The widespread introduction of DSL and cable modems has ushered in a new level of productivity for the small office. Inexpensive dedicated connections and low-cost PCs have combined to help the small office generate a significant amount of revenue without the huge overhead. However, small office networks are typically not overseen by skilled security administrators, so there’s often a lax attitude toward network security.
The small office also makes a tasty new target for unsavory netizens. The always-on quality of broadband along with static IP addresses make it a prime target for the so-called “script kiddies”. Those ubiquitous hackers testing new attack programs, distributed denial of service (DDos) trojans, or cyber thieves searching for useful data like credit card numbers stored in simple billing systems.
Many folks feel that securing a network requires expensive, dedicated hardware and more technical training than they have time for. While that may have been true in the past, Zone Labs’ ZoneAlarm 2.1 is changing the picture. Firewall security for the small office is now more cost-effective and accessible than ever before.
Don’t get burned; get a firewall
Basic firewalls ignore any unsolicited data connection. It’s like having call block on your telephone. You can call out and talk to anyone you want without being interrupted. Some firewalls let you screen the connections selectively to allow your computers to work as a server to the outside world. This enables you to keep a Web server or FTP server in your office that the world can get to without opening up the entire machine.
ZoneAlarm 2.1 is probably the easiest-to-use firewall software you will find. ZoneAlarm 2.1’s controls are simple and quite intuitive. It’s compatible with the proxy services in Windows NT and the internet connection sharing in Windows 98 SE to allow easy upgrade to most small networks. Explanations for selections appear either within the options or at the bottom of the control panel. Each facet of the program is clearly separated, and the information is cleanly presented to prevent confusion.
Although ZoneAlarm 2.1 offers only three security levels, they should handle most small office needs. The levels range from simply restricting which applications can access the network to a stealth mode that hides all unused ports, locks out Windows file and printer services, and blocks any incoming traffic. If you choose to place the program on an NT proxy server, you can specify different settings for your internal and external network. They’ve also added new features to allow Virtual Private Network (VPN) activity or the use of outside proxy servers. This way you can create exceptions for friendly systems to access your system without compromising general security to the entire world. Figure A and Figure B show some of the options available for securing your network.
Every time a new program runs, ZoneAlarm will ask if you want that program to be able to access the Internet. ZoneAlarm also monitors outgoing network requests which allows you to protect yourself from Trojan applications that could make you vulnerable to attack or use your computer to attack someone else. Your options for a new program are:
- Grant access to the Internet.
- Block access to the Internet.
- Have ZoneAlarm 2.1 ask you about Internet access every time the program runs.
- Choose different access levels for the internal and external network.
- Decide if you want the application to run if the computer is in “Lock” mode.
You can also specify whether you want applications to be run as servers (thereby letting your friends get to your Quake server). See Figure C.
ZoneAlarm 2.1 will monitor network traffic on your system and display the applications currently running. (Note the Netscape icon next to the Stop button). More importantly, the program will alert you to any blocked requests so you’ll know if you are under attack. Figure D shows an example of the ZoneAlarm alert screen. The lock feature, shown in Figure E, can be used to further restrict network access on your system. When the lock is engaged, either manually or by an inactivity timer you set, only applications that have specifically been given pass-lock status can reach the Internet. This feature will help you identify some programs as trojans by notifying you when they attempt to access the network.
On its own this feature would not protect from Visual Basic script attacks like the I Love You virus that takes advantage of your mail program. However ZoneLabs added a VB script detector they call “Mail Safe.” This simple memory resident addition notifies you when any email messages or attachments include VB scripts. It can’t tell if the script is malicious or not, but it will prevent you from being caught off-guard by falsified file extensions.
New for version 2.1, ZoneAlarm even includes a logging system. You can disable the pop-up alerts while still tracking events. This information is especially helpful if you come under attack as it will provide information on the source of the attack and what type of attack it is.
The program’s relatively few security options might qualify as a flaw, but because of the effective way it handles small network security, I am inclined to overlook it. The cost of the program is a big selling point since it is free to home users and $19.95 for the small business version (discounts are available for group licenses). Factor in ZoneAlarm 2.1’s price tag and I think this is an appealing utility for stand-alone PCs or simple Windows NT/2000 gateways.
James McPherson is a network administrator for a nationwide ISP.If you'd like to share your opinion, please post a comment below or send the editor an e-mail.