Network security doesn't end with the installation of a firewall or any automated security package. There are times when you'll need to block certain ranges of IP addresses. Jack Wallen explains how to use Peer Guardian 2 for this task.
Network security doesn't end with the installation of a firewall or any automated security package. There are times when you'll need to block certain ranges of IP addresses (or known hosts) based on a service and/or block specific IP addresses from gaining access to your network (or machine). Peer Guardian 2 makes this task simple in a Windows (currently 98/ME/2000/XP) environment. The application is open source, so you can download the source code, modify it, and even create your own branch of the software.
This little gem of a software package makes blocking IP addresses very simple. But in its simplicity, Peer Guardian 2 does not lose either functionality or robustness. I'll explain how to create lists of IP addresses to block in Peer Guardian 2, but first let's get the software installed and up and running.
This blog post is also available in PDF format in a TechRepublic download.
Getting and installing
As with most all Windows software, installation of Peer Guardian 2 is a snap. Simply download the OS-specific binary from the Phoenix Labs download site and double-click the installation file. The standard installation steps will take place and, once the application is installed, you will be asked to walk through some initial setup configurations.The first part of the setup will ask what types of lists to install. There are six types of lists as well as an option for always allowing HTTP requests. The options are shown in Figure A.
Don't worry if you select something wrong, you can always edit your lists manually.The next phase in the setup is to configure updates. The setup system wants to know whether it is to update lists and/or software and how often these updates are to occur. Figure B illustrates the configuration options for automatic updates.
Unless you plan on manually updating Peer Guardian 2, make sure you select to have it updated automatically along with the lists.Once you have completed the updates section, you are finished with the configuration. After the configuration is complete, you will be greeted with a small window (Figure C) that shows the progress of the updates.
Even if you've configured updates to occur automatically, you can check for them manually from the main window.
Once the updates are finished, click the Close button and you are ready to run Peer Guardian 2.
Fire it upGo to your Start menu and look for the new entry for Peer Guardian 2. Within that menu you will find the entry to start system. When Peer Guardian 2 starts up, you will see the main window, shown in Figure D.
Take a look at the number of blocked IP addresses: 774,193,650!Now what we want to do is open up the List Manager. This is where blocked IP addresses are listed. From within the List Manager (Figure E) you can enable lists, edit lists, create lists, open lists, and remove lists.
The lists shown are the default lists created when Peer Guardian 2 is initially set up.
Creating a new listClick the Create List button. This will open a new window (Figure F) where the initial information for the list will be set up.
This window sets up the type of list, the description, and the file name.At first it seems a file has to exist in order to create the list. This is not so. When you click the Browse button in Peer Guardian 2, a Save As window will appear. Locate the folder where the file is to be stored and give the file a name. That's it. Once the new list is saved, the list editing tool will open (Figure G).
Once your list gets large enough, you might have to use the Search function to locate a specific IP address.Click the Add button and a new text area will appear. This first text area is really just for a description of the IP range. Here's an example: On an inside network there is a specific database server that houses all of the company's private Human Resource data. This data is off limits to a large range of employees (IP addresses 192.168.1.100 - 192.168.1.200). To block those IP addresses from gaining access to this particular machine, you could set up a range, as shown in Figure H.
Once you enter the description, hit Enter to move to the starting IP address and then hit Enter again to move to the ending IP address.
If that is the only range that is necessary to block, click Save and the list will appear in the List Manager.
Temporarily allowing listsGoing back to the Employee example, let's say it is necessary to allow that range of employees access to the server for a short window of time. To do this, open up the List Manager, highlight the list containing the Employees range, and click Open List. Now highlight the entry containing the range of IP addresses to be allowed and right-click the entry. A drop-down list will appear, giving you four possible choices (Figure I).
Unfortunately these options cannot be modified without going into the code (but since this is open source, it is possible).
From the drop-down list, select the option that best suits the situation and click Save. Depending on the system, there might be a brief stall on the machine as Peer Guardian 2 makes the necessary changes to allow the range of IP addresses. At this point a List Cache might be created, which will take a moment (again depending on the speed of the system).
Logs, history, and other features
Another nice feature of Peer Guardian 2 is the log file viewer. The log file actually keeps a running log that is retained by date. And until the history is cleared, all logs are retained. This is a great help when security audits are done.From the Settings tab you can configure a few settings for Logs, History, and Notification. As you can see in Figure J, configuration is very straightforward.
By changing the Log Allowed Connections to Archive and Remove, the Archive To option becomes available.Click the Next button and the Settings tab will change to offer another group of straightforward configuration options (Figure K).
The proxy setting is for when a proxy is needed to download updates.
Another nice Peer Guardian 2 touch is that with a single button on the main screen you can disable it. And with the same ease, Peer Guardian 2 can also be re-enabled. In addition, HTTP can be allowed or blocked with the click of a button.
Peer Guardian 2 is an outstanding tool to add to your security arsenal. Not only is it good for network-wide security, it's great for single server (or even desktop) security. Peer Guardian 2 is simple to set up, but its power is not diminished by that simplicity.