User’s Guide
Norton™ Personal Firewall User’s Guide The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Documentation version 6.0 PN: 10025076 Copyright Notice Copyright • 2002 Symantec Corporation. All Rights Reserved. Any technical documentation that is made available by Symantec Corporation is the copyrighted work of Symantec Corporation and is owned by Symantec Corporation. NO WARRANTY.
SYMANTEC LICENSE AND WARRANTY IMPORTANT: PLEASE READ THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE. SYMANTEC CORPORATION AND/OR ITS SUBSIDIARIES (“SYMANTEC”) IS WILLING TO LICENSE THE SOFTWARE TO YOU AS THE INDIVIDUAL, THE COMPANY, OR THE LEGAL ENTITY THAT WILL BE UTILIZING THE SOFTWARE (REFERENCED BELOW AS “YOU” OR “YOUR”) ONLY ON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS OF THIS LICENSE AGREEMENT.
PROPERTY RIGHTS. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS. YOU MAY HAVE OTHER RIGHTS, WHICH VARY FROM STATE TO STATE AND COUNTRY TO COUNTRY. 5. DISCLAIMER OF DAMAGES: SOME STATES AND COUNTRIES, INCLUDING MEMBER COUNTRIES OF THE EUROPEAN ECONOMIC AREA, DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES SO THE BELOW LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU.
Contents Chapter 1 Responding to emergencies If you think your computer is under attack ...................................... 11 Recover from an emergency ................................................................ 12 Prevent future problems ....................................................................... 13 Chapter 2 About Norton Personal Firewall What’s new in Norton Personal Firewall 2003 ................................ 15 Norton Personal Firewall features ..............................
Contents Chapter 4 Norton Personal Firewall basics Access Norton Personal Firewall ........................................................ 35 Access Norton Personal Firewall from the system tray ......... 36 Work with Norton Personal Firewall .................................................. 37 Access Norton Personal Firewall protection features ............. 37 Use the Security Monitor .............................................................. 38 Respond to Norton Personal Firewall alerts ......
Contents Chapter 6 Controlling access to protected computers Control how people use your computer ............................................. 61 Connect to a network ..................................................................... 61 Enable file and printer sharing .................................................... 62 Organize computers into network zones ................................... 62 Identify computers to Norton Personal Firewall ......................
Contents Chapter 8 Protecting your privacy Identify private information to protect .............................................. 89 Privacy Control and SSL ................................................................ 90 Add private information ................................................................ 90 Modify or remove private information ....................................... 91 Customize Privacy Control ...................................................................
Contents Appendix A Troubleshooting Norton Personal Firewall Troubleshoot Norton Personal Firewall problems ......................... 112 What is wrong with this Web site? ........................................... 112 Why can’t I post information online? ....................................... 113 Why did an email message I sent never arrive? .................... 113 Why doesn’t Norton Personal Firewall notify me before letting programs access the Internet? ..............................
Contents Glossary Service and support solutions Index CD Replacement Form
Responding to emergencies If you have an emergency, these procedures can help you find the solution to your problem. If you think your computer is under attack If your computer is behaving unpredictably, and you have determined that the behavior is not due to a virus or a corrupted file, you may be the victim of an Internet attack. If you suspect that someone is attacking your computer, immediately disconnect your computer from the Internet.
Responding to emergencies Recover from an emergency See “Identify the source of communications” on page 43. 6 Use Visual Tracking to identify the IP address of the computer that the attacker used. You can use this information to report the attack to the ISP that owns the IP address. See “Restrict a blocked computer” on page 88. 7 To block all future connections from this IP address, add this computer to your Restricted Zone.
Responding to emergencies Prevent future problems Prevent future problems Norton Personal Firewall can protect your computer against most Internet attacks. To prepare your computer for emergencies: 1 1 1 1 1 1 1 1 1 Stay informed about security risks by visiting the Symantec Security Response Web site (securityresponse.symantec.com). Keep your browser up-to-date. Software publishers release new versions to fix vulnerabilities in their browsers. Use passwords intelligently.
Responding to emergencies Prevent future problems
About Norton Personal Firewall Norton Personal Firewall protects computers from Internet attacks, guards your privacy, and speeds Web surfing by eliminating ads.
About Norton Personal Firewall Norton Personal Firewall features Norton Personal Firewall features Norton Personal Firewall includes a number of security tools that help keep your computer safe. You can get fast access to all Norton Personal Firewall tools from the new Security Monitor.
About Norton Personal Firewall Norton Personal Firewall features About Norton Personal Firewall Norton Personal Firewall provides a barrier between your computer and the Internet. A firewall prevents unauthorized users from accessing private computers and networks connected to the Internet.
About Norton Personal Firewall Norton Personal Firewall features Norton Personal Firewall features include: Intrusion Detection Intrusion Detection helps keep your computer safe from Internet attacks by scanning each piece of information that enters and exits your computer. If it identifies a potential attack, Intrusion Detection alerts you and automatically blocks the connection that contained the attack. See “Guarding against intrusion attempts” on page 69.
Installing Norton Personal Firewall Before installing Norton Personal Firewall, take a moment to review the system requirements listed in this chapter.
Installing Norton Personal Firewall System requirements Your computer must also meet the following minimum requirements. Operating System Requirements Windows 98/ 98SE/Me 1 Intel Pentium processor (or compatible) at 150 MHz or higher 1 48 MB of RAM (64 MB recommended) 1 25 MB of available hard disk space 1 Internet Explorer 5.01 or later (5.
Installing Norton Personal Firewall Before installation Email scanning does not support the following email clients: 1 IMAP clients 1 AOL clients 1 POP3s that use SSL (Secure Sockets Layer) 1 Web-based email such as Hotmail and Yahoo! 1 Lotus Notes mail Supported instant messenger clients Norton Personal Firewall can scan for private information in the following instant messengers: 1 AOL Instant Messenger, version 4.3 or later 1 MSN Instant Messenger, version 3.
Installing Norton Personal Firewall Install Norton Personal Firewall To disable the Windows XP firewall 1 On the Windows XP taskbar, click Start > Control Panel > Network Connections. 2 If you have created more than one modem or network connection, select the active connection. 3 Click Network Tasks. 4 Click Change settings of this connection.
