ZoneAlarm Firewall Configuration Guide!
Posted by: [PM] on: 09/02/2001 11:50 AM [ Print | 9 comment(s) ] · 18596 views
ZoneAlarm is a free firewall, which is recommended again and again. However a firewall is only a useful safety measure for your "online privacy" if it is setup correctly. ZoneAlarm therefore is a good firewall to begin your own argumentation on online security and the safety of confident personal data, because it is not configured via a wild range of ports and protocols.
Warp2Search has now assembled a short guide to setup and configure ZoneAlarm for a typical home user. Click on Read More to check out the guide...
Introduction First of all let's clear two questions: Why should you use a firewall? A firewall like ZoneAlarm is a unique security measure for your PC. We recommend ZoneAlarm because it offers free basic protection from ad & spyware, trojan horses, automated dialers, port scanning, annoying ping "attacks" and uncontrolled data flow from or to your PC. How is ZoneAlarm different from a hardware firewall? ZoneAlarm is a pure software solution that controls the data that can flow in and out of a computer. It is self-configuring and requires no knowledge of ports or protocols. ZoneAlarm is much easier to use than a hardware firewall. Let's get started: Installation & First Steps ZoneAlarm succeeds to convince through the small download size and the fast installation. In the first installation window you should set a checkmark before "Yes, please give these components... " thus enabling internet access for your standard browser. You may let the remainder of the installation to be run as usual. ZoneAlarm provides a dynamic firewall which allows you to independently establish protection levels for several zones. Set up the appropriate security level, such as medium or high, for the computers in your local zone to allow secure file-sharing and print-sharing operations within your LAN. How to do this and what effects these options have will be explained later on. The Main Control Panel & The Subpanels ZoneAlarm is controlled and maintenanced by the main control panel shown here:
From here you have full control over ZoneAlarms features. The main panel shows up & down graphs interpreting the current level of data flow coming through your internet connection (top left green & red bars). Next comes the internet lock where you can allow or disallow the overall access to the internet.
Up next is an emergency override button to stop all (including pass lock applications) traffic immediately. Then small icons of currently active programs (connected to the internet) are shown. The access rules for these applications can be further set to suit your security needs. And last but not least ZoneAlarms help system finishes the main panels options. The Configure Menu The ZoneAlarm configuration window gives the user information on the current version of ZoneAlarm plus many more features. It lets you determine wether ZoneAlarm is loaded during Windows startup or not and if it should stay on top (always be visible). I would recommend letting ZoneAlarm load during startup to all broadband users that have a permanent internet connection or who leave their computer online & unattended for a long time. Furthermore Zonealarm features an autoupdate feature which is accessible here. The user can also set or change his registration in this menu. Note that registration is free for personal use. The Programs Menu The main portion of the programs panel is the program list. This is the list of programs installed on your machine that have attempted to connect to the internet. Use the checkboxes in this panel to specify each program's access rights for the local zone (LAN) or the internet zone (WWW). In the program list, the allow server column lets you control which applications can perform server functions (Set to allow for most file-sharing applications!). The pass lock option let's you control which applications are allowed to gain access to the internet although the internet lock is enabled. Note: ZoneAlarm will automatically detect any new programs that try to connect to the internet and show a popup window asking if you want to allow the program internet access: If you don't set a checkmark before Remember this... ZoneAlarm will ask for permission as long as you don't include the application in the programs list. The Security Menu The local and internet zone each have a security level slider, that you can drag up and down to change the security level. Local zone security is displayed in green, and internet zone security in blue. The default settings are: medium for the local zone (LAN)
high for the internet zone (WWW)
Use the block servers checkbox for each zone to prevent all programs from acting as servers for that zone. By checking this option, no application will be allowed to listen for incoming connections in that zone, even if you've checked the allow server option in the programs panel. The internet zone is usually set to high security, making your computer invisible to computers throughout the internet. By using high security in the internet zone, you won't be a target for hackers or other types of intruders.
It's very easy to set up security levels. Simply go to the security panel and drag the sliders up or down. This is all you need to do to configure the firewall. You don't need to be an expert in program protocols and ports. You can then go further and customize security settings by clicking on the advanced button on security panel, or apply application-specific security by right-clicking on a program name in the programs panel. Advanced security: Click on the advanced button to call the advanced security properties dialog. This is where you name trusted subnets and computers with whom you are sure it is safe to carry on internet communications and whose files you trust enough to do file sharing with them. The Lock Menu The purpose of the lock is block all network activity inbound and outbound from your computer. Therefore, only use the lock during extended inactivity of your PC. The internet lock settings panel allows you to configure the automatic lock. You can choose to lock internet access automatically when your screen saver activates or after a period of internet inactivity on your computer.
