Mcafee FIREWALL 4.0 User Manual

McAfee Firewall

VERSION 4.0

PRODUCT GUIDE

part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Network Associates, Inc.

TRADEMARK ATTRIBUTIONS ACTIVE SECURITY, ACTIVE SECURITY (IN KATAKANA), ACTIVEHELP, ACTIVESHIELD,

ANTIVIRUS ANYWARE AND DESIGN, BOMB SHELTER, CERTIFIED NETWORK EXPERT, CLEAN-UP, CLEANUP WIZARD, CNX, CNX CERTIFICATION CERTIFIED NETWORK EXPERT AND DESIGN, CYBERCOP, CYBERCOP (IN KATAKANA), CYBERMEDIA, CYBERMEDIA UNINSTALLER, DESIGN (STYLIZED N), DISK MINDER, DISTRIBUTED SNIF FER SYSTEM, DISTRIBUTED SNIFFER SYSTEM (IN KATAKANA), DR SOLOMON’S, DR SOLOMON’S LABEL, ENTERPRISE SECURECAST, ENTERPRISE SECURECAST (IN KATAKANA), EZ SETUP, FIRST AID, FORCEFIELD, GMT, GROUPSHIELD, GROUPSHIELD (IN KATAKANA), GUARD DOG, HELPDESK, HOMEGUARD, HUNTER, ISDN TEL/SCOPE, LANGURU, LANGURU (IN KATAKANA), M AND DESIGN, MAGIC SOLUTIONS, MAGIC SOLUTIONS (IN KATAKANA), MAGIC UNIVERSITY, MA GICSPY, MAGICTREE, MCAFEE, MCAFEE (IN KATAKANA), MCAFEE AND DESIGN, MULTIMEDIA CLOAKING, NET TOOLS, NET TOOLS (IN KATAKANA), NETCRYPTO, NETOCTUPUS, NETSCAN, NETSHIELD, NETSTALKER, NETWORK ASSOCIATES, NETXRAY, NOTESGUARD, NUTS & BOLTS, OIL CHANGE, PC MEDIC, PC MEDIC 97, PCNOTARY, PGP, PGP (PRETTY GOOD PRIVACY), PRETTY GOOD PRIVACY, PRIMESUPPORT, RECOVERKEY, RECOVERKEY - INTERNATIONAL, REGISTRY WIZARD, REPORTMAGIC, RINGFENCE, ROUTER P M, SALESMAGIC, SECURECAST , SERVICE LEVEL MANAGER, SERVICEMAGIC, SMARTDESK, SNIFFER, SNIFFER (IN HANGUL), SNIFFMASTER, SNIFFMASTER (IN HANGUL), SNIFFMASTER (IN KATAKANA), SNIFFNET, STALKER, SUPPORTMAGIC, TIS, TMEG, TNV, TVD, TNS, TOTAL NETWORK SECURITY, TOTAL NETWORK VISI BILITY, TOTAL NETWORK VISIBILITY (IN KATAKAN A), TOTAL SERVICE DESK, TOTA L VIRUS DEFENSE, TRUSTED M AIL, UNINSTALLER, VIREX, VIRUS FORUM, VIRUSCAN, VIRU SSCAN, WEBSCAN, WEBSHI ELD, WEBSHIELD (IN KATAKANA), WEBSNIFFER, WEBSTALK ER, WEBWALL, WHO’S WATCHING YOUR NETWORK, WINGAUGE, YOUR E-BUSINESS DEFENDER, ZAC 2000, ZIP MANAGER are registered

trademarks of Net work As socia tes, Inc. and/or its affi liates i n the US an d/or ot her coun tries . All other registered and unregistered trademarks in this document are the sole property of their respective owners. © 2002 Networks Associates Technology, Inc. All Rights Reserved.