Installing Norton Personal Firewall Install Norton Personal Firewall 3 Click Next. 4 Read the License Agreement, then click I accept the license agreement. If you decline, you cannot continue with the installation. 5 Click Next. 6 In the Run LiveUpdate after installation window, select whether you want to run LiveUpdate after the installation is done.
Installing Norton Personal Firewall Install Norton Personal Firewall See “Register your software” on page 25. 7 Click Next. 8 Click Browse to select a folder into which you want to install Norton Personal Firewall, if it is other than the default location. 9 Click Next. 10 Click Next to begin installing Norton Personal Firewall. After Norton Personal Firewall is installed, the Registration Wizard appears.
Installing Norton Personal Firewall Register your software 11 Read the readme text, then click Next. 12 Click Finish to complete the installation. If the opening screen does not appear Sometimes a computer’s CD-ROM drive does not automatically run a CD. To start the installation from the Norton Personal Firewall CD 1 On your desktop, double-click My Computer. 2 In the My Computer window, double-click the icon for your CD-ROM drive. 3 In the list of files, double-click Cdstart.exe.
Installing Norton Personal Firewall Register your software 2 If you would like information from Symantec about Norton Personal Firewall, select the method by which you want to receive that information, then click Next. 3 Type your name, then click Next. 4 Type your address, then click Next.
Installing Norton Personal Firewall Register your software 5 Do one of the following: 2 2 Answer the survey questions to help Symantec improve its products and services, then click Next. Skip the survey by clicking Next. 6 Select whether you want to register Norton Personal Firewall over the Internet or by mail. If you want to register by mail, your computer must be connected to a printer that the Registration Wizard can use to print the registration form.
Installing Norton Personal Firewall After installation After installation After Norton Personal Firewall is installed, a prompt appears giving you the option to restart your computer immediately. After restarting, the Security Assistant appears to guide you through the configuration of Norton Personal Firewall. Restart your computer After installation, a prompt appears telling you that you must restart your computer for the updates to take effect.
Installing Norton Personal Firewall After installation To set up Home Networking 1 In the Security Assistant Roadmap, click Home Networking. 2 In the Home Networking pane, click Set up Home Networking. 3 In the Home Networking Wizard, click Next. 4 Follow the on-screen instructions to configure your network. Set up Program Control See “Scan for Internet-enabled programs” on page 77. Norton Personal Firewall can scan your computer for Internet-enabled programs and create access rules for them.
Installing Norton Personal Firewall After installation To set up Program Control 1 In the Security Assistant Roadmap, click Program Scan. 2 In the Program Scan pane, click Automatically scan programs.
Installing Norton Personal Firewall After installation 3 In the Program Scan window, click Next to begin the scan. When the scan is complete, all Internet-enabled programs that were found are listed. 4 To allow Internet access for a program, check the check box to the left of the program’s name. 5 To change the Internet access rule or category of a program, in the Internet Access or Category drop-down lists, select the setting that you want. 6 Click Finish when you are done.
Installing Norton Personal Firewall After installation To set up Privacy Control 1 In the Security Assistant Roadmap, click Privacy Control. 2 In the Privacy Control pane, click Add private information to protect. 3 In the Add Private Information dialog box, under Type of information to protect, select a category. 4 In the Descriptive name text box, type a description to help you remember why you are protecting the data.
Installing Norton Personal Firewall If you have Norton SystemWorks installed To protect Norton Personal Firewall options with a password 1 In the Security Assistant Roadmap, click Password Protection. 2 In the Password Protection pane, click Turn on password protection. 3 In the Password and Confirm Password text boxes, type a password. 4 Click OK.
Installing Norton Personal Firewall If you need to uninstall Norton Personal Firewall If you need to uninstall Norton Personal Firewall If you need to uninstall Norton Personal Firewall from your computer, use the Uninstall Norton Personal Firewall option on the Windows Start menu. w During uninstall, Windows may indicate that it is installing software. This is a standard Microsoft installation message and can be disregarded.
Norton Personal Firewall basics After installation, Norton Personal Firewall automatically protects any computer on which it is installed. You do not have to start the program to be protected. Access Norton Personal Firewall Launch Norton Personal Firewall to change protection settings or monitor its activities. To access Norton Personal Firewall 4 Do one of the following: 2 On the Windows taskbar, click Start > Programs > Norton Personal Firewall > Norton Personal Firewall.
Norton Personal Firewall basics Access Norton Personal Firewall 2 2 On the Windows XP taskbar, click Start > More Programs > Norton Personal Firewall > Norton Personal Firewall. On the Windows desktop, double-click Norton Personal Firewall. Access Norton Personal Firewall from the system tray Norton Personal Firewall adds an icon to the Windows system tray. On most computers, the system tray is at the far right of the Windows taskbar at the bottom of your screen.
Norton Personal Firewall basics Work with Norton Personal Firewall About Norton Personal Firewall Displays detailed information about Norton Personal Firewall components. LiveUpdate Updates your protection. See “Keeping current with LiveUpdate” on page 53. Help Displays the Norton Personal Firewall online Help. See “Use online Help” on page 48. Disable Turns off all Norton Personal Firewall protection features. See “Temporarily disable Norton Personal Firewall” on page 47.
Norton Personal Firewall basics Work with Norton Personal Firewall 3 In the Security Center, do one of the following: 2 2 Double-click a feature you want to customize. Select a feature, then in the lower-right corner of the window, click Customize. 4 Configure the feature. 5 When you are done making changes, click OK. Use the Security Monitor The Security Monitor collects the most-used Norton Personal Firewall tools into a compact window.
Norton Personal Firewall basics Work with Norton Personal Firewall Select a task with the Security Monitor Use the Select a Task menu in the Security Monitor to quickly perform common Norton Personal Firewall tasks. The Select a Task menu includes: Task More information Test security See “Check your computer’s vulnerability to attack” on page 42. Edit private information See “Protecting your privacy” on page 89. View Log Viewer See “View Norton Personal Firewall Logs” on page 107.
Norton Personal Firewall basics Work with Norton Personal Firewall 1 What these types of alerts indicate 1 How to reduce the number of these alerts you receive To use the Alert Assistant 1 In any alert window, click the Alert Assistant button. 2 In the Alert Assistant window, review the information about this alert. 3 To respond to the alert, close the Alert Assistant.