There are some extended options for the lock that are self-explanatory: The Alerts Menu At the top of the panel, today's summary shows the total amount of data sent and received by all applications. The middle portion of the panel details current alerts. In the alert settings area, at the bottom of the panel, there are options to display and save alerts. More info button: The alert messages generated by ZoneAlarm contain information on what ZoneAlarm is blocking. Pressing the more info button invokes the Zone Labs Alert Analyzer which provides additional information on traffic blocked by ZoneAlarm. Alert Analyzer is an online tool provided by Zone Labs. There are two distinct and very different instances where you would make use of the more info button. The first one is when you recieve a firewall alert, either as a popup or in the current alerts area as depicted below. The second is when you receive a program alert popup. Users can log all alerts in a file or activate a popup window to be notified of all alerts occuring. Note that if no checkmark is set to the popup alert all alerts will be logged silently. Online Gaming To make ZoneAlarm work properly for an online gaming session there are a few things you have to take care of. First of all it will be necessary to set the security slider of the internet zone to medium in the security panel. This is due to the fact that every game uses a specific port to communicate with your PC. High security enables stealth mode in ZoneAlarm which hides all open ports! Then make sure that the block all internet servers option is unchecked. The second step is to allow the client software access to the internet, may it be the game itself or 3rd party client software. This is done in the programs panel. Make sure that a checkmark is set for allow connect, allow server and pass lock. To make everything work like planned you may additionally tell ZoneAlarm which sites or IP adresses are safe to communicate with. This is done via the advanced tab in the security panel. Click on the add button, enter the servers IP adress and off you go. Happy fraggin'! You can download the latest free version of ZoneAlarm for private use directly from Warp2Search here. Commercial users or enthusiasts are encouraged to buy the Pro version of ZoneAlarm. For more information on ZoneAlarm check out the Zonelabs homepage. To prove the effectiveness of your PC's protection when using ZoneAlarm as your firewall can be tested on Gibson Research Company's Shield Up! Test Page. This test site scans open ports and more to test firewalls.
Introduction First of all let's clear two questions: Why should you use a firewall? A firewall like ZoneAlarm is a unique security measure for your PC. We recommend ZoneAlarm because it offers free basic protection from ad & spyware, trojan horses, automated dialers, port scanning, annoying ping "attacks" and uncontrolled data flow from or to your PC. How is ZoneAlarm different from a hardware firewall? ZoneAlarm is a pure software solution that controls the data that can flow in and out of a computer. It is self-configuring and requires no knowledge of ports or protocols. ZoneAlarm is much easier to use than a hardware firewall. Let's get started: Installation & First Steps ZoneAlarm succeeds to convince through the small download size and the fast installation. In the first installation window you should set a checkmark before "Yes, please give these components... " thus enabling internet access for your standard browser. You may let the remainder of the installation to be run as usual. ZoneAlarm provides a dynamic firewall which allows you to independently establish protection levels for several zones. Set up the appropriate security level, such as medium or high, for the computers in your local zone to allow secure file-sharing and print-sharing operations within your LAN. How to do this and what effects these options have will be explained later on. The Main Control Panel & The Subpanels ZoneAlarm is controlled and maintenanced by the main control panel shown here:
From here you have full control over ZoneAlarms features. The main panel shows up & down graphs interpreting the current level of data flow coming through your internet connection (top left green & red bars). Next comes the internet lock where you can allow or disallow the overall access to the internet.
