COMP3371Week 6 Practical: Investigating a Personal Firewall System

You may be interested in the government’s latest advice on protecting your computer when it is connected to the Internet...:

Firewall – hardware or software?

Both… it is software, but needs a platform to run on.

What is Firewall Software?

A Personal Firewall controls network data in and out of a single user’s computer and will restrict the data based on security policies.

Firewalls use 3 types of filtering mechanisms:

  • packet filtering
  • Proxy
  • Inspection

Windows generally provides an “entry level” application, and other manufacturers provide more powerful products. Plenty of examples:

Backup – backing up flles

Defender – anti-malware

Firewall – blocking incoming (and outgoing) data

This exercise can also give you “hands on” experience of at least one third party firewalling product beyond the basic “Windows Firewall” application that is provided with Windows client products– in this case ZoneAlarm from Checkpoint.. You will need to install this on your own Machine, however (see page 3).

Servers also need protection, of course (even more so than clients!) However, the principles of filtering out data via IP address or TCP port (or both!) are the same with both clients and servers.

Exercise 6(a): Windows 10Advanced Security

Windows Firewall and Windows Defender (antivirus) have been available since XP, SP2 which was released in 2003. However, each of these has been improved with each new version of Windows, and this continues with some Windows 10 security updates. Windows firewall is closely integrated with the operating system, and works very quickly. However, it does have its problems (e.g. over-enthusiastic app/port blocking) and these are best discovered through investigation! To access Windows firewall…

  1. Access WindowsControl Panel, then Windows Firewall
  1. Click on Advanced Settings, to bring up the wizard for the Advanced Security Tool… have a quick look at the screen. This screen provides much more flexible use of port, IP, and application settings than the standard option, as well as configuration options for tunnelling and IPSec

Note also that, as you are logged onto the network, some settings will be already overwritten by group policy.

  1. Now click on Properties.Another window will pop up with tabs giving you extra flexibility filter/block by port, IP address, etc. for domain, public network, and private network (if applicable)

This will enable you to change the settings laid down in group policy. Try making a few changes and close the properties window. Don’t worry… you can always change them back!

  1. Now to take a closer look…. Close the properties window and click on “Inbound rules”… note that there are lots to choose from!

Double click on any rule to see the range of options available to you. Note that some apply to domain, others to public, still others to private.Bearing in mind previous problems, Try changing Outlook settings on the local machine so the user can use Outlook to receive Exchange Server mail (will be using port 25/110 or 80/443)…

  1. Oh well… you tried! Yes, there is an option to create custom rules, but this is disabled by the group policy. Never mind… hope you get the idea!
  1. Finally…if you had admin rights, you could save and export a set of Windows firewall settings, and put them into a group policy so all computers on the domain have those settings when members of that group policy object log on to the network.

Exercise 6(b): Downloading Zone Alarm

  1. The first thing you need to do is find the Zone Labs website: or get access to a downloaded copy of the free version of ZoneAlarm Pro.
  1. Download a copy to a memory stick. Keep it and do this practicalsession on your own machine.
  1. When you have your own machine in front of you, access the downloaded file and follow the instructions to install ZoneAlarm on that machine. You will need to re-boot the machine for settings to becoming effective. Do so…

Exercise 6(c): Testing Zone Alarm

  1. Once you have installed ZoneAlarm on your computer, and rebooted, it will create a firewall around that machine, protecting against incoming data, and protecting your own machine from leaking data…
  1. After rebooting, you may see “pop ups” appear from time to time. This is part of the normal functioning of ZoneAlarm, as it checks on programs that may be trying to communicate through the firewall.

Take time to analyse the meaning of any such messages. Don’t click on “allow” until you are satisfied what the program is, and what it does.

  1. Testing a firewall is a team effort. Log on with local administrative access to one machine. Make sure you connect logically and physically to a second machine. How do you do that? Clue: IP addresses, cable, lights. Make a note of the IP addresses – they’ll come in useful in a few minutes…
  1. Run the video about ZoneAlarm functionality, and watch it carefully - taking notes.
  1. Now look at the ZoneAlarm interface. If you look through the features displayed, you should find, amongst other things, “Firewall”.
  1. With the assistance of the help system, explore the functionality of the ZoneAlarm firewall, in particular its Zones, packet filtering and TCP options.
  1. “Trusted Zone” represents known computers (e.g. the Local Network), and Internet Zone should be self-explanatory. You could add the IP address of the other computer on your local network to the trusted zone.

Exercise 6(d): Sealing up TCP Ports using Zone Alarm Pro

  1. Refer to your lecture notes for the TCP ports that are most commonly hacked.
  1. Use Zone Alarm Pro to stop the entry of data through any of these ports: Protect the TCP ports for both “trusted” and “Internet” zones.
  1. Go to the “reserve” computer. Now, try to hack into the firewalled machine by running telnet (port 23)
  1. What happens?
  1. Now figure out how to use some of the other TCP ports, and test those out…
  1. Now with the help of IIS try to set up the computer as a web server and save a html file to the wwwroot folder. Access it from the other computer using its IP address. Which TCP port will be used in this case?
  1. Now try removing your other computer from the trusted zone, and repeat some of the above exercises. What happens?

Exercise 6(e): Checking for Malware & Spyware

Whilst antivirus products pick out the signatures of software that is harmful to your computer, there is another breed of irritating software called adware, or spyware that use a variety to a mechanisms to extract data from your computer.

Spyware is any software program that secretly collects information from the computer on which it'sinstalled and broadcasts the information back to an outside party that controls the program. Probably the nastiest of these are “keyloggers”; programs that log every key you press!

Less intrusive spyware programs could cause increased spam or pop-up ads, which may still pose a serious threat to your privacy.

Some of the most sophisticated spyware can continually mutate (polymorphism), making it more difficult to detect and remove. Solution: use specialist software.

  1. Click on the Anti-Spyware tag & run the ZoneAlarm spyware scanner on your machine.

As it hasn’t been directly connected to the Internet, yet, this computer should be devoid of spyware.

However, you (or others) may have used programs downloaded from the Internet to install some of the devices – so you never know…

  1. Go to the “Overview” tab. This is useful, because it gives a summary of inbound, outbound, email, and anti-spyware. You have to check other tabs, of course, to see the detail…
  1. Check and investigate all the options available through other tags. As you can see, this is a very powerful product.

RCH161