FIREWALLS

ZONEALARM KILLED MY HOME NETWORK

The Annoyance:

I installed ZoneAlarm on my PC, and it disrupted my home network. The other networked computers can no longer access my shared folders or the printer attached to my PC. I installed ZoneAlarm because I'm worried about intruders, not my family, breaking into my PC. Can you help?

The Fix:

You've put your home network into the wrong ZoneAlarm security zone. To allow full use of your home network, you need to change its security setting:

1. Open ZoneAlarm and select Firewall on the left, then the Zones tab to the right. You'll see a listing for your home network.

2. Click your network and then click Edit button below.

3. Choose Trusted from the Zone drop-down menu, click OK, and then click Apply (see Figure 9-11). You'll be able to use your network now.

   Figure 9-11. Put your home network in ZoneAlarm's Trusted zone.

   
   
   

   Find Out More About ZoneAlarm Alerts Whenever a program on your PC tries to connect to the Internet, ZoneAlarm issues an alert and asks if you want to let it through. It gives you a recommendation, such as a green thumbs up indicating it's safe to let the application through. If you want to find out more about the application, click the More Info button. You'll be sent to the ZoneAlarm web site, which often (but not always) provides more information about the program trying to access the Internet. If ZoneAlarm has no information, perform a Google search on the application, using the executable filename.

   
   

ZONEALARM KILLS MOST WEB BROWSING

The Annoyance:

ZoneAlarm does a great job of protecting me, but when I visit some web pages, they stall outI see the top of the web page and one or two sections, but the rest of the page is blank. My browser keeps trying to download the page, but it's stuck in perpetual non-motion. Can I browse the Web and also keep my computer safe?

The Fix:

It sounds like you've configured ZoneAlarm to block Internet ads, which can cause problems at some web sites. If you allow ads to be displayed, you will most likely solve the problem. Run ZoneAlarm and select Privacy on the left, then the Main tab on the right. In the Ad Blocking section, move the slider from High to either Med or Off (see Figure 9-12). If you move it to Med, it will block animated, pop-up, and pop-under ads.

Figure 9-12. If you have problems browsing the Web when you use ZoneAlarm, change its Ad Blocking setting to Med or Off.

NORTON PERSONAL FIREWALL BLOCKS FORUM DISCUSSIONS

The Annoyance:

I installed Norton Personal Firewall, and now I can't participate in my favorite web site discussion forum. I know Norton protects me against hackers and crackers, but does it really need to protect me against people I might disagree with? Can't I keep myself protected and also participate in discussion groups?

The Fix:

Some discussion groups require the use of the HTTP_REFERER tag in your browser. They use this tag to verify that your browser is the originator of the posts you submit to the forumin other words, that you are who you say you are. But these tags, when misused, can be privacy invaders as well. Web sites can use the tags to determine what sites you've previously visited, to build a profile of your interests.

Norton Personal Firewall blocks those tags as a way to protect your privacy. However, you can turn off the blocking on a site-by-site basis. Here's how:

1. In Norton Personal Firewall, select Options Internet Security General Advanced Options.

2. Type in the name of the site that you want to allow to use the HTTP_REFERER tag, and click OK.

3. Highlight the site you just added, and select the Privacy tab. Check the "Use these rules for <Site Name>" box.

4. In the Browsing Privacy section, select Permit for Referrer. Click OK. You'll be able to participate in the forum now, but the HTTP_REFERER tag will still be blocked at other sites.

NORTON PERSONAL FIREWALL BLOCKS ONLINE BANKING

The Annoyance:

After installing Norton Personal Firewall, I suddenly can't bank onlinethe site simply won't let me in.

The Fix:

Norton Personal Firewall is blocking your access to secure sites, such as online banking sites. By default, it lets you use those sites, but it sounds as if your settings have been changed. Here's how to fix them:

1. In Norton Personal Firewall, double-click Personal Firewall and choose Advanced General Rules. Scroll down until you find the rule that blocks access to secure sites. Uncheck the box next to it and click OK.

2. Configure Custom Level.

4. Close your browser and Norton Personal Firewall, then open them both up again. You'll now be able to connect to the secure site.

