Security

Secure client machines with ZoneAlarm Pro 3.0

Learn how to install and setup a ZoneAlarm software firewall.


ZoneAlarm Pro 3.0, from Zone Labs, can help you secure client machines from Internet threats and control access to the Internet and specific URLs. This configurable tool lets you call the shots with regard to what network traffic enters and leaves your client machines.

Installation and setup
ZoneAlarm Pro installs in a snap and then launches into the Configuration Wizard, which lets you configure the security options you want to use.

The first option allows you to choose whether to activate ZoneAlarm Pro’s privacy control (Figure A), which allows you to block pop-up ads, banner ads, and third-party cookies. If you don’t activate the option during the install, you can do so later via the Privacy link in the program GUI.

Next, the wizard prompts you to select the types of blocked traffic for which you want to view alerts. The default option is Alert Me Only When Blocked Traffic Is Probably Hacker Activity. You can also opt to be notified of all blocked traffic or not to receive these alerts at all.

Figure A
Privacy switch can block annoying ads as well as cookies.


You can guard your specified security settings by specifying a password controlling access to ZoneAlarm Pro (Figure B). If you set a password, configuration decisions and changes will prompt for the password. This could be helpful for admins who want to deploy this firewall on end-user systems and set up a strong security configuration without having to worry about the user being able to fiddle with the settings.

Figure B
Set a password to protect security settings.


ZoneAlarm also prompts you to either allow it to preconfigure Internet access permissions for your applications or to set those preferences yourself (Figure C). Curiously, even though ZoneAlarm Pro indicates that it will preconfigure Internet access for such applications as Internet Explorer, I found that the first time I used IE after the initial setup, I was still prompted to give or deny IE permission to access the Internet.

Figure C
ZoneAlarm can preconfigure browser access permissions.


The final panel of the setup wizard lets you either launch or skip the program’s tutorial and launch ZoneAlarm Pro.

Tutorial
The tutorial offers basic information about the program’s features. Because the GUI is pretty intuitive, much of the information presented in the tutorial looks elementary. It’s a nice introduction to how ZoneAlarm displays information, however, and provides some useful tips on how to respond to the different types of alerts that ZoneAlarm will present.

With ZoneAlarm Pro, most of the work you do concerns the up-front settings that specify what kinds of traffic, files, and applications you want to block from getting in and/or going out of the system. That means that everything after the initial setup primarily consists of you reacting to the alerts that come in. So the most valuable section of the tutorial is the part that explains how the alerts appear and the options you have for dealing with them.

Main window
From the ZoneAlarm Pro main window, you can see an overview of the tasks the program has performed to protect your system on three levels:
  • Controlling inbound traffic
  • Controlling outbound traffic
  • Quarantining e-mail attachments

From this window, you can access any of ZoneAlarm Pro’s security options simply by clicking hyperlinks or tabs.

As you can see in Figure D, the interface is intuitive. You can easily navigate to different areas where you might need to select security options. The process of telling how you want ZoneAlarm Pro to manage your security can be time-consuming, depending on how far you want to go with it, but the interface makes it easy to find what you need and to select your security options.

Figure D
ZoneAlarm Pro’s interface is intuitive and easy to navigate.


Security options
ZoneAlarm Pro offers a wide variety of configuration options for blocking incoming and outgoing traffic. The strength of this program is basically the way it allows you to shut the door on certain types of files and activities that might leave clients—and thus your network—vulnerable to Internet threats.

Navigate to the various security features using the links down the left side of the window, and then use the tabs at the top to access additional options. We're going to take a closer look at three features: firewall, program control, and e-mail options.

Firewall
ZoneAlarm Pro’s firewall feature is divided into three zones, and you can set security levels and more specific custom options for each:
  • Internet Zone
  • Trusted Zone
  • Blocked Zone

The Internet Zone governs all traffic inbound from or outbound to the Internet. ZoneAlarm Pro’s interface for these elements resembles that of Internet Explorer settings, in that you move a slider along a range from High to Low security levels and can then, if need be, use the Customize button to select exceptions to the rules of that setting.

The Internet Zone defaults to High security, meaning that ZoneAlarm Pro locks down all activities relating to Internet traffic unless you specify otherwise. Clicking on the Custom button allows you to set a wide range of Internet security options, including the following:
  • Allow outgoing DNS
  • Allow outgoing DHCP
  • Allow broadcast/multicast
  • Block incoming/outgoing NetBIOS
  • Block incoming/outgoing ping
  • Block other ICMP

These are but a few of the options you can select for the firewall feature. This gives you some serious control over what is allowed into and out of your network, making ZoneAlarm Pro a powerful tool for taking charge of security.

