to connect to internet which will alert ZA and notify
you. And, if a trojan is trying to contact to your computer,
you dont have anything to worry about as long as you
have ZA running (and have not given permissions in ZA
for trojans/backdoors on your computer to setup servers,
etc.) so you really dont need to panic with getting
dozens of "alerts" per hour. Click Finish
to continue...
|
Here you can choose whether or not you want to allow
automaticly some software to be able to connect to internet.
I think its better to do it manually, so select the
proper setting and click Finish...
|
Here you can active eBaypassword protection to prevent
your eBay password from being sent to some other sites
besides eBay. I dont see any reason to use this kinda
protection, some may find it usefull however. I recommend
you turn it off and click next to continue...
|
If you want, you can check the tutorial. Its quite educative,
so if you feel like it, check it out. I have choosed
not to check it and go straight to next settings. Click
Finish to continue.
|
This is overview screen. It shows various information about
your firewall and protection. Go to "product info"...
|
This screen shows your ZA version number, registration status
and so on. Nothing really remarkable here, so lets move on
to "Preferences"...
|
Make
sure you have chosen "Load ZoneAlarm at startup"
option, otherwise your ZA does not offer you any protection
after you have rebooted your computer! "Protect the ZoneAlarm
client" is good to have on, it will help you protect
against malware that attack ZoneAlarm. Go to "Firewall"...
|
Here
you can easily configure the level of security you want. Basicly,
its a good idea to keep it "High" on Internet Zone
to hide your computers ports and disallow all sharing from
your computer to the internet. Trusted Zone is for computer
that you trust, like the ones in your own network or if you
have shared network printer. Medium level is fine for Trusted
Zone, but you might need to set it to "Low" in some
cases to able to use and share printers and files in your
local network. The default settings here are quite safe, move
onto "Advanced"...
|
It might be a good idea to prevent servers from your computer.
Then again, some programs like KazaaLite, might require server
permissions if you want to share files, so maybe its better
leave those unmarked here. Uncommon protocols mean, well,
uncommon protocols. They might be used by some advanced trojan,
so you shouldnt allow them. Outgoing DNS/DHCP might be needed
in your internet/network connection unless you have manually
set your IP address. Locking host file might be good idea
to prevent some trojans redirecting your network traffic,
but it could have some side-effects, so decide it yourself.
I have chosen to leave it unmarked. Again, if you dont know
what Im talking about here, just copy those settings once
again and click OK...
|
Lets
move to the "Zones" Here you can see which IP:s
are in which zone. You can click "Add" and "Remove"
to add or remove certain IP:s or IP ranges from your zones.
For example, if you use shared network printer, then you should
add that printers IP address to "Local Zone" to
able to print (and possibly lower "Local Zone" security
settings in the "Main" tab). Lets move to "Program
Control"...
|
What
else to say here...You should not *ever* put the "Programs
settings" to "low" or "off", since
it would allow any program on your computer to freely contact
internet whenever they want to. Only exception to this rule
is, that you want to use ZoneAlarm only for blocking incoming
ports instead of WindowsXP:s Internet Connection Firewall
(which takes a lot of computers resources and services). Automatic
lock might be a good idea to turn on, but then again if you
make your computer to update some pages or download stuff
and automatic lock goes on while the screen saver activates...well...
Better keep it off. You can use "Program Wizard"
to add some programs onto your allowed programs, but I rather
do it manually. Lets move onto "Programs"...
|
OK, lets
get started with the programs settings. This is the very heart
of ZA. Here you will see a list of programs that have tryed
to access net from your computer. When you select one of the
programs, you will see more information about it, like file
name and location, version number and so on. Its important
to check the path of the program, so it really is that program
you believe it is and not some trojan that has been named
similiar and is located in some other folder.
You
can set permission by left-clicking the boxes from the programs
line as shown in the picture. As sayed earlier, you should not
give server permissions on any programs in normal situations
so all servers should be disabled, both from "Trusted"
as from "Internet" zones. For maximum security, you
should not allow any programs to access "Internet"
zone without "ask" permission, otherwise that program
might connect to internet whenever it desires which could be
a security risk. In this picture, however, I have allowed F-Secure
SSH to connect without asking permission anymore. Internet Explorer
is not allowed to connect at all. Opera Internet Browser is
allowed to connect only after my permission. KazaaLite is allowed
to connect and start server without asking permission anymore.
