 |
 |
 |
Connection Alert Pop-Up Windows
Upon installation, your desktop firewall will begin immediately to filter out all unauthorized communications to or from your computer. Every time an unauthorized program, request, or communication is attempted to or from your computer, you will see an immediate "Connection Alert" pop-up window on your screen. You will see "Incoming" or "Outgoing" alerts. You should look at these alerts carefully before you decide to "Permit" or "Deny" the connection to or from your computer.
Outgoing Connection Alert: These outgoing alerts are warning you about programs in your computer that are trying to connect out to the Internet or to another computer on a network.
Incoming Connection Alert: These incoming alerts warn you of unauthorized intruders (hackers) or other non-permitted programs outside your computer attempting to connect into your computer without your permission. These are very important alerts to watch for. Read more details about this Intrusion Detection below.
When you see these alerts on your screen, the connection will not be allowed until you choose to either permit it or deny it. Of course, when you want to use a certain program, like email, you need to click on "Permit" when you see a connection alert pop up for your email program. You can make rules for your firewall to always permit your trusted programs to connect to the Internet. (see below, "Creating Firewall Filter Rules")
Stopping the Connection Alerts
from Popping Up
When you first start using the firewall after installation, you will see a firewall Connection Alert pop-up on your screen every time you try to dial up and connect to the Internet, use your email, start up your web browser - or anytime anyone or anything tries to connect to your computer from the Internet.
Remember, these Connection Alerts are warning you about someone or something trying to connect to your computer without your permission or trying to connect out of your computer to the Internet without your permission.
In order to stop the Connection Alerts that pop up when you use your everyday programs like email, you must create a Firewall Rule for each trusted program that you use regularly - like email. Firewall rules are rules that you set up on your firewall to always "Permit" or always "Deny" a program from connecting in or out of your computer. They are simple to set up. Once you set up the rule, your firewall will always permit or deny the connections according to the rule you set, and you won't be bothered again with a pop-up Connection Alert again.
Creating Firewall Filter Rules
To set up a firewall rule for trusted programs such as email, dial-up connections, and web browsers, follow this simple step:
The next time you see a Connection Alert window pop-up as you try to use a program, click on the small empty box in the lower left hand corner of the Connection Alert window then click Permit" or "Deny" as desired. This creates a permit or deny rule for the program or function that prompted the Connection Alert window to pop up.
If you don't create a filter rule and just click on "Permit" or "Deny", you will have permitted or denied that connection just that one time or instance - and you will see another connection alert pop up for that same thing again the next time you use that program.
Changing Your Filter Rules
If you've accidentally created a filter rule that you didn't want, or if you simply want to check the rules you established, you can easily view and change the firewall filter rules at any time. You can change the firewall's filter rules that you've established by following these steps:
1. Go to your firewall's Administration screen. (You can right click on the blue shield in the lower right hand corner task bar, and then click on "Administration". Or you can open the firewall, click on the "File" menu, then click on "Admin…")
2. Click on the "Advanced" button in the middle-right hand side of the screen. You should see the main Filter Rules screen now.
3. Look down the list of Filter Rules that have been created for your computer and find the rule that you want to change. Double-click on the rule you want to change.
4. Click on the "Permit" or "Deny" button on the bottom left part of the filter rule screen accordingly to change the rule, then click "OK". This will change the rule for you.
5. Click the OK button again to close the Filter Rule screen. You can close out of the firewall program now if you choose.
Networks: Internet Gateway or Server Computers
If you've installed the firewall on a computer that acts as an Internet gateway or Internet server for other computers on a network, you must configure your firewall to function as a "gateway firewall". In other words, if the firewall is installed on a computer that provides the connection to the Internet for your other computers, you must set the firewall up to let the other computers access the Internet through that computer and the firewall.
You can set your computer up to act as a "Gateway" to the Internet for other computers with these simple steps:
1. Go to your firewall's Administration screen. (You can right click on the blue shield in the lower right hand corner task bar, and then click on "Administration". Or you can open the firewall, click on the "File" menu, then click on "Admin…")
2. Click on the "Advanced" button in the middle-right hand side of the screen.
3. Click on the "Miscellaneous" tab at the top of the firewall program screen.
4. Check the box that says "Is running an Internet Gateway".
5. Click "Apply" and then click "OK". The firewall will now let other computers access the Internet through your computer.
Your Security Settings
On the main firewall Administration screen, you will see a toggle switch with different security settings (low, medium and high security). The firewall installs with the middle (medium) security setting automatically in place. You can adjust the security settings by simply clicking on the toggle switch and dragging it to the desired setting. Here is an overview of the three different security settings:
LOW - Permit Unknown: This bottom setting is the least secure. In fact, it will allow any and all unauthorized intrusions into your computer. It is highly recommended you never leave your computer running with this setting. Most often, this setting is used to troubleshoot a problem you might be having with a specific program accessing the Internet. By setting your firewall on this level, it's as if you don't have a firewall in place.