Up next is an emergency override button to stop all (including pass lock applications) traffic immediately. Then small icons of currently active programs (connected to the internet) are shown. The access rules for these applications can be further set to suit your security needs. And last but not least ZoneAlarms help system finishes the main panels options. The Configure Menu The ZoneAlarm configuration window gives the user information on the current version of ZoneAlarm plus many more features. It lets you determine wether ZoneAlarm is loaded during Windows startup or not and if it should stay on top (always be visible). I would recommend letting ZoneAlarm load during startup to all broadband users that have a permanent internet connection or who leave their computer online & unattended for a long time. Furthermore Zonealarm features an autoupdate feature which is accessible here. The user can also set or change his registration in this menu. Note that registration is free for personal use. The Programs Menu The main portion of the programs panel is the program list. This is the list of programs installed on your machine that have attempted to connect to the internet. Use the checkboxes in this panel to specify each program's access rights for the local zone (LAN) or the internet zone (WWW). In the program list, the allow server column lets you control which applications can perform server functions (Set to allow for most file-sharing applications!). The pass lock option let's you control which applications are allowed to gain access to the internet although the internet lock is enabled. Note: ZoneAlarm will automatically detect any new programs that try to connect to the internet and show a popup window asking if you want to allow the program internet access: If you don't set a checkmark before Remember this... ZoneAlarm will ask for permission as long as you don't include the application in the programs list. The Security Menu The local and internet zone each have a security level slider, that you can drag up and down to change the security level. Local zone security is displayed in green, and internet zone security in blue. The default settings are: medium for the local zone (LAN)
high for the internet zone (WWW)
Use the block servers checkbox for each zone to prevent all programs from acting as servers for that zone. By checking this option, no application will be allowed to listen for incoming connections in that zone, even if you've checked the allow server option in the programs panel. The internet zone is usually set to high security, making your computer invisible to computers throughout the internet. By using high security in the internet zone, you won't be a target for hackers or other types of intruders.
It's very easy to set up security levels. Simply go to the security panel and drag the sliders up or down. This is all you need to do to configure the firewall. You don't need to be an expert in program protocols and ports. You can then go further and customize security settings by clicking on the advanced button on security panel, or apply application-specific security by right-clicking on a program name in the programs panel. Advanced security: Click on the advanced button to call the advanced security properties dialog. This is where you name trusted subnets and computers with whom you are sure it is safe to carry on internet communications and whose files you trust enough to do file sharing with them. The Lock Menu The purpose of the lock is block all network activity inbound and outbound from your computer. Therefore, only use the lock during extended inactivity of your PC. The internet lock settings panel allows you to configure the automatic lock. You can choose to lock internet access automatically when your screen saver activates or after a period of internet inactivity on your computer.
There are some extended options for the lock that are self-explanatory: The Alerts Menu At the top of the panel, today's summary shows the total amount of data sent and received by all applications. The middle portion of the panel details current alerts. In the alert settings area, at the bottom of the panel, there are options to display and save alerts. More info button: The alert messages generated by ZoneAlarm contain information on what ZoneAlarm is blocking. Pressing the more info button invokes the Zone Labs Alert Analyzer which provides additional information on traffic blocked by ZoneAlarm. Alert Analyzer is an online tool provided by Zone Labs. There are two distinct and very different instances where you would make use of the more info button. The first one is when you recieve a firewall alert, either as a popup or in the current alerts area as depicted below. The second is when you receive a program alert popup. Users can log all alerts in a file or activate a popup window to be notified of all alerts occuring. Note that if no checkmark is set to the popup alert all alerts will be logged silently. Online Gaming To make ZoneAlarm work properly for an online gaming session there are a few things you have to take care of. First of all it will be necessary to set the security slider of the internet zone to medium in the security panel. This is due to the fact that every game uses a specific port to communicate with your PC. High security enables stealth mode in ZoneAlarm which hides all open ports! Then make sure that the block all internet servers option is unchecked. The second step is to allow the client software access to the internet, may it be the game itself or 3rd party client software. This is done in the programs panel. Make sure that a checkmark is set for allow connect, allow server and pass lock. To make everything work like planned you may additionally tell ZoneAlarm which sites or IP adresses are safe to communicate with. This is done via the advanced tab in the security panel. Click on the add button, enter the servers IP adress and off you go. Happy fraggin'! You can download the latest free version of ZoneAlarm for private use directly from Warp2Search here. Commercial users or enthusiasts are encouraged to buy the Pro version of ZoneAlarm. For more information on ZoneAlarm check out the Zonelabs homepage. To prove the effectiveness of your PC's protection when using ZoneAlarm as your firewall can be tested on Gibson Research Company's Shield Up! Test Page. This test site scans open ports and more to test firewalls.
« For Our German Guests ! · ZoneAlarm Firewall Configuration Guide!
