Take a look around the IT department and you’ll see countless personal firewall products (both hardware and software) protecting your network. Because the market is overflowing with such products, I wasn’t very excited when someone gave me a copy of NetBarrier 2003 to install. After taking some time to tinker with the software, though, I found out that NetBarrier 2003 is much more than a simple personal firewall. Instead, NetBarrier is a comprehensive utility that can help you to get a feel for how your system’s network or Internet connection is really being used. Here are some of the best features of this handy utility.
Once I installed NetBarrier on my network, I was immediately bombarded with warning messages indicating that various programs were trying to send data out through specific ports. At first, these messages were overwhelming because they were coming in faster than I could clear them. I had absolutely no idea that my PC used its network connection so heavily.
What’s neat about NetBarrier is that each of these warnings tells you which executable file is transmitting the information and which port the information is being transmitted through. You then have the option of ignoring future transmissions by that particular application on that specific port. For example, after taking some time to look at the warning messages, I realized that the messages were related to my antivirus software, which creates logs on my main server. Once I told NetBarrier to ignore my antivirus software, the warnings went away for the most part. The idea is that once you’ve disabled warnings for things that are normal, you’ll be alerted only when something abnormal occurs.
Obviously, zone alarms are common in firewall software. This feature is just the beginning, though, with NetBarrier. In addition to the zone alarm, NetBarrier has four other primary modes of operation. These include Firewall, Antivandal, Privacy, and Monitoring. I’ll discuss each of these modes in the sections that follow.
The Firewall mode works a little differently than you might expect. For example, if you require only basic firewall functionality, you can simply set the restriction mode with the click of a button and then forget about it. Some of the available restriction modes include no restrictions, no network, client and local server, client only, server only, and customized. By using these predefined settings, you can ensure that your workstations work only as workstations and are not making resources available through the server mode. Likewise, you could configure NetBarrier so that only the server functions are enabled and client functions are disabled. Of course, you could enable everything or disable everything, or create a custom configuration. If you choose to create a custom configuration, you have the option of creating the type of rules found on other firewalls.
The Firewall mode also has two other tabs that I found interesting. One tab is a log of all traffic that has passed through the firewall. Among the information contained within this log is a list of all of the Web sites that the PC has visited. However, a much more interesting feature is the Trojan blocker. Many people don’t realize that some of the most popular antivirus software doesn’t detect Trojans. Fortunately, NetBarrier contains a list of known Trojans and monitors the machine to see if any of these Trojans are present. Like an antivirus program, the Trojan definition list is updated periodically via the Internet.
One of my favorite features of NetBarrier is the Antivandal feature. The Antivandal feature is divided into several different functions that are all designed to prevent system vandalism. The Security tab contains lots of check boxes that enable or disable various vandalism-related mechanisms. For example, you can use the check boxes to place the machine into stealth mode, protect against intrusion attempts, protect against SYN flooding, protect against ping flooding, and protect against unknown protocols. You can even set the sensitivity level of the ping flood detection, and there’s a built-in attack counter. What I really like about this tab is that all of these advanced functions are controlled by an extremely simple interface that anyone can use.
Another feature of the Antivandal section is the Applications tab. This tab is designed to allow users to detect network activity that’s generated by applications. You can configure NetBarrier to play a sound when an application tries to access the network. You can also tell NetBarrier which applications to ignore so that you aren’t bombarded with messages. There’s even an option to ignore activity that’s generated by digitally signed applications.
The Antivandal section also contains an Alerts tab that allows you to further customize what happens when an alert is tripped. You can either have NetBarrier generate a prompt for you to take action or have NetBarrier automatically block the application for a period of time (the default is 20 minutes). In addition, the Alerts tab has the option of sending an e-mail alert to the user of your choice.
The last two sections of the Antivandal section are the Stop List and the Trusted Group list. The Stop List is a list of offending users or applications that you want to block. You can use either permanent blocks or time-controlled blocks. Likewise, trusted groups are hosts that are ignored by NetBarrier because they are assumed to be trustworthy.
NetBarrier also has a section that allows you to control your personal privacy. One of the most interesting features in the Privacy area is the data filter. By designating items such as your address, phone number, and credit card number, you can filter this information and keep it from being inadvertently disclosed across the Internet. Some other useful features are banner ad blockers, cookie controls, and the ability to prevent your machine from transmitting the brand of your computer, your Web browser, or the last site that you visited.
To me the most intriguing features are found in the Monitoring area. The Monitoring area’s Traffic tab shows a graphical, real-time representation of how much of each type of traffic is being sent and received. For example, you could monitor inbound and outbound Web-, FTP-, and mail-related traffic. You can see an example of monitoring in action in Figure A.
The Monitoring section also contains a Network tab. The Network tab contains a port scanner that displays activity across all of the various TCP and UDP ports. Finally, the Whois tab allows you to resolve IP addresses to host names.
Acquiring NetBarrier 2003
A single-user license of NetBarrier 2003 is available from Intego for $49.95. Multiuser license packs are also available. For example, a 10-user license pack costs $299.95. You can purchase NetBarrier 2003 online directly from Intego.