The default setting for the Trusted Zone—your local network—is Medium. At this setting, ZoneAlarm Pro allows the computer to be seen on the network and to share files with other users. At the High setting, the computer is not visible on the network, and resource sharing is not allowed. This could hamper productivity if sharing is important on your network, but it also offers tighter security to protect a highly sensitive internal system. At the Low setting, the firewall feature for the Trusted Zone is essentially deactivated; in other words, you’ve opted to bypass security for your local network.

Program control
ZoneAlarm Pro's Program Control feature also provides a slider you can use to set security to High, Medium, Low, or Off. At the default value of Medium, programs must request permission to access the Internet (Figure E). When I attempted to use IE to access the Internet after installing ZoneAlarm Pro, for example, I was prompted with an alert asking whether this operation should be allowed. In this case, I opted to give IE permission to always be allowed to access the Internet.

Figure E
Program Control lets you specify which apps can access the Internet.


At the Low setting, ZoneAlarm Pro eventually “learns” which programs use the Internet and stops prompting you about whether a program should be able to perform Internet-related functions. The Off setting bypasses the Program Control feature altogether.

At the High setting, all programs must be authenticated before they are given permission to access the Internet. If this isn’t enough, you can also click on the Custom button and select specific programs yourself to set their permissions. ZoneAlarm Pro seems to have covered this pretty well with its built-in learning and permissions system, but if you are configuring systems for users on your network, the customization feature could be a valuable feature for controlling what users can and can't do on the Internet.

There’s also an Internet Lock feature that, when activated, blocks all Internet traffic to and from the system when your screen saver kicks in or after a specified length of time.

E-mail options
ZoneAlarm Pro’s e-mail protection simply consists of specifying the file attachment types you want to block. By default, ZoneAlarm Pro blocks attachments of various types, including files with the following extensions:
  • .exe
  • .bat
  • .chm
  • .mdb
  • .hlp

The list is comprehensive and covers everything that would be suspect. If you want to allow users to exchange certain types of files, you can easily click on a type and select Allow. If you want to allow attachments of all types, you can click Clear All.

Overall, ZoneAlarm Pro’s security options are extensive and easy to manage. The slider bars make it easy to defer to Zone Labs’ judgment on what should and should not be allowed, but you can also use the Custom buttons on any of the settings if you want to make your own call on certain settings.

The minuses
One drawback to using ZoneAlarm Pro as a security solution is that it offers no virus-detection and removal features. Granted, it’s not really designed to do this, but other available security products can alert users to possible virus threats and even block some of them. ZoneAlarm Pro’s security solution is one of permissions rather than threat detection and removal. Depending on how you run things, this could be good or bad.

Admins who want to have granular control over which activities are allowed on their networks will appreciate what ZoneAlarm Pro offers from the desktop firewall standpoint. But many users might look at it as a tool for network dictators. Even with the High-Low settings, this program is built around the idea of disallowing certain activities.

ZoneAlarm Pro also appears to have some redundancy in its settings that results in its not always responding to traffic as you’d expect based on your settings. Either that, or this is one stubborn watchdog that refuses to allow certain types of traffic, regardless of selected options to the contrary.

For example, I kept receiving alerts regarding NetBIOS sessions, traffic I had decided to allow. ZoneAlarm Pro insisted on blocking all NetBIOS sessions, outgoing and incoming, even though I had not selected any blocking for them. None of the settings I selected would make it stop blocking NetBIOS.

I was also annoyed by the constant alerts. I could have turned them off, but I was concerned that ZoneAlarm Pro might be stubbornly preventing traffic I wanted to allow. So it seems the program might have some issues with custom-selected security overrides. The other solution here is to drop the security setting down a notch and then specify the custom settings based on the lower security level.

Final verdict
ZoneAlarm Pro is a full-featured personal firewall program that offers admins a powerful client firewall for controlling Internet-related activities on their networks. It could be especially valuable for setting up on laptops for mobile workers and for recommending for home users who connect to the office via VPN. Of course, some admins will want to put a copy of ZoneAlarm on all their desktops to regulate Internet usage.

Because of the many security options it offers, ZoneAlarm represents another good tool for admins who want to have greater control over what enters and leaves their networks to and from the Internet. Although it lacks virus-detection features and is definitely not a substitute for full-featured desktop virus solutions, its ability to block various types of traffic and files will give networks an added and valuable security measure.


Editor's Picks

Free Newsletters, In your Inbox