Transcript Software Firewall Features

Software Firewalls
© N. Ganesan, Ph.D.
Module Objectives
• Explore the features of a software
firewall such as Zone Alarm Pro
Introduction
Features
• Inbound traffic protection
• Outbound traffic protection
• Optional e-mail protection
• Optional antivirus monitoring
Types of Protection and Control
• Firewall Protection
• Program Control
• Privacy Protection
• Identity Protection
Protection Alerts
• Program alerts
• Firewall alerts
Program Alert Example
• In the following example, program alert
for the ping command will be
demonstrated
Firewall Event
• Informs intrusion efforts
Zoning for Access Control
• Internet zone
– All computers fall into this category
– They are generally unknown computers
• Trusted zone
– Permission is automatically given to access
computers in the trusted zone
• Bad zone
– Access to computers in this zone are explicitly
denied
Disconnecting from Internet
• Stop button
• Internet lock
Additional Information
• Use the help feature
Overview of ZoneAlarm Pro
Firewall Zone Settings
• High
– Explicit permission must be given for
access
• Medium
– Access must be blocked explicitly
1
2
3
Blocked Zone
• Advanced control is possible for
blocked zones
Adding and Removing Networks to
and from Zones
Assigning Networks
• Networks can be assigned to trusted
and internet zones based on:
–
–
–
–
Host/site
IP address
IP range
Subnet
Computers with Access
• In the previous example, the computers
with the following range of IP address
will have network access privilege
– 130.182.215.0 to 130.182.215.254
• The values defined could also be edited
Can be removed as well.
Rule Based Access Control
Purpose
• Traffic can be controlled based on
source address, destination address,
protocol and time of the day
Expert Firewall
• Access control (allow of blocks) can be
exercised based on the following
parameters:
–
–
–
–
Source
Destination
Protocol
Time
Auto-Lock
• Auto lock can be set to be involved
when the computer is inactive for a
given period of time
Program Access Control
Individual Program Control
• This is perhaps the most frequently
used option
• Access to the network for a program
can be set to the following
– Allow
– Block X
– Ask ?
Program Control Properties
• Allow
– Allows the program to access the network
• Ask
– Ask each time the program tries to access the network
• Block
– Block access without asking
• In general, one may want to block the program acting as a
server
• Moreover, whenever in doubt, access could be set to “Ask”
• As seen in the next slide, new program could also be added to
the list of programs that need to be controlled with respect to
network access
Individual program security.
Antivirus Monitoring
Email Protection
New
attachment types
can be added.
Privacy
1
2
3
Customizing cache cleaning.
Cookie Control, Ad Blocking and
Mobile Code Control
1
2
3
Cookie control.
Ad blocking.
Mobile code
execution control.
Site Access Control
ID Lock
Alerts and Logs
The End