Norton Personal Firewall basics Work with Norton Personal Firewall Use Alert Tracker Many of the Internet events that Norton Personal Firewall monitors are not significant enough to trigger alerts. Alert Tracker provides an easy way to monitor these less-important security events. Alert Tracker displays the same information that appears in the Security Event field on the Security Monitor. This allows you to monitor your computer’s security without having to keep the Security Monitor visible at all times.
Norton Personal Firewall basics Work with Norton Personal Firewall To review recent Alert Tracker messages See “Review detailed statistics” on page 105. 1 On the Windows desktop, double-click the Alert Tracker. 2 To the right of the first message, click the arrow if it appears. 3 Double-click an entry to open the Log Viewer. To move Alert Tracker 4 Drag the half globe to the side of the screen on which you want it to appear.
Norton Personal Firewall basics Work with Norton Personal Firewall To get more information about an at-risk area 4 On the results page, next to the scan name, click Show Details. Identify the source of communications Visual Tracking helps you learn more about computers that attempt to connect to your computer. Using Visual Tracking, you can identify the location of the IP address used and contact information for the owner of the address.
Norton Personal Firewall basics Work with Norton Personal Firewall 3 In the Intrusion Detection window, in the AutoBlock section, select a connection you want to trace. 4 Click Attacker Details. Your browser opens the Visual Tracking Web page. When Visual Tracking is finished, it displays a visual representation of where this communication originated and contact information for the owner of the IP address.
Norton Personal Firewall basics Customize Norton Personal Firewall Customize Norton Personal Firewall The default Norton Personal Firewall settings should provide adequate protection for most users. If you need to make changes, use the Options menu to access Norton Personal Firewall options. The options let you control more advanced settings. w If you are using Windows 2000/XP and you do not have Local Administrator access, you cannot change Norton Personal Firewall options.
Norton Personal Firewall basics Password-protect options About Web Content options Web Content options let you control how Norton Personal Firewall handles interactive online content, ads, and possible privacy intrusions. Web Content options are arranged on three tabs. About Global Settings Global Settings let you control the default actions Norton Personal Firewall takes when Web sites attempt to get information about your browser or use animated images, JavaScripts, and other active content.
Norton Personal Firewall basics Temporarily disable Norton Personal Firewall Reset options password If you forget your options password you can reset it. To reset your Norton Personal Firewall options password 1 Do one of the following: 2 2 On the Windows taskbar, click Start > Programs > Norton Personal Firewall > Uninstall Norton Personal Firewall. On the Windows XP taskbar, click Start > More Programs > Norton Personal Firewall > Uninstall Norton Personal Firewall.
Norton Personal Firewall basics For more information You can also disable individual security features. For example, you might want to see if the Personal Firewall is preventing a program from operating correctly. To disable a protection feature 1 Open Norton Personal Firewall. 2 In the Security Center, select the feature that you want to disable. 3 On the right side of the screen, click Turn Off.
Norton Personal Firewall basics For more information 2 On the main Help menu, click Norton Personal Firewall Help. 3 In the left pane of the Help window, select one of the following tabs: 2 Contents: Displays the Help by topic. 2 Index: Lists Help topics in alphabetical order by key word. 2 Search: Opens a search field where you can enter a word or phrase. Window and dialog box Help Window and dialog box Help provides information about the Norton Personal Firewall program.
Norton Personal Firewall basics For more information The Release Notes can be accessed from the Start menu. To read the Release Notes 1 Do one of the following: 2 On the Windows taskbar, click Start > Programs > Norton Personal Firewall > Product Support > Norton Personal Firewall Release Notes. On the Windows XP taskbar, click Start > More Programs > Norton Personal Firewall > Product Support > Norton Personal Firewall Release Notes. The file opens in Notepad.
Norton Personal Firewall basics For more information To read the User’s Guide from your hard disk 1 Open the location into which you copied the PDF. 2 Double-click NPF2003.pdf. About Norton Personal Firewall on the Web The Symantec Web site provides extensive information about Norton Personal Firewall. There are several ways to access the Symantec Web site. To access the Symantec Web site from the Norton Personal Firewall main window 1 Click Help.
Norton Personal Firewall basics For more information Subscribe to the Symantec Security Response newsletter Each month, Symantec publishes a free electronic newsletter that is focused on the needs of Internet security customers. It discusses the latest antivirus technology produced by Symantec Security Response, common viruses, trends in virus workings, virus outbreak warnings, and special virus definition releases.
Keeping current with LiveUpdate Symantec products depend on current information to protect your computer from newly discovered threats. Symantec makes this information available to you through LiveUpdate. Using your Internet connection, LiveUpdate obtains program updates and protection updates for your computer. Your normal Internet access fees apply when you use LiveUpdate. w If you are using Norton Personal Firewall on Windows 2000/XP, you must have Administrator access rights to run LiveUpdate.
Keeping current with LiveUpdate About protection updates About protection updates Protection updates are files available from Symantec, by subscription, that keep your Symantec products up-to-date with the latest anti-threat technology. The protection updates you receive depend on which product you are using.
Keeping current with LiveUpdate When you should update When you should update Run LiveUpdate as soon as you have installed your product. Once you know that your files are up-to-date, run LiveUpdate regularly to obtain updates. For example, to keep your virus protection current, you should use LiveUpdate once a week or whenever new viruses are discovered. Program updates are released on an as-needed basis.
Keeping current with LiveUpdate If you can’t use LiveUpdate If you can’t use LiveUpdate When new updates become available, Symantec posts them on the Symantec Web site. If you can’t run LiveUpdate, you can obtain new updates from the Symantec Web site. w Your subscription must be current to obtain new protection updates from the Symantec Web site. To obtain updates from the Symantec Web site 1 Point your Web browser to securityresponse.symantec.
Keeping current with LiveUpdate Set LiveUpdate to Interactive or Express mode LiveUpdate automatically installs all available updates for your Symantec products. To set LiveUpdate to Interactive or Express mode 1 Open your Symantec product. 2 At the top of the window, click LiveUpdate. 3 On the LiveUpdate welcome screen, click Configure. 4 On the General tab of the LiveUpdate Configuration dialog box, select Interactive Mode or Express Mode.
Keeping current with LiveUpdate Run LiveUpdate automatically Run LiveUpdate automatically You can have LiveUpdate check for protection updates automatically, on a set schedule, by enabling Automatic LiveUpdate. You must continue to run LiveUpdate manually to receive product updates. w Automatic LiveUpdate checks for an Internet connection every five minutes until a connection is found, and then every four hours.
Keeping current with LiveUpdate Run LiveUpdate automatically To delete the schedule for Automatic LiveUpdate, disable Automatic LiveUpdate. To disable Automatic LiveUpdate 1 Start Norton Personal Firewall. 2 At the top of the Norton Personal Firewall main window, click Options. w If you set a password for Options, Norton Personal Firewall asks you for the password before you can continue. 3 In the Norton Personal Firewall Options dialog box, click the LiveUpdate tab.
Keeping current with LiveUpdate Run LiveUpdate automatically
Controlling access to protected computers You can configure Norton Personal Firewall to meet your needs in many different situations. You can use the program to control your computer’s access to both local computers and computers over the Internet. You can also control how outside users access your computer. Control how people use your computer Norton Personal Firewall monitors all connections, including those made among computers in your home.
Controlling access to protected computers Control how people use your computer See “Monitoring Norton Personal Firewall” on page 103. Whenever you join a network, Norton Personal Firewall automatically begins monitoring the connection. You do not need to make any changes in order to be protected. Norton Personal Firewall notifies you of the new connection and records it in the Connections log. Enable file and printer sharing Microsoft networking provides file and printer sharing.
Controlling access to protected computers Control how people use your computer computers to your Trusted Zone if you know that their users can be trusted and they have firewall software installed. The Home Network Wizard is the fastest way to organize computers into zones. You can also manually add individual computers to zones. To open the Home Network Wizard from the Security Center 1 Open Norton Personal Firewall. 2 In the Security Center, double-click Personal Firewall.
Controlling access to protected computers Control how people use your computer To manually add computers to zones See “Identify computers to Norton Personal Firewall” on page 64. 1 Open Norton Personal Firewall. 2 In the Security Center, double-click Personal Firewall. 3 In the Personal Firewall window, on the Home Networking tab, select the zone to which you want to add a computer. 4 Click Add. 5 In the Specify Computers window, identify the computer.
Controlling access to protected computers Control how people use your computer Find a computer’s IP address There are two procedures for finding a computer’s IP address. On Windows 98/Me computers, you can use Winipcfg to find the IP address of a computer. On Windows 2000/XP computers, you can use Ipconfig to find the IP address of a computer. To find an IP address with Winipcfg 1 On the Windows taskbar, click Start > Run. 2 In the Run dialog box, type winipcfg 3 Click OK.
Controlling access to protected computers Control how people use your computer Specify a range of computers You can enter a range of computers by specifying the starting (lowest numerically) IP address and the ending (highest numerically) IP address. All of the computers within that range of IP addresses are included. In almost every case, the first three of the four numbers of the IP addresses entered should be the same.
Controlling access to protected computers Control how users access the Internet Control how users access the Internet Norton Personal Firewall supports most Internet connection methods without needing additional configuration. If you access the Internet via a cable or DSL router Norton Personal Firewall works behind a cable or DSL router and adds to the protection provided by the router.
Controlling access to protected computers Control how outside users access your network If you run a Virtual Private Network Norton Personal Firewall works with the following Virtual Private Networks (VPNs): 1 Nortel 1 VPNRemote 1 PGP 1 SecureRemote With most VPNs, when the VPN client is active, you cannot see the Internet or other computers on your local network. You can only see what is available through the VPN server to which you are connected.
Guarding against intrusion attempts Internet attacks take advantage of the way that computers transfer information. Norton Personal Firewall can protect your computer by monitoring the information that comes into and out of your computer and blocking any attack attempts.
Guarding against intrusion attempts How Norton Personal Firewall protects against network attacks Norton Personal Firewall monitors communications When Norton Personal Firewall is active, it monitors communications among your computer and other computers on the Internet. It also protects your computer from such common security problems as: See “Customize firewall protection” on page 72.
Guarding against intrusion attempts How Norton Personal Firewall protects against network attacks Because attacks may span packets, Intrusion Detection examines packets in two different ways. It scans each packet individually looking for patterns that are typical of an attack. It also monitors the packets as a stream of information, which lets it identify attacks spread across multiple packets.
Guarding against intrusion attempts Customize firewall protection Customize firewall protection The default Norton Personal Firewall settings should provide adequate protection for most users. If the default protection is not appropriate, you can customize Norton Personal Firewall protection by using the Security Level slider to select preset security levels, or by changing individual security settings.
Guarding against intrusion attempts Customize firewall protection 3 Move the slider to the Security Level that you want. Your options are: High The firewall blocks everything until you allow it. If you have run a Program Scan, you should not be interrupted frequently with Program Control alerts. See “Enable Automatic Program Control” on page 76. You are alerted each time that an ActiveX control or Java applet is encountered.
Guarding against intrusion attempts Customize firewall protection 3 Click Custom Level. 4 Do one or more of the following: 2 2 On the Personal Firewall menu, select a level. Your options are: High Blocks all communication that you do not specifically allow. You must create firewall rules for every program that requests Internet access. Medium Blocks many ports that are used by harmful programs. However, it can also block useful programs when they use the same ports.
Guarding against intrusion attempts Customize firewall rules 2 2 5 To be notified whenever unknown programs access the Internet, check Enable Access Control Alerts. To be notified whenever a remote computer attempts to connect to a port no program is using, check Alert when unused ports are accessed. Click OK. Reset security settings to defaults Setting a custom security level disables the Security Level slider.
Guarding against intrusion attempts Customize firewall rules this type of communication are ignored if they appear below the first rule that matches. If no matching rule is found, the communication is blocked. Depending on the Reporting level, an alert may appear. Create new firewall rules Norton Personal Firewall includes Program Control, which helps you create firewall rules as you use the Internet.
Guarding against intrusion attempts Customize firewall rules To enable Automatic Program Control 1 Open Norton Personal Firewall. 2 In the Security Center, double-click Personal Firewall. 3 In the Personal Firewall window, on the Program Control tab, check Turn on Automatic Program Control. 4 Click OK. Scan for Internet-enabled programs Scanning for Internet-enabled programs is the quickest way to configure the Personal Firewall.
Guarding against intrusion attempts Customize firewall rules 3 In the Personal Firewall window, on the Program Control tab, click Program Scan. 4 Select the disk or disks on your computer that you want to scan. 5 Click OK. 6 In the Program Scan window, do one of the following: 2 Check programs that you want to add to the Program Control list. 2 To add all Internet-enabled programs at once, click Check All. 7 Click Finish. 8 Click OK.
Guarding against intrusion attempts Customize firewall rules 6 In the Internet Access Control alert, select the access level you want this program to have. Your options are: Automatically configure Internet access (Recommended) Use the default Norton Personal Firewall settings for this program. Permit Allow all access attempts by this program. Block Deny all access attempts by this program. Manually configure Create rules controlling how this program accesses the Internet Access Internet.
Guarding against intrusion attempts Customize firewall rules 5 6 In the Internet Access Control alert, select the access level you want this program to have. Your options are: Automatically configure Internet access Use the default Norton Personal Firewall settings for this program. Permit this program access to the Internet Allow all access attempts by this program. Block this program from accessing the Internet Deny all access attempts by this program.
Guarding against intrusion attempts Customize firewall rules 3 In the Personal Firewall window, on the Advanced tab, click Trojan Horse Rules. 4 Follow the on-screen instructions. See “Write a firewall rule” on page 81. To add a Program Rule 1 Open Norton Personal Firewall. 2 In the Security Center, double-click Personal Firewall. 3 In the Personal Firewall window, on the Program Control tab, in the list of programs, click Add.
Guarding against intrusion attempts Customize firewall rules 4 Select the type of connection the rule should monitor. Your options are: Connections to other computers The rule applies to outbound connections from your computer to another computer. Connections from other computers The rule applies to inbound connections from another computer to your computer. Connections to and The rule applies to both inbound and outbound connections. from other computers 5 Click Next.
Guarding against intrusion attempts Customize firewall rules 9 Select the ports the rule should monitor. Your options are: All types of communications (all ports) The rule applies to communications using any port. Only the types of communications or ports listed below The rule applies to the ports listed. You can add ports to, or remove ports from, the list. 10 Click Next. 11 Choose if and how you want Norton Personal Firewall to track this rule.
Guarding against intrusion attempts Customize firewall rules To change an existing firewall rule See “Write a firewall rule” on page 81. 1 In the General Rules, Trojan Horse Rules, or Program Rules window, click Add. 2 Select the rule that you want to change. 3 Click Modify. 4 Follow the on-screen instructions to change any aspect of the rule. 5 When you have finished changing rules, click OK. Change the order of firewall rules See “How firewall rules are processed” on page 75.
Guarding against intrusion attempts Customize Intrusion Detection To remove a firewall rule 1 In the General Rules, Trojan Horse Rules, or Program Rules window, click Add. 2 Select the rule that you want to remove. 3 Click Remove. 4 When you are done removing rules, click OK. Reset firewall rules to the default settings Resetting the firewall rules returns the firewall to its default settings and deletes any changes you have made to firewall rules.
Guarding against intrusion attempts Customize Intrusion Detection safe behavior, you can create an exclusion for the attack signature that matches the benign activity. w Each exclusion that you create leaves your computer vulnerable to attacks. Be very selective when excluding attacks. Only exclude behavior that is always benign. To exclude attack signatures from being monitored 1 Open Norton Personal Firewall. 2 In the Security Center, double-click Intrusion Detection.
Guarding against intrusion attempts Customize Intrusion Detection 4 In the Excluded Signatures list, select the attack signature that you want to monitor. 5 Click Include. 6 When you are done including signatures, click OK. Enable or disable AutoBlock When Norton Personal Firewall detects an attack, it automatically blocks the connection to ensure that your computer is safe.
Guarding against intrusion attempts Customize Intrusion Detection Exclude computers from AutoBlock If a computer you need to access is repeatedly placed in the AutoBlock list, you can exclude it from being blocked by AutoBlock. To exclude specific computers from AutoBlock 1 Open Norton Personal Firewall. 2 In the Security Center, double-click Intrusion Detection. 3 In the Intrusion Detection window, click IP Address.
Protecting your privacy Every time that you browse the Internet, computers and Web sites collect information about you. Some of this information comes from forms that you fill out and choices that you make. Other information comes from your browser, which automatically provides information about the Web page you last visited and the type of computer that you’re using. Malicious users can also collect personal information without your knowledge.
Protecting your privacy Identify private information to protect Privacy Control lets you create a list of information that you want to remain private. If someone attempts to send protected information over the Internet, Norton Personal Firewall warns them about the security risk or blocks the connection. Privacy Control and SSL Some Web sites and email servers use SSL (Secure Sockets Layer) connections to encrypt connections between your computer and the server.
Protecting your privacy Customize Privacy Control Modify or remove private information You can modify or remove private information at any time. To modify or remove private information 1 Start Norton Personal Firewall. 2 In the Security Center, double-click Privacy Control. 3 In the Privacy Control window, click Private Information. 4 Select the private information that you want to change or remove. 5 Select one of the following: 6 2 Modify 2 Remove Click OK.
Protecting your privacy Customize Privacy Control To set the Privacy Level 1 Start Norton Personal Firewall. 2 Double-click Privacy Control. 3 Move the slider to the Privacy Level that you want. Your options are: 4 High All personal information is blocked and an alert appears each time that a cookie is encountered. Medium (recommended) An alert appears if private information is typed into a Web form or instant messenger program. Conceals your browsing from Web sites. Cookies are not blocked.
Protecting your privacy Customize Privacy Control 4 5 Select the Private Information setting that you want. Your options are: High Blocks all private information Medium Alerts you each time that you attempt to send private information to a nonsecure Web site or through an instant messenger program None Does not block private information Click OK. Change the Cookie Blocking setting Many Web sites store information they collect in cookies placed on your hard disk.
Protecting your privacy Customize Privacy Control Enable or disable Browser Privacy Browser Privacy prevents Web sites from learning the type of browser that you are using, the Web site that you last visited, and other information about your browsing habits. Some Web sites that depend on JavaScript may not work correctly if they cannot identify the type of browser that you are using. To enable or disable Browser Privacy 1 Start Norton Personal Firewall. 2 Double-click Privacy Control.
Blocking Internet advertisements Many Web sites are using more aggressive techniques to draw attention to the ads on their pages. Some have begun using larger, more prominent ads, while others rely on ad windows that appear when you enter or leave the site. Along with increasing the amount of time that it takes to display Web pages, some ads contain offensive content, cause software conflicts, or use HTML tricks to open additional browser windows. Ad Blocking helps avoid these problems.
Blocking Internet advertisements Enable or disable Ad Blocking Blocking by location Every file on the Internet has a unique address or URL. When you view a Web page, your computer connects to a URL and displays the file that is stored there. If the page points to graphics, audio files, and other multimedia content, your browser displays the files as part of the page.
Blocking Internet advertisements Enable or disable Popup Window Blocking 2 Double-click Ad Blocking. 3 Check or uncheck Turn on Ad Blocking. 4 Click OK. Enable or disable Popup Window Blocking Pop-up and pop-under ads are secondary windows that Web sites open when you visit or leave the sites. Pop-ups appear on top of the current window, while pop-unders appear behind the current window.
Blocking Internet advertisements Enable or disable Flash blocking Enable or disable Flash blocking When Ad Blocking is active, Norton Personal Firewall automatically blocks all Flash animations that have the same dimensions as common ads. Norton Personal Firewall can also block all Flash content. This is useful if you have a slow connection or are not interested in viewing Flash animations.
Blocking Internet advertisements Use text strings to identify ads to block or permit 3 In the Security Center, double-click Ad Blocking. 4 In the Ad Blocking window, ensure that Enable Ad Blocking is checked. 5 Click Open the Ad Trashcan. The Ad Trashcan window appears. 6 With the windows arranged so that you can see both the advertisement and the Ad Trashcan window, do one of the following: 2 2 7 If you are using Netscape, right-click the advertisement, then click Copy Image Location.
Blocking Internet advertisements Use text strings to identify ads to block or permit Make sure that what you place in the (Defaults) block list isn't too general. For example, www by itself is not a good string to block because almost every URL includes www. A string like www.slowads is more effective because it only blocks graphics from the slowads domains without affecting other sites.
Blocking Internet advertisements Use text strings to identify ads to block or permit 4 On the Ad Blocking tab, click Add. 5 In the Add New HTML String dialog box, select the action that you want to take. Your options are: Block Block ads matching this string. Permit Allow ads matching this string. 6 Type an HTML string to block or permit. 7 Click OK.
Blocking Internet advertisements Use text strings to identify ads to block or permit
Monitoring Norton Personal Firewall Norton Personal Firewall maintains records of every ingoing and outgoing Internet connection and any actions that the program takes to protect your computer. You should periodically review this information to spot potential problems.
Monitoring Norton Personal Firewall View the Status & Settings window It is normal to see some denied access attempts on a random basis (not all from the same IP address, and not to a sequence of port numbers). You may also see logged access attempts made due to activity on your own computer such as connecting to an FTP server and sending email messages. If you see any of the above patterns, it could be evidence of an attack.
Monitoring Norton Personal Firewall Review detailed statistics Reset information in the Statistics window Norton Personal Firewall automatically clears all of the statistics in the Statistics window when you restart Windows. You can also clear the statistics manually. This helps you see if a configuration change affects the statistics. To reset information in the Statistics window 1 Open Norton Personal Firewall. 2 In the Security Center, click Statistics.
Monitoring Norton Personal Firewall Review detailed statistics Web Graphics/ Banner Ads Blocked Estimated sizes of graphics that have been blocked, and the time saved by not loading blocked graphics Firewall TCP Connections The number of blocked and permitted TCP connections Firewall UDP Datagrams The number of blocked and permitted UDP connections Firewall Rules All of the rules defined for your firewall and information on the number of communication attempts blocked, permitted, or not matched
Monitoring Norton Personal Firewall View Norton Personal Firewall Logs To set the statistics displayed in the Detailed Statistics window 1 Open Norton Personal Firewall. 2 In the Security Center main window, click Statistics. 3 In the Statistics window, click Detailed Statistics. 4 In the Detailed Statistics window, on the View menu, click Options. 5 In the Norton Personal Firewall Statistics Options window, select one or more categories of statistics that you want to display. 6 Click OK.
Monitoring Norton Personal Firewall View Norton Personal Firewall Logs Web History URLs visited by the computer, providing a history of Web activity Alerts Any security alerts triggered by possible attacks on your computer Spam Details about emails identified as spam by Spam Alert View the logs View the Norton Personal Firewall logs from the Statistics window. To view the logs 1 Open Norton Personal Firewall.
Monitoring Norton Personal Firewall View Norton Personal Firewall Logs Refresh the logs The logs automatically refresh when you move from log to log. To view network events occurring since you began viewing the Log Viewer, you can manually refresh all the logs or an individual log. To refresh all logs at once 4 In the Log Viewer, right-click Norton Personal Firewall, then click Refresh all Categories.
Monitoring Norton Personal Firewall View Norton Personal Firewall Logs Change the size of the logs Norton Personal Firewall stores the information for each log in a separate file. You can change the size of log files to manage the amount of hard disk space that they occupy. When the files reach their maximum sizes, new events overwrite the oldest events. By default, log files are between 64 KB and 512 KB. If you want to see information spanning a longer period, increase the size of the log.
Troubleshooting Norton Personal Firewall The information in this chapter will help you solve the most frequently encountered problems. If you can’t find the solution to your problem here, there is a wealth of information on the Symantec Web site. You can find updates, patches, online tutorials, Knowledge Base articles, and virus removal tools. To explore the Symantec service and support Web site 1 Point your browser to www.symantec.
Troubleshooting Norton Personal Firewall Troubleshoot Norton Personal Firewall problems To search the Symantec service and support Web site 1 On the left side of any Web page in the Symantec Web site, click search. 2 Type a word or phrase that best represents the information for which you are looking. Use the following guidelines when searching the Symantec Web site: 2 2 2 2 2 2 Type a single word in lowercase letters to find all occurrences of the word, including partial matches.
Troubleshooting Norton Personal Firewall Troubleshoot Norton Personal Firewall problems See “Temporarily disable Norton Personal Firewall” on page 47. If you need to view the site, disable Norton Personal Firewall and try the Web site again. Keep in mind that when you disable Norton Personal Firewall, your computer may be vulnerable to Internet attacks. If you cannot connect to a Web site with Norton Personal Firewall disabled, there might be a problem with the Internet or your Internet service provider.
Troubleshooting Norton Personal Firewall Troubleshoot Norton Personal Firewall problems If your email program maintains copies of sent messages in its Sent or Out folder, you can reopen the email message, remove the private information, and send the message again. Why doesn’t Norton Personal Firewall notify me before letting programs access the Internet? See “Enable Automatic Program Control” on page 76.
Troubleshooting Norton Personal Firewall Troubleshoot Norton Personal Firewall problems Some Internet service providers scan the ports on users’ computers to ensure that they are keeping to their service agreements. Norton Personal Firewall might interpret this as a malicious port scan and stop communications with your cable system. If this occurs, you need to let your cable provider run port scans. To allow ISP port scans 1 Open Norton Personal Firewall.
Troubleshooting Norton Personal Firewall Troubleshoot Norton Personal Firewall problems
About the Internet The Internet is the interconnection of millions of computers throughout the world. It is comprised of the computers and the connections that make it possible for any computer on the Internet to communicate with any other computer on the Internet. The Internet is analogous to a system of roads and highways. The superhighways of the Internet, called the Internet backbone, carry large amounts of information over long distances.
About the Internet How information is transmitted over the Internet exchanges (MAEs). There are regional highways provided by large ISPs and local streets provided by local ISPs. NAP MAE Regional ISP Regional ISP Local ISP Local ISP Single user’s computer Small office network Like a system of roads and highways, the Internet provides multiple routes from one point to another. If one part of the Internet has too much traffic, or is damaged, information is rerouted.
About the Internet How information is transmitted over the Internet The Internet is a packet switching network. Every communication is broken into packets by TCP (Transmission Control Protocol). Each packet contains the addresses of the sending and receiving computers along with the information to be communicated. IP (Internet Protocol) is responsible for routing the packets to their destinations. Each packet may take a different route across the Internet, and packets may be broken up into fragments.
About the Internet How Web information is located on the Internet About UDP UDP (User Datagram Protocol) is used for functions in which the reliability of TCP is not necessary, such as broadcasting video to multiple computers at once. UDP doesn’t provide error correction or retransmission of lost packets. UDP is secondary in importance to TCP when you browse the Internet. About ICMP ICMP (Internet Control Message Protocol) packets contain error and control information.
About the Internet How Web information is located on the Internet Each URL maps to the IP address of the computer that stores the Web page. URLs are used because they are easier to remember and type than IP addresses. Before your browser requests a page, it asks a DNS (Domain Name System) server for the IP address of the Web site. IP addresses are 32-bit numbers expressed as four decimal numbers, each ranging from 0 to 255, and separated by periods: 206.204.104.148.
About the Internet How ports identify programs on servers symantec.com The domain. This is the domain with which the browser establishes a connection. A domain frequently refers to a single company or organization that might have multiple Web sites on the Internet. www.symantec.com The host. This is the particular Web site with which the browser communicates. It is also the name for which DNS provides an IP address. securitycheck The folder or directory that contains the file to be accessed.
About the Internet How computers are identified on the Internet Well-known ports Following are some of the most common well-known ports.
About the Internet How computers are identified on the Internet A typical subnet mask looks like this: 255.255.255.0. The 255s indicate parts of the IP address that are the same for all computers within the subnet, while the 0 indicates a part of the IP address that is different. Subnet masks are always used in conjunction with base IP addresses. The base IP address is an IP address that, when processed using the subnet mask, can indicate all of the IP addresses in a subnet.
Understanding Internet risks Norton Personal Firewall protects you from major risks that are associated with the Internet. These risks include the threat of network attack, malicious code in active content, exposure to inappropriate content, exposure of private information, and getting viruses from infected files. Risks from hackers Originally hackers were people who could solve computer problems and write complex computer programs quickly.
Understanding Internet risks Risks from hackers 1 1 1 Initial access The hacker exploits a vulnerability found during information gathering and establishes an entry point into your computer. Privilege escalation The hacker gains access to more programs and services on your computer. Covering tracks The hacker hides or removes evidence of the intrusion, sometimes leaving an entry point open for return. Information gathering The first step in information gathering is acquiring a target.
Understanding Internet risks Risks from hackers Initial access The easiest way for a hacker to access a Windows computer is to use Microsoft networking. On many computers, Microsoft networking is enabled so that anyone on the network can connect to it. Microsoft NetBIOS networking uses three of the well-known ports. These ports are used to establish connections among computers on a Microsoft network. In fact, they normally advertise the name of your computer over the local network.
Understanding Internet risks Risks from active content Other Trojan horse programs might record all your keystrokes to capture passwords and other sensitive data. Norton Personal Firewall blocks the ports that Remote Access Trojan horse programs use to communicate over the Internet. Covering tracks When a hacker has gained as much control of a computer as possible, the task turns to concealing the evidence.
Understanding Internet risks Risks from inappropriate content and activities Risks from inappropriate content and activities There is a wealth of information on the Internet that is easily accessible to everyone. However, some topics are not suitable for all people. For example, most people consider pornographic and violent sites to be inappropriate for viewing by children. You may feel that other topics should also be off limits.
Understanding Internet risks Risks to your privacy You may want to prevent some users from sending private information over the Internet. Norton Personal Firewall can block users from accessing secure sites where they might be asked for personal information. Understanding cookies Cookies are messages sent to your browser by Web sites that are stored as small files on your computer. They are often used by Web sites to track your visits.
Understanding Internet risks Risks from Trojan horses and viruses Tracking Internet use Most browsers pass on information that you might want to keep confidential. One item that your browser normally passes to Web sites is the URL of the page from which you came. This information is used by some Web sites to help you navigate through the Web site, but it can also be used to track your Web usage. Norton Personal Firewall blocks this information.
Understanding Internet risks The likelihood of being attacked A zombie program is a dormant program secretly installed on a computer. It can later be run remotely to aid in a collective attack on another computer. Zombie programs don’t normally damage the computer on which they reside, but are used to attack other computers. A zombie program can arrive as an email attachment. Norton AntiVirus protects you from receiving and executing viruses, Trojan horses, worms, and zombies.
Glossary This glossary provides definitions of some common Internet terms. active content Material on a Web page that changes with time or in response to user action. Active content is implemented through ActiveX controls, Visual Basic Scripts, Java scripts, and Java applets in the HTML code that defines the page. ActiveX control A program that runs within a browser using Microsoft technology to add life to a Web page by using animation, streaming audio and video, movies, and so on.
Glossary connection A method of data exchange that allows a reliable transfer of data between two computers. connection attempt The data transfer that requests the opening of a connection. cookie A small data file that some Web sites place on your hard disk while you’re viewing a Web page. Web servers can use cookies to store your personal information and preferences so that you don’t need to reenter them each time that you visit.
Glossary email (electronic mail) A method of exchanging messages and files with other people via computer networks. A popular protocol for sending email is SMTP (Simple Mail Transfer Protocol). Popular protocols for receiving email are POP3 (Post Office Protocol 3) and IMAP4 (Internet Message Access Protocol 4). Web-based email services use HTTP (Hypertext Transfer Protocol) for sending and receiving email. finger A command in some operating systems that requests network user account information.
Glossary IP address (Internet Protocol address) A 32-bit numeric identifier that uniquely identifies a computer on the Internet. IP addresses are usually expressed as four groups of numbers, each ranging from 0 to 255, separated by periods. For example, 206.204.52.71. ISP (Internet service provider) A company that supplies Internet access to individuals and companies. Most ISPs offer additional Internet connectivity services, such as Web site hosting.
Glossary network address The portion of an IP address that is common to all computers on a particular network or subnet. operating system A program that ties the capabilities of computer hardware and software to input/output devices such as disks, keyboards, and mouse devices. outbound communication An attempt by your computer to open a connection with a remote computer. The connection can be used to send data to and from your computer.
Glossary port number A logical communications channel to be used by a particular TCP/IP application. Each application has unique port numbers associated with it. By convention, some protocols use a well-known port number (for example, HTTP uses port 80), although this is configurable. port scan An attempt to gain access to a computer by searching for open ports.
Glossary TCP/IP (Transmission Control Protocol/ Internet Protocol) The standard family of protocols for communicating with Internet devices. threat A circumstance, event, or person with the potential to cause harm to a system in the form of destruction, disclosure, modification of data, and/ or denial of service. timeout A predetermined period of time during which a given task must be completed. If the timeout value is reached before or during the execution of a task, the task is canceled.
Glossary
Service and support solutions The Service & Support Web site at http://service.symantec.com supports Symantec products. Customer Service helps with nontechnical issues such as orders, upgrades, replacements, and rebates. Technical Support helps with technical issues such as installing, configuring, or troubleshooting Symantec products. Methods of technical support and customer service can vary by region.
Service and support solutions For upgrade orders, visit the Symantec Store at: http://www.symantecstore.com Technical support Symantec offers two technical support options for help with installing, configuring, or troubleshooting Symantec products: 1 1 Online Service and Support Connect to the Symantec Service & Support Web site at http://service.symantec.com, select your user type, and then select your product and version.
Service and support solutions Worldwide service and support Technical support and customer service solutions vary by country. For Symantec and International Partner locations outside of the United States, contact one of the service and support offices listed below, or connect to http://service.symantec.com and select your region under Global Service and Support. Service and support offices North America Symantec Corporation 555 International Way Springfield, OR 97477 U.S.A. http://www.symantec.
Service and support solutions
Index A access Alert Tracker 36 Block Traffic 36, 44 Help 36 LiveUpdate 36, 39 logs 39 Norton Personal Firewall 37 options 45 Program Scan 39 Security Check 42 Visual Tracking 43-44 active content 128 protection from 70 troubleshooting 113 See also ActiveX controls; Java applets ActiveX controls 113, 128 Ad Blocking 95-101 enabling and disabling 96 identifying ads to block 100-101 troubleshooting 113 Ad Trashcan 99 Adobe Acrobat Reader, installing 50 advertisements, blocking 95-101, 113 Alert Assistant 39
Index browser information 115 privacy 94 C CompuServe 56 computer blocking 87 emergency procedures 11 requirements 19 computers names 65 specifying 64-66 connecting to the Internet automatically 58 context-sensitive Help 49 Cookie Blocking 130 options 93 troubleshooting 113 cookies 93, 113, 130 credit card numbers 91 D definitions of technical terms 48, 133 desktop icon 35 detailed statistics resetting 106 viewing 105 dialog box Help 49 disabling Automatic LiveUpdate 59 Norton Personal Firewall 47 W
Index Internet Access Statistics contents 105-106 resetting 105 Internet Control Message Protocol (ICMP) 119 Internet Group Membership Protocol (IGMP) 119 Internet-enabled applications 78 Intrusion Detection 69-87 about 18, 70-71 configuring 85 Intrusion Detection service 54 IP addresses 65, 121 and subnet mask pair 123 finding 65 J Java applets 113, 128 L LiveUpdate accessing 36 accessing from Security Monitor 39 options 45 localhost 122 Log Viewer changing log sizes 110 clearing events 109 contents 107
Index options (continued) protecting with password 32, 46 resetting password 47 P passwords options 32 ping scans 126 Popup Window Blocking, enabling and disabling 97 pop-up windows, blocking 95-101, 113 pornography 129 ports 122-123 scans 70, 126 well-known 123 printers, sharing 62 Privacy Control 89-94 and SSL 90 configuration 31 in instant messengers 90 privacy risks 129-131 Private Information options 92 Prodigy Internet connection 56 product serial number 27 Program Control Automatic 76 configur
Index settings Norton Personal Firewall 72-85 Program Control 79 sockets 122 SSL (Secure Sockets Layer) and Privacy Control 90 statistics 105-107 detailed 105 Norton Personal Firewall 103-110 resetting 105 resetting detailed statistics counters 106 viewing 104 statistics window 104 Status & Settings, checking 104 stealth ports 126 subnet masks 66, 123 subscriptions 54 Symantec Security Response newsletter 52 Symantec service and support Web site 111 Symantec Web site 51 downloading product updates 56 syste
Index Z zombie programs 71, 132 zones 62-64 adding computers to 63 Restricted 88 Trusted 71
Norton™ Personal Firewall CD Replacement Form CD REPLACEMENT: After your 60-Day Limited Warranty, if your CD becomes unusable, fill out and return 1) this form, 2) your damaged CD, and 3) your payment (see pricing below, add sales tax if applicable), to the address below to receive replacement CD. DURING THE 60DAY LIMITED WARRANTY PERIOD, THIS SERVICE IS FREE. You must be a registered customer in order to receive CD replacements.
