User manual MCAFEE FIREWALL 2.1-GETTING STARTED

[. . . ] McAfee Firewall Getting Started Version 2. 10 COPYRIGHT Copyright © 2000 Network Associates, Inc. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Network Associates, Inc. TRADEMARK ATTRIBUTIONS * ActiveHelp, Bomb Shelter, Building a World of Trust, CipherLink, Clean-Up, Cloaking, CNX, Compass 7, CyberCop, CyberMedia, Data Security Letter, Discover, Distributed Sniffer System, Dr Solomon's, Enterprise Secure Cast, First Aid, ForceField, Gauntlet, GMT, GroupShield, HelpDesk, Hunter, ISDN Tel/Scope, LM 1, LANGuru, Leading Help Desk Technology, Magic Solutions, MagicSpy, MagicTree, Magic University, MagicWin, MagicWord, McAfee, McAfee Associates, MoneyMagic, More Power To You, Multimedia Cloaking, NetCrypto, NetOctopus, NetRoom, NetScan, Net Shield, NetShield, NetStalker, Net Tools, Network Associates, Network General, Network Uptime!, NetXRay, Nuts & Bolts, PC Medic, PCNotary, PGP, PGP (Pretty Good Privacy), PocketScope, Pop-Up, PowerTelnet, Pretty Good Privacy, PrimeSupport, RecoverKey, RecoverKey-International, ReportMagic, RingFence, Router PM, Safe & Sound, SalesMagic, SecureCast, Service Level Manager, ServiceMagic, Site Meter, Sniffer, SniffMaster, SniffNet, Stalker, Statistical Information Retrieval (SIR), SupportMagic, Switch PM, TeleSniffer, TIS, TMach, TMeg, Total Network Security, Total Network Visibility, Total Service Desk, Total Virus Defense, T-POD, Trusted Mach, Trusted Mail, Uninstaller, Virex, Virex-PC, Virus Forum, ViruScan, VirusScan, VShield, WebScan, WebShield, WebSniffer, WebStalker WebWall, and ZAC 2000 are registered trademarks of Network Associates and/or its affiliates in the US and/or other countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners. [. . . ] Settings may be different for each network device, since a PC may, for example, be on an internal network as well as having a dial-up connection to the Internet. To control System settings, click on the Settings menu item and choose System. Then choose the network device you want to configure. System Settings 22 McAfee Firewall McAfee Firewall Configurations You can either double-click on the network device or click once and choose Properties. Figure 3-2. Dial-Up Adapter [0000] Properties You can then choose to allow or block NetBIOS over TCP, Identification, ICMP, ARP, DHCP, RIP , PPTP and other protocols (IP and non-IP). NOTE: For more information, refer to the McAfee Firewall online Help. Getting Started 23 McAfee Firewall Configurations Default settings for System activity NetBIOS over TCP: Blocked This will block all fileshare activity over TCP as well as UDP broadcasts. Your system will not appear in anyone's "Network Neighborhood" and theirs will not appear in yours. If your system is configured to support NetBIOS over other protocols, such as IPX or NetBEUI, then filesharing may be allowed if "non-IP protocols" are allowed (see "Other Protocols" below). Identification: Allowed This service is often required when getting email and is required by most IRC servers. ICMP: Blocked This protocol is often abused as a method of breaking people's network connections (especially on IRC). ARP: Allowed ARP is a necessary Ethernet protocol and is not known to be a threat. DHCP: Allowed if your system uses DHCP The program looks in your system Registry to see if one of your network devices uses DHCP. If so, then DHCP is allowed for all devices. If not, then it is blocked for all devices. If you have more than one network device and one uses DHCP, you should check the DHCP setting for each device and allow only for the device that uses (most often cable or ADSL modems and some internal networks, not for dial-up). RIP: Blocked Allow RIP if your adminstrator or ISP advises you to. PPTP: Blocked This should only be altered by the administrator. Other Protocols: Blocked If you are on an IPX network, you should allow "non-IP protocols". If you use PPTP, you should allow "other IP protocols". Ask your network administrator before making any change here. 24 McAfee Firewall McAfee Firewall Configurations Password Protection While McAfee Firewall is designed to protect a Windows computer from unwanted network communication, the security it provides can be undermined if the configuration can be altered. This is especially easy on Windows 95 and 98. This problem is partially addressed by adding password protection to the configuration file. The protection is only partial because only the operating system can provide access control, such as is found in Linux and Unix. When you use a password to protect your configuration: · The settings cannot be changed while McAfee Firewall is running unless the correct password has been entered. · The tampering of the configuration file will be detected the next time McAfee Firewall is run, if (and when) the password is entered · If the password has not been entered, new networking applications will be blocked automatically. Instructions for Administrators Configuring Network, Display and Logging Controls Network Control This should usually be set to "Filter Traffic". If it is set to "Block Everything", the system will not be able to communicate over any network device. If it is set to "Allow Everything", nothing will be blocked. When it is set to "Filter Traffic", it controls network communications according to the Application and System settings. Display Control It is best to choose Summary mode when setting it up for other users. The information shown in Detail mode is intended for the Adminstrator and may reduce performance on high-speed networks. Logging Control It is important to log unknown traffic if you want to review the log files to look for intrusion attempts. [. . . ] trojan A program or piece of executable code that is transmitted without the user's knowledge, often allowing outsiders to break into or control the system Tunnel Encapsulates one protocol or data stream within another. A Virtual Private Network (VPN) tunnels data by encrypting it and then encapsulating it within a protocol such as TCP (better) or UDP (worse). UDP A connectionless (datagram) Internet Protocol carried in IP packets. Examples of services and applications that use UDP are ICQ, DNS, NetBIOS (for broadcasts etc. ) and RIP. [. . . ]