MEDIUM - Ask Me First: With this middle setting, your firewall will not allow any network or Internet activity without your permission first, or unless you have a filter rule already in place. When you configure your firewall with this setting, "Connection Alert" windows will pop up and ask you to permit or deny all incoming and outgoing firewall activity if it doesn't have a rule created for it. This "Ask Me First" setting is most recommended for everyday use.
With this medium (Ask Me First) setting, you will be automatically and immediately alerted to unauthorized intrusions to your computer. These Connection Alerts act as a built-in Intrusion Detection System that is very helpful in monitoring who or what is trying to get at your computer without your permission.
HIGH - Deny Unknown: With this setting, your firewall with automatically deny all attempted communications in or out of your computer that does not have a rule created for it. You won't even be asked whether you want to allow the connection, it will just deny it if there isn't a rule already created for it.
Intrusion Detection
After you have created firewall filter rules for your computer, you should not see any Connection Alert windows pop-up for programs you regularly use. As long as you have your firewall set to the medium - "Ask Me First" setting (see above), you will be notified immediately with a Connection Alert window that someone or some program is attempting to connect in or out of your computer without your permission. The firewall installs pre-set to the "Ask Me First" security setting.
These connection alert windows act as a personal Intrusion Detection System for you, warning you about all unauthorized activity. Your firewall will not only block hackers from getting into your computer, it will also detect when they try to connect to your computer.
When these connection alert windows pop-up unexpectedly, look closely at the description of who or what is trying to get into your machine. If you would like, you can write down or copy the IP Address of the person making an unauthorized connection and then find out who they are. (see below, Who is Hacking Your Computer?)
Tracking Intruders - Using Your Firewall Log
You can track all the firewall activity on your computer, including hackers and other unauthorized intruders. To create a log file, or a history, of the attempted intrusions into your computer, you must configure your firewall to track this information for you.
Activate the Firewall Log: In order to turn on the tracking feature of the firewall, please follow these steps:
1. Go to your firewall's Administration screen. (You can right click on the blue shield in the lower right hand corner task bar, and then click on "Administration". Or you can open the firewall program, click on the "File" menu, then click on "Admin…")
2. Click on the "Advanced" button in the middle-right hand side of the screen.
3. Click on the "Miscellaneous" tab at the top of the firewall program screen.
4. Check the box that says "Log Packets to Unopened Ports".
5. Also check the box that says "Log Suspicious Packets".
6. Click "Apply" and then click "OK". The firewall will now begin to track all attempted connections to your computer.
Important Recommendation: It is recommended that you only track attempted intrusions to your computer with this feature for short periods of time (several weeks, not several months). The Firewall Log file can become very large and could potentially take up a significant amount of memory on your computer if you leave this function turned on for several months at a time.
View the Firewall Log: After you begin tracking the attempted intrusions to your computer, you can view the complete history or firewall log file. This can reveal very important information about who is trying to access your computer on a regular basis.
When you view the firewall log file, you will see rows of detailed information about each attempted connection to your computer. About two-thirds across each line or row, you will see the IP Address of the person or company that tried to connect to your computer. It will be a series of 4 separate numbers and will look something like this: "162.224.16.105.3347". The first four sets of numbers are the IP Address of the unauthorized intruder. The last set of numbers is the port from the intruder's computer that was used to launch their attack. Copy down or write down that IP Address if you want to find out who tried to connect (see below, "Who is Hacking Your Computer?").
Who is Hacking Your Computer?
When an Incoming Connection Alert window unexpectedly pops up (after you've created all your filter rules for your trusted programs), you should check this out very carefully and find out who is trying to get at your computer. To find out who is trying to connect to your computer, find and copy the intruders IP Address from the connection alert window.
Copy or paste the suspicious IP address into this website: www.arin.net/whois
This public website will give you the publicly known information about the origin of the IP Address that was used in an attempted connection to your computer. Many times you will only see a block of IP Addresses owned by a large Internet Service Provider (ISP). In that case, the hacker or intruder is hidden behind that ISP. Often times you may see your own ISP or other ISP's checking to see if you're online or not. In any case, it's helpful to know who is trying to connect to your computer without your permission or knowledge.
How do I Turn Off the Firewall?
If you need or want to disable the Desktop Firewall, follow these steps. Simply open the firewall, click on "File" menu at the top of the firewall screen, then click on "Admin...". Near the top of the firewall administration screen, uncheck the box that says "Firewall Enabled".
Please keep in mind that if you disable the firewall, you lose your stealth invisibility on the Internet, and you lose any protection offered by the firewall. In situations such as troubleshooting an Internet connection, it may require the temporary disabling of the firewall to determine if the firewall is causing the Internet block, but for the most part, you should never leave your firewall disabled for extended periods of time.
|
|
© 2001-2005 INVISUS, LLC All rights reserved. |
|
|
|
|