Detailed instructions for use are in the User's Guide.
[. . . ] McAfee Firewall
Getting Started
Version 2. 10
COPYRIGHT Copyright © 2000 Network Associates, Inc. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Network Associates, Inc. TRADEMARK ATTRIBUTIONS * ActiveHelp, Bomb Shelter, Building a World of Trust, CipherLink, Clean-Up, Cloaking, CNX, Compass 7, CyberCop, CyberMedia, Data Security Letter, Discover, Distributed Sniffer System, Dr Solomon's, Enterprise Secure Cast, First Aid, ForceField, Gauntlet, GMT, GroupShield, HelpDesk, Hunter, ISDN Tel/Scope, LM 1, LANGuru, Leading Help Desk Technology, Magic Solutions, MagicSpy, MagicTree, Magic University, MagicWin, MagicWord, McAfee, McAfee Associates, MoneyMagic, More Power To You, Multimedia Cloaking, NetCrypto, NetOctopus, NetRoom, NetScan, Net Shield, NetShield, NetStalker, Net Tools, Network Associates, Network General, Network Uptime!, NetXRay, Nuts & Bolts, PC Medic, PCNotary, PGP, PGP (Pretty Good Privacy), PocketScope, Pop-Up, PowerTelnet, Pretty Good Privacy, PrimeSupport, RecoverKey, RecoverKey-International, ReportMagic, RingFence, Router PM, Safe & Sound, SalesMagic, SecureCast, Service Level Manager, ServiceMagic, Site Meter, Sniffer, SniffMaster, SniffNet, Stalker, Statistical Information Retrieval (SIR), SupportMagic, Switch PM, TeleSniffer, TIS, TMach, TMeg, Total Network Security, Total Network Visibility, Total Service Desk, Total Virus Defense, T-POD, Trusted Mach, Trusted Mail, Uninstaller, Virex, Virex-PC, Virus Forum, ViruScan, VirusScan, VShield, WebScan, WebShield, WebSniffer, WebStalker WebWall, and ZAC 2000 are registered trademarks of Network Associates and/or its affiliates in the US and/or other countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners. [. . . ] Depending on your settings, it will allow or block an application's attempt to communicate. To control which applications may communicate, click the Settings menu item and choose Applications. If you choose to "Trust all applications" (putting a check mark in the box), then applications will be added to the "Trusted" list automatically and will be allowed to communicate. If you do not choose to "Trust all applications", as shown in the figure above, then the first time you run an application and it tries to communicate, you will be prompted and asked if you want that application to communicate. Known applications are either allowed or blocked, depending on which list they have been put in.
Getting Started
21
McAfee Firewall Configurations
Default settings for applications
When installed, the default setting is to prompt the user before allowing an application to communicate. The first time you run an application that uses the network, you will be prompted. If you choose "Yes", the application will be allowed to communicate normally, as it would without McAfee Firewall running. If you choose "No", the application will be blocked and will probably report an error message, such as "Network is unavailable". If you allow an application the first time you are prompted, you may change this and block it at any time: just select the Settings/Applications menu item. There, you can move applications into either the "Trusted" list or the "Blocked" list. When you exit McAfee Firewall, your settings are saved and will be the same the next time it is run.
Systems
Control system
The operating system performs many types of network communication without reporting directly to the user. McAfee Firewall lets the user allow or block different system functions explicitly. Settings may be different for each network device, since a PC may, for example, be on an internal network as well as having a dial-up connection to the Internet. To control System settings, click on the Settings menu item and choose System. System Settings
22
McAfee Firewall
McAfee Firewall Configurations
You can either double-click on the network device or click once and choose Properties.
Figure 3-2. Dial-Up Adapter [0000] Properties
You can then choose to allow or block NetBIOS over TCP, Identification, ICMP, ARP, DHCP, RIP , PPTP and other protocols (IP and non-IP). NOTE: For more information, refer to the McAfee Firewall online Help.
Getting Started
23
McAfee Firewall Configurations
Default settings for System activity
NetBIOS over TCP: Blocked
This will block all fileshare activity over TCP as well as UDP broadcasts. Your system will not appear in anyone's "Network Neighborhood" and theirs will not appear in yours. If your system is configured to support NetBIOS over other protocols, such as IPX or NetBEUI, then filesharing may be allowed if "non-IP protocols" are allowed (see "Other Protocols" below).
Identification: Allowed
This service is often required when getting email and is required by most IRC servers.
ICMP: Blocked
This protocol is often abused as a method of breaking people's network connections (especially on IRC).
ARP: Allowed
ARP is a necessary Ethernet protocol and is not known to be a threat.
DHCP: Allowed if your system uses DHCP
The program looks in your system Registry to see if one of your network devices uses DHCP. If you have more than one network device and one uses DHCP, you should check the DHCP setting for each device and allow only for the device that uses (most often cable or ADSL modems and some internal networks, not for dial-up).
RIP: Blocked
Allow RIP if your adminstrator or ISP advises you to.
PPTP: Blocked
This should only be altered by the administrator.
Other Protocols: Blocked
If you are on an IPX network, you should allow "non-IP protocols". Ask your network administrator before making any change here.
24 McAfee Firewall
McAfee Firewall Configurations
Password Protection
While McAfee Firewall is designed to protect a Windows computer from unwanted network communication, the security it provides can be undermined if the configuration can be altered. This problem is partially addressed by adding password protection to the configuration file. [. . . ] With telnet, you are sending your username and password over a network and they may be stolen by someone and used to break in. tftp Trivial file transfer protocol, a UDP-based file transfer protocol. tftp is a security risk because it involves no interaction with the user - it can occur without you knowing about it. trojan A program or piece of executable code that is transmitted without the user's knowledge, often allowing outsiders to break into or control the system Tunnel Encapsulates one protocol or data stream within another. [. . . ]