NORTON PERSONAL FIREWALL BLOCKS WEB SITE LOGINS

The Annoyance:

I installed Norton Personal Firewall, and now I can't log into my favorite web sites. I think this personal firewall business is going too farwhy not just block me from using the Web entirely?

The Fix:

You've set the firewall to block all personal information (usernames, passwords, and so forth) from being sent out across the Internet. You need to configure the firewall to let through usernames and passwords, but not privacy-invading information such as your social security number.

1. In Norton Personal Firewall, choose Privacy Control Configure Custom Level.

2. Click OK and then OK again.

3. Try to log into one of your favorite web sites. If the firewall asks you whether you want to allow confidential information to be sent, click OK. (If you're not prompted, you'll be allowed to type in your username and password.) You'll now be able to log into any web site.

SHARE FILES SAFELY ON YOUR NETWORK WITH WINDOWS FIREWALL

The Annoyance:

I installed the Windows Firewall on my PC, but now I can't share files and folders with the other computers on my home network.

The Fix:

As long as you're behind a home router that blocks unsolicited inbound traffic (check the router's documentation for details), you can poke holes through the Windows Firewall to share files and folders with other network users:

1. Open the Windows Firewall control panel and click the Advanced tab. In the Network Connection Settings section, click the Settings button.

2. Click the Services tab, and then click the Add button.

3. Enter the following information in the dialog box:

   • Description of Service: Sharing Files

   • Name or IP Address: 127.0.0.1

   • External Port number for this service: 135

   • Internal Port number for this service: 135

   Select the TCP radio button, then click OK (see Figure 9-13).

   Figure 9-13. Windows Firewall can prevent users on your network from sharing your files and folders. Open ports using this dialog box to permit sharing.

   
   
   

4. Repeat the procedure to open TCP ports 136, 137, 138, 139, and 445 to sharing files and folders.

5. Repeat the procedure to open UDP ports 135, 136, 137, 138, 139, and 445. This time select the UDP radio button.

6. Keep clicking OK until you exit all dialog boxes.

REPORT HACKERS TO THE GOOD GUYS

The Annoyance:

I use ZoneAlarm to keep intruders away from my PC, and I constantly get alerts that I'm under attack. I'd like to get back at these malevolent marauders, but I don't know how.

The Fix:

Not all of the alerts you receive are the result of intruders trying to break into your computer. In fact, most alerts are the result of harmless network trafficfor example, your ISP will ping your computer to find out whether you're still connected to its network. ZoneAlarm color-codes all its alerts: a red band at the top indicates a high alert (signaling possible hacker activity), while orange means medium (often harmless network traffic).

To get back at your attackers, report their activities to your ISP, as well as to the ISP of the potential hacker. You'll need a special tracking tool, such as McAfee's Visual Trace (http://www.mcafee.com) or TamoSoft's SmartWhois (http://www.tamos.com), to track down information about the attacker, including his ISP and the ISP's email address. Here's how to report a hacker using ZoneAlarm:

1. When you get an alert, click the More Info button. You'll get information about the alert, including the IP address of the potential intruder, the port or service he tried to breach, and similar information. Copy down this information.

2. Run Visual Trace, SmartWhois, or a similar program, and type in the IP address of the intruder. You will receive information about the intruder's ISP, including its name, location, phone number, and email address (see Figure 9-14). In particular, look for an "abuse" contact. If you don't see one, look for customer support or tech support contact information.

3. Email all the details you copied down from the ZoneAlarm alert (the intruder's IP address, the port attacked, and so on) to your ISP and the intruder's ISP. ZoneAlarm keeps a log filled with details of all of your alerts, so attach the log file to your email as well. The log file is named zalog.txt, and you can find it in C:\Windows\Internet Logs\.

   Figure 9-14. Use a tool like SmartWhois to find out where to report hackers.

   
   
   

Don't expect to get a response from either your ISP or the intruder's ISP; they frequently won't get back to you. Also, you should keep in mind that there's a possibility that the reported IP address of the intruder is not his real IP address. Sometimes intruders embed "zombies" or Trojans in other people's computers, and use those programs to attack others.