· WinDVD Tweaker 1.2 »
Comment
|
unknown Posts: 2 Joined: 2002-11-11 |
#33237 Posted on: 09/02/2001 08:30 PM
If you have two computer networked together, does Zone Alarm blocks the connection between the two computers? That's what happened to me last time I installed Zone Alarm. I cou;dn't have access to the other computer at all. Is there a way to configure ZA so that doesn't happen?(btw, I like the font) |
Comment
|
unknown Posts: 2 Joined: 2002-11-11 |
#33238 Posted on: 09/02/2001 10:24 PM
hmm, when i read there was a how to on configuring ZA, i thought..cool... but..this isnt much more than a simple help file, in fact from what i recal reading at ZA's site, they have a nice little help secion (just click help in ZA's interface). perhaps your how to could contain something a bit more in depth, like explaining how to set it up for various game servers effectively, and doing more on ports and port blocking in ZA. as i have found its not as simple as sliding a slider up and down to attain a decent level of security, and run a part time server. just my 2 cents..not trashing you..this is merely constructive criticism..other than that..i like your site, nice layout.. |
Comment
|
unknown Posts: 2 Joined: 2002-11-11 |
#33239 Posted on: 09/02/2001 11:28 PM
If you are using a home LAN, you are (should be) using non-routable IPs (i.e. 10.x.x.x, 192.168.x.x). If this is the case, you can allow for access by any computer on your LAN by setting up a range for your trusted computers. Keep in mind this only allows the computers to make connections - you still need to make sure you have set up correct permissions for each user, etc (difference between Win9x and NT/2K should be noted here.) Re-read the article, and really consider this paragraph, as this is what you are looking for... "Advanced security: Click on the advanced button to call the advanced security properties dialog. This is where you name trusted subnets and computers with whom you are sure it is safe to carry on internet communications and whose files you trust enough to do file sharing with them." |
Comment
|
unknown Posts: 2 Joined: 2002-11-11 |
#33240 Posted on: 09/03/2001 06:56 AM
If you would take some time reading it you would notice it isn't.... |
Comment
|
Rancho* Posts: 37 Joined: 2003-03-21 |
#33241 Posted on: 09/03/2001 07:03 AM
Yeah I know what you mean. First of all this was my first attempt to put an article together. Second: There is not much to configure freely in ZA. It's a good tool for beginners but is not as comprehensive as other firewalls (you may have to pay for) and therefore may not suit the advanced user best. The problem is that most of the functions are automated in ZA. I take your criticsm seriously and will try to remember it the next time I'm to write an article. Thanks for your time reading though! stay tuned. |
Comment
|
unknown Posts: 2 Joined: 2002-11-11 |
#33242 Posted on: 09/03/2001 04:13 PM
ZoneAlarm only blocks local traffic if its not recognizing the Local Zone correctly. Go to the Security Settings and click the "Advanced" button. Make sure there is a check mark beside your network card under "Adapter Subnets". Also set the security slider to medium or lower for the Local Zone. I have ZA running on my XP machine serving the internet to four other computers on our LAN and it works like a charm. Much better than XP's built in firewall! |
Comment
|
unknown Posts: 2 Joined: 2002-11-11 |
#33244 Posted on: 09/04/2001 03:15 AM
MMM.. I think different Zone alarm will work for power users too. I think there wouldn't be from anyone if this guide was labled as starter or basic. This was actually a great article and even covered the question of the first reply (can i use ZA and still connect over a local network). Booth of you are correct being that most of ZA's setup is just slideing the bars and settings privlages and that it isn't all that simple. In the same light anyone that has to let certin ports be open (which most times allowing the program to act as a server would work insted at high levels)would probally want to run ZA pro. So a good place to start with intermediate would be using za pro with you NAT server, running a packet sniffer to find what ports are needed. Za will actually work just fine if on a direct connection. The Final level would probally tackle problems like when ZA / Pro have trouble loading Vsmon or when it loads ans says its working but ill fail the leak test untill its reloaded a few times (nope can't help here havn't figured any of it out). Happy Surfing |
Comment
|
unknown Posts: 2 Joined: 2002-11-11 |
#33250 Posted on: 09/06/2001 01:49 PM
You have to go into security menu and click advanced, there select your network card, pick properties and configure it accordingly to your needs. |
Comment
|
unknown Posts: 2 Joined: 2002-11-11 |
#35850 Posted on: 02/04/2002 03:27 AM
I like your (original) article Rancho. When can we expect more in-depth on gaming and ZA Pro? It is very well putt for a first attempt. Happy fraggin' to you as well! |
