Firewall
124
ZoneAlarm
This facility denies Internet access to machines your LAN that are not running the
ZoneAlarm Pro personal firewall software.
Running personal firewall software on each
PC offers an extra layer of protection from application level, operating system specific
exploits and malware that abound on the Internet.
Policy enforcement
This access control module allows a site's security policy to be partially actively enforced.
Hosts which do not adhere to their defined policy will be automatically denied access
through the firewall.
A number of security groups can be defined where each group contains a number of host
IP addresses or IP address ranges.
Each group is aditionally given a number of
permitted and denied services which they are allowed to offer.
Each host in each group
will be periodically actively scanned for the services they are not allowed to offer and if a
connection to one of these services is successful, the host is black listed until such time
as the offending service is no longer offered.
Scans are never performed against
permitted services.
A number of predefined allow and deny service lists are provided,
however, these should really be considered a guideline only as they are not a
replacement for a well thought out and designed security policy.
In addition to enforcing the services aspect of security groups, it is possible to include a
number of NASL (
Nessus Attack Scripting Language
) scripts in
/etc/config
on the unit and
to define some or all of these to be run against the target hosts.
Typically, one would use
attack scripts from the Nessus suite to scan for specific vulnerabilities and exploits on a
host.
If any script detects such a vulnerability, Internet access will again be blocked.
The
list of available scripts is automatically populated from the files ending with
.nasl
in
/etc/config
.
Security groups may overlap with respect to hosts within them.
In this case, a single
allow service overrides any number of denies of that same service.
However, NASL
scripts and overlapping groups do not interoperate particularly and should be avoided.
The top level page has a checkbox
Block Unscanned Hosts
which defines the
behaviour for a host which hasn't been scanned or is not defined to be scanned.
The
Minimum Inter Probe Delay
specifies a minimum number of seconds between
scans of a single host.
It also specifies the maximum time for changes to take effect.
The
Simultaneous Probes
setting specifies the maximum number of different hosts that
should be scanned together.
19216811.live