Dont
allow ANY program to connect if you are not ABSOLUTELY sure
its a safe program and it really needs to connect to net.
Dont "believe" or "think" some program
is OK to be allowed to connect...you MUST BE SURE that it is
absolutely safe to allow it to connect! If you allow programs
you cannot fully trust to connect, you have totally ruined the
purpose of ZoneAlarm firewall, so you might pretty much aswell
uninstall it from your computer! Basicly speaking the only programs
that should be allowed to connect to net are your internet browser
(hopefully Opera or some other secure browser and not insecure
Internet Explorer) and email/news client (again, hopefully Opera
or some other secure client and not insecure Outlook Express)...and
even they should ask your permission every time they want to
establish a connection! Naturally, if you have antivirus software
running (as you should), you should allow it to connect to internet
to get updates when needed (every few days that is), but since
this process is hopefully automated (make sure it is!), antivirus
should be given access to net whenever it wants to.
More
than 90% of all programs that would like to connect, dont really
need to connect to net. They are either spyware that are trying
to send your personal information to net, or trojans that are
trying to take control of your computer or just some poorly
designed programs that insist on downloading or getting updates
to themselfes without you doing anything. Dont allow them. Period.
Its very important to update your software every now and then,
but again, if you give the control to the software, you are
no longer in control. Keep your firewall tight and do not let
any programs to connect to net that arent absolutely needed
to make that connection!
Right-clickin programs allows you to remove them from list completely
or add new programs to the list. Removed programs will reappear
ofcourse next time they try to connect. Lets move to "Alerts
and logs"...
|
Its
a good idea to keep the alerts from popping out and creating
panic. ZoneAlarm is famous about creating alerts on "normal"
network activity. Lets move onto "Log Viewer"...
|
You
can still and you should every now and then check the logs
by going to "Log viewer". Again, dont panic, 99%
of all alerts you see there are harmless and normal network
traffic. For example, in this case "High" rated
alerts are being caused by KazaaLite application, since its
not allowed to connect to network and it tryes to do so before
I finally allowed it. However, notice that ANY program that
is attempting to connect to network without you own activity
is possible trojan horse.
You can clear the list by pressing "Clear List"
and answer "Yes". Lets move onto "Email Protection"...
|
This is
an additional protection given by ZoneAlarm. It only protects
you from .vbs files, so the protection is not really effective.
You can turn it on for some very minimal protection. Your
antivirus protection should rely on YOU never opening emails/attachment/files
that you are absolutely sure are safe to run...and secondly
on updated and properly configured antivirus program. Not
ZoneAlarm firewall!
|
When
you are trying to close the ZA Control Center, it gives you
this tip that you are not actually closing ZA, but just minimizing
it the taskbar. Ignore it, mark "Dont show this message
again" and click OK.
You can later access ZA settings via this taskbar icon by
right clicking it with your mouse. You can, for example, shut
down all internet activity, or access ZA Control Center (where
all the settings are), or shutdown ZA. Shutting down ZA will
ofcourse disable all its network security features, so do
NOT shut it down unless you really have to...
|
When a
new program is trying to connect to internet, you will get
informed about it by this kinda popup from the ZA icon. If
you are absolutely sure that the program is safe to allowed
to connect, you can click Yes so that this programs is allowed
to connect this time. If you would like it to be able to connect
in the future too without asking your permission again, you
can mark "remember this answer next time I use this program".
If you are not ABSOLUTELY sure this program is safe to be
allowed to connect, you should click No. You can later change
these settings from the "Programs" tab at the ZoneAlarm
settings.
|
Here is
similiar popup notice, but this time program is asking for
server rights! NEVER allow programs to have server rights
unless you really know what you are doing. Practicly all backdoor
programs (trojans) want to have server rights, so better play
it very, very safe here. It is very likely that the program
that wants server rights is a program that will allow other
people to access the files on your computer. You can later
change these settings from the "Programs" tab at
the ZoneAlarm settings.
|
This popup
notice is about program that you have previously allowed to
connect the internet and is again asking your permission to
connect. Like, for example if you set permissions from the
"Programs" tab for your internet browser to ask
your permission to able to connect, you will get this kind
popup notice when it tryes to connect. If you have launched
that program and want to connect to net, then allow it. If
you didnt, dont allow it (some trojan might be trying to use
it to transmit information to the internet). You can later
change these settings from the "Programs" tab at
the ZoneAlarm settings.
|
|
Tel:
