McAfee Firewall Getting Started Version 2.
COPYRIGHT Copyright © 2000 Network Associates, Inc. and its Affiliated Companies. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Network Associates, Inc.
(i.e., the required number of licenses would equal the number of distinct inputs to the multiplexing or pooling software or hardware "front end"). If the number of Client Devices or seats that can connect to the Software can exceed the number of licenses you have obtained, then you must have a reasonable mechanism in place to ensure that your use of the Software does not exceed the use limits specified for the licenses you have obtained.
5. Restrictions. You may not rent, lease, loan or resell the Software. You may not permit third parties to benefit from the use or functionality of the Software via a timesharing, service bureau or other arrangement, except to the extent such use is specified in the applicable list price or product packaging for the Software. You may not transfer any of the rights granted to you under this Agreement.
7. Limitation of Liability. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER IN TORT, CONTRACT, OR OTHERWISE, SHALL MCAFEE OR ITS SUPPLIERS BE LIABLE TO YOU OR TO ANY OTHER PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR FOR ANY AND ALL OTHER DAMAGES OR LOSSES.
SOME COUNTRIES HAVE RESTRICTIONS ON THE USE OF ENCRYPTION WITHIN THEIR BORDERS, OR THE IMPORT OR EXPORT OF ENCRYPTION EVEN IF FOR ONLY TEMPORARY PERSONAL OR BUSINESS USE. YOU ACKNOWLEDGE THAT THE IMPLEMENTATION AND ENFORCEMENT OF THESE LAWS IS NOT ALWAYS CONSISTENT AS TO SPECIFIC COUNTRIES.
Table of Contents Chapter 1. Welcome to McAfee Firewall . . . . . . . . . . . . . . . . . . . . . . . . . 11 About McAfee Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11 How McAfee Firewall works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12 About McAfee Firewall documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12 McAfee Firewall online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents Configuring Network, Display and Logging Controls . . . . . . . . . . . . . . .25 Configuring Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26 Configuring System Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27 Configuration after Adding/Removing Network Devices . . . . . . . . . . . .28 Using Password Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28 Chapter 4. Glossary . . . . . . .
Table of Contents Getting Started ix
Table of Contents x McAfee Firewall
1 1 Welcome to McAfee Firewall About McAfee Firewall McAfee Firewall is a personal firewall that lets you monitor, control and log your PC’s network activity. It protects you from Internet hackers and keeps your PC private. McAfee Firewall: • Stops fileshare and printshare access attempts. • Shows who is connecting (i.e., if you allow sharing) • Stops floods and other attack packets from being received by the Operating System. • Blocks untrusted applications from communicating over the network.
Welcome to McAfee Firewall How McAfee Firewall works McAfee Firewall is a simple-to-operate security tool for the non-technical users. It dynamically manages your computing security behind the scenes, so that you do not even have to understand networking protocols. It is custom created at the moment it is needed, and only as needed, as you go on to do something else on your computer. McAfee Firewall filters traffic at the devices that your system uses - network cards and modems.
Welcome to McAfee Firewall McAfee Firewall online Help To launch McAfee Firewall help: In the McAfee Firewall main screen, click Help menu; then select Contents. The Help contents is displayed. You can also search for a help topic via the Index or Find tabs. • Index tab 1. In the text box, type the first few letters of the word or phrase you are looking for. 2. Locate what you are looking for; then double-click the topic or click the Display button.
Welcome to McAfee Firewall McAfee Firewall has been designed to be easy to use, while providing you with excellent protection. Once you install and run it, it is configured to block known attacks and to ask you before allowing applications to communicate. How is my PC at risk on the Internet? When you connect to the Internet, you share a network with millions of people from around the world.
Welcome to McAfee Firewall Are there any data packets that McAfee Firewall cannot stop? Inbound Data: No. As long as McAfee Firewall supports a network device and is running, it is intercepting all incoming packets and will allow or block according to the way you have it configured. If you choose to block everything, it will. Outbound Data: Yes and no. McAfee Firewall intercepts outbound data packets as they are passed to the network device driver. All popular applications communicate this way.
Welcome to McAfee Firewall How can I still be harassed, even with McAfee Firewall? Figure 1-2. Normal TCP Connection Many people use McAfee Firewall (and PC FIREWALL) to block the "nukes" that cause their IRC connections to be broken (shown in Figure 1-1). While McAfee Firewall blocks the nukes, there are other ways that attackers can still cause the connections to be broken: • Server-side nuking.
2 2 Installing McAfee Firewall Most installation problems are a caused by having programs running while you try to install new software. Even if the installation appears normal, you won’t be able to run the new program. To avoid installation problems, close all open programs before you install McAfee Firewall, including programs that run in the background, such as screen savers or virus checkers.
Installing McAfee Firewall To install McAfee Firewall 1. Close all open programs. 2. Insert the McAfee Firewall CD in the CD-ROM drive. 3. In the McAfee Firewall Setup screen, click Install McAfee Firewall. NOTE: If the setup screen doesn’t start automatically when you close your CD-ROM drive, click Start on the Windows taskbar, click Run, then type d:\setup. If D is not the drive letter of your CD-ROM drive, substitute the correct drive letter.
Installing McAfee Firewall • Delete • Free 4. Ignore the other options, and click OK. Click Start. ScanDisk begins scanning your drive for errors. Depending on the size of your hard drive, ScanDisk may take several minutes to complete its job. 5. When ScanDisk is finished, close ScanDisk. 6. Click Start on the Windows taskbar, point to Programs, then Accessories, then System Tools, and click Disk Defragmenter. 7. Click OK to start Disk Defragmenter.
Installing McAfee Firewall 3. Repeat steps 2 and 3 until you’ve closed everything except Explorer. 4. When you see only Explorer in the Close Program dialog box, click Cancel. You are now ready to install your new software.
3 3 McAfee Firewall Configurations The configuration of McAfee Firewall is divided into two parts—application and system. Upon installation, a base set of rules for system services such as ICMP, DHCP and ARP is installed (these are considered default settings). The applications part is personalized. Whenever you run a new program that attempts to communicate over the Internet, McAfee Firewall will prompt you whether you trust the program or not.
McAfee Firewall Configurations Default settings for applications When installed, the default setting is to prompt the user before allowing an application to communicate. The first time you run an application that uses the network, you will be prompted. If you choose "Yes", the application will be allowed to communicate normally, as it would without McAfee Firewall running. If you choose "No", the application will be blocked and will probably report an error message, such as "Network is unavailable".
McAfee Firewall Configurations You can either double-click on the network device or click once and choose Properties. Figure 3-2. Dial-Up Adapter [0000] Properties You can then choose to allow or block NetBIOS over TCP, Identification, ICMP, ARP, DHCP, RIP , PPTP and other protocols (IP and non-IP). NOTE: For more information, refer to the McAfee Firewall online Help.
McAfee Firewall Configurations Default settings for System activity NetBIOS over TCP: Blocked This will block all fileshare activity over TCP as well as UDP broadcasts. Your system will not appear in anyone’s "Network Neighborhood" and theirs will not appear in yours. If your system is configured to support NetBIOS over other protocols, such as IPX or NetBEUI, then filesharing may be allowed if "non-IP protocols" are allowed (see "Other Protocols" below).
McAfee Firewall Configurations Password Protection While McAfee Firewall is designed to protect a Windows computer from unwanted network communication, the security it provides can be undermined if the configuration can be altered. This is especially easy on Windows 95 and 98. This problem is partially addressed by adding password protection to the configuration file. The protection is only partial because only the operating system can provide access control, such as is found in Linux and Unix.
McAfee Firewall Configurations Configuring Applications The following steps will help the Administrator set up the Applications portion of the configuration. While the configuration file (CPD.SFR) is not intended to be transferrable, the Applications settings can be successfully copied from one system to another. The System settings cannot. 1. Select the Settings menu item, and the Applications option on the popup menu. 2.
McAfee Firewall Configurations 8. Choose File/Save Settings if you want to write this new configuration to disk immediately. Note: the configuration is automatically written to disk when you exit McAfee Firewall. Configuring System Settings The following steps will help the Administrator set up the System portion of the configuration. While the configuration file (CPD.SFR) is not intended to be transferrable, the Applications settings can be successfully copied from one system to another.
McAfee Firewall Configurations Configuration after Adding/Removing Network Devices The System Settings must be verified after changes are made to network devices. This is especially important if a network device is added or removed. If a device was removed, all settings may have to be re-entered, because they previous settings may now be associated with the wrong device. If a device is added, it will have to be configured for the first time. 1.
McAfee Firewall Configurations It is really important to choose a password that others will not guess. Choosing words, such as "open sesame" is a poor choice because there are password guessing programs that systematically try every word in the dictionary as well as common phrases, names, dates and other predicatable entries. It is better to choose several unrelated words, letters mixed with numbers, or completely random characters. The more, the better.
McAfee Firewall Configurations 30 McAfee Firewall
4 4 Glossary Address A data field in a packet header that specifies either the sender or the intended receiver of the packet. Note that computers can often see data packets that are not intended for them. Administrator The person responsible for handling computer configurations as well as support. Allow/Block (packets) The action to take on a packet. Block means the packet is not sent/received. Allow means it is sent/received. ARP Address Resolution Protocol.
Glossary Button An item on a window that when pressed, causes an action to be performed. Usually by clicking the mouse button when the cursor is on it. Connection A method of data exchange that allows a reliable transfer of data between two computers. Cookies A file placed on your hard drive by a Web site you visit. The original intent is for cookies to contain information about your preferences, so they can tailor the appearance according to your needs.
Glossary Email Electronic mail, a method of sending messages to other people via computer networks. Ephemeral (port) Used temporarily, in the range 1024-5000. In McAfee Firewall, this range is called the "Temporary Range". Ethernet The most common type of local area network (LAN). Fileshare A file system resource that is available through a network connection. System uses UDP broadcasts to announce its presence on a network and ’listens’ to see who is out there.
Glossary Hypertext Transfer Protocol, a powerful tool used primarily for browsing the World Wide Web. HTTPS Secure HTTP. This is a variation of HTTP that uses encryption to add privacy. ICMP Internet Control Message Protocol, a maintenance protocol that handles error messages and helps network debugging. ICMP is carried in IP packets. ICMP is easily abused and has become a serious annoyance to IRC chatgroup users.
Glossary Internet Relay Chat. A service that lets people on the Internet share a typed conversation. Whatever a person typed is sent to other people in the "chat group". The risk here is that people might become hostile and try to "nuke" you or send you unpleasant email. Consider NetNanny to screen the messages that are sent in IRC. ISDN Integrated Services Digital Network ISP Internet Service Provider, the company that sells you access to the Internet.
Glossary A protocol that supports file and print sharing. This protocol can be carried over TCP and UDP or IPX or NetBEUI. You can select "allow me to reach other system’s shares", or "allow others to reach my shares". NetBus A program designed perform installation without the user knowing about it and allow remote control of the system, including keyboard logging and file access. NetBus uses TCP ports 12345 and 12346 by default. Netware-IP A Netware protocol sent using the IP protocol.
Glossary A function of a firewall that checks inbound and outbound packet, and allows or blocks them, depending on predefined rules. Password A secret character sequence used for authentication. Passwords can be stolen by trojans such as BO and NetBus. For better security, consider token-based authentication or one-time passwords. Phone Book A set of dial-up services available on your system (look on your system for Dial-Up Networking).
Glossary A standardized method of communication, e.g. IP. RARP Reverse Address Resolution Protocol, an Ethernet protocol used to resolve IP addresses. RAS Remote Access Service, a service that supports dial-up connections. Remote (address or port) Refers to another machine you might communicate with, as opposed to your (local) machine. RIP Routing Information Protocol, a UDP-based protocol used to send routing information to systems on a network.
Glossary A TCP-based service that supports remote logins (usually to UNIX systems). With telnet, you are sending your username and password over a network and they may be stolen by someone and used to break in. Consider a VPN for privacy. tftp Trivial file transfer protocol, a UDP-based file transfer protocol. tftp is a security risk because it involves no interaction with the user - it can occur without you knowing about it. Toggle A setting that switches between two positions or values.
Glossary Another configuration of a VPN is "client/server", where computers, such as laptop PCs connect to a VPN server which gives access to a protected network. Home or mobile workers can connect to the office and have the same secure link and can access office systems. WINS Windows Internet Name Service, a protocol similar to DNS. Winsock A part of the Microsoft Windows operating systems that handles most network connections and some ICMP. It does not handle file or print shares.
A A Product Support BEFORE YOU CONTACT McAfee Software for technical support, locate yourself near the computer with McAfee Firewall installed and verify the information listed below: • Have you sent in your product registration card? • Version of McAfee Firewall • Customer number if registered • Model name of hard disk (internal or external) • Version of system software • Amount of memory (RAM) • Extra cards, boards or monitors • Name and version of conflicting software • EXACT error message as on scree
Product Support If you need further assistance or have specific questions about our products, send your questions via email to the appropriate address below: • For general questions about ordering software: mcafeestore@beyond.com • For help in downloading software: mcafeedownloadhelp@beyond.com • For a status on an existing order: mcafeeorderstatus@beyond.com To inquire about a promotion: mcafeepromotions@beyond.
Product Support If the automated services do not have the answers you need, please contact McAfee at the following numbers Monday through Friday between 9:00 AM and 6:00 PM Pacific time for 30-day free support, and 24 hours a day - 7 days a week for Per Minute or Per Incident support. Table A-1.
Product Support 44 McAfee Firewall
Index A About McAfee Firewall 11 DNS 32 Address 31 E Administrator 31 Email 33 Allow/Block (packets) 31 Ephemeral (port) 33 ARP 24, 31 Ethernet 33 Authentication 31 F B Fileshare 33 BO 31 Filter (firewalls) 33 BRKill 31 finger 33 Broadcast (networks) 31 Firewall 33 Button 32 Flood blocking a TCP connection 16 FTP 33 C Configuration after Adding/Removing Network Devices 28 G GRE 33 Configurations 21 Configuring Applications 26 H Configuring Network, Display and Logging Controls 25
Index IP 34 Password 37 IPX 34 Password Protection 25 IPX network 24 Phone Book 37 ISDN 35 ping 37 ISP 35 POP2 37 POP3 37 L PPP 37 Listening 35 PPPoE 37 Local (address or port) 35 PPTP 24, 37 Log File 35 Printshare 37 Protocol 37 M protocols 15 McAfee Firewall filter 15 Menu 35 R Message Box 35 RARP 38 Modem 35 RAS 38 N RIP 24, 38 Remote (address or port) 38 NetBEUI 35 NetBIOS 35 S NetBIOS over TCP 24 Server-side nuking 16 NetBus 36 Service 38 Netware-IP 36 SLIP 38 Netwo
Index U UDP 39 Using Password Protection 28 V Virus (software) 39 VPN 39 W WINS 40 Winsock 40 Winsock 2 17 Getting Started 47
Index 48 McAfee Firewall