Issued August 2002 / Product Guide v4.0

McAfee Perpetual End User License Agr eement – United States of America

NOTICE TO ALL USERS: CA REFULLY READ THE FOLLOWING LEGAL AGREEMENT ("AGREEMENT"), FOR THE LICENSE OF SPECIFIED SOFTWARE ("SOFTWARE") PRODUCED BY NETWORK ASSOCIATES, INC. ("McAfee"). BY CLICKING THE ACCEPT BUTTON OR INSTALLING THE SOFTWARE, YOU (EITHER AN I NDIVIDUAL OR A SINGLE ENTITY) CONSENT TO BE BOUND BY AND BECOME A PARTY TO THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TER MS OF THIS AGREEMENT, CLICK THE BUTTON THAT INDICATES THAT YOU DO NOT ACCEPT THE TERMS OF THIS AGREEMENT AND DO NOT INSTALL THE SO FTWARE. (IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO THE PLACE OF PURCHASE FOR A FULL REFUND.)

1. License Grant. Subject to the payment of the applicable license fees, and subject to the terms and conditions of

this Agreement, McAfee hereby grants to you a non-exclusive, non-transferable right to use one copy of the specified version of the Software and the accompanying docume ntation (the "Documenta tion"). You may instal l one copy of t he S oftwar e on one co mpute r, w orkst atio n, pe rsona l di gita l ass istan t, pa ger, "sma rt ph one" or ot her electronic device for which the Software was designed (each, a "Client Device"). If the Software is licensed as a suite or bundle with more than one specified Software product, this license applies to all such specified Software produ ct s, subject to any restri ct ions or usage terms specified on the applicable price list or product packaging that apply to any of such Software products individually.

a. Use

b. Server-Mo de U se

c. Volume License Use

. The Software is licensed as a single product; it may not be used on more than one Client Device or by more than one user at a time, except as set forth in this Sectio n 1 . The S o ftwa re is "in use" on a Client Device when it is l oaded into th e temporary memory (i.e. , random-a ccess memory or RAM) or installed into the permanent memory (e.g., hard disk, CD-ROM, or other storage device) of that Client Device. This license authorizes you to make one copy of t he Software solely for backup or archiv al purposes, p rovided t hat th e copy yo u make co ntains all of the Sof tware' s propri etar y notice s unalt ered and unobstructed.

. You may use the Software on a Client Device as a server ("Se rver") within a multi-user or n et wor ke d en vi ronm ent (" Se rver -Mo de" ) on ly if s uch use is pe rmit te d i n the a p pl icab le price list or product packaging for the Software. A separate license is required for each Client Device or "seat" that may connect to the Server at any time, regardless of whether such licensed Client Devices or seats are concurrently connected to, accessing or using the Sof t w are. Use of software or hardware that reduces the number of Client D evices or seats directly accessing or utilizi ng the Software (e.g ., " m ultiplexing" or "pooling" software or hardware) d oes not reduce the number of licenses required (i.e., the required number of licenses would equal the number of distinct inputs to the multiple xing or pooling software or hardware " front end "). If the number of Client Devices or seats that can conn ect to th e Soft war e can exce ed th e numbe r of li censes you ha ve obt aine d, the n you mus t have a reasonable mechanism in place to ensure that your use of the Software does not exceed the use limits specified for the licenses you have obtained. This license authorizes you t o make o r d ownlo ad one copy of the Documentation for each Client Device or seat that is licensed, provided that each such copy contains all of th e D ocumentation's proprietary notices una ltered and unobstruct ed.

. If the Software is licens ed with volume license terms s pecified in the applic able product invoicing or product packaging for the Software, you may make, use and install as many additional copies of the Software on the number of Client Devices as the volume license te rms specify. You must have a reasona ble mechanism in place to ensure that the number of Client Devices on which the Software has be en installed does no t ex ceed the number of licenses you have obtain ed. This license authorizes you to make or download one copy of the Documentation for each additional copy authorized by the volume license, provided that each su ch copy contains all o f t he D ocumentation' s proprietary noti ce s unaltered and unobst ructed.

Product Guide iii

2. Term. This Agreement is effective for an unlimited duration unless and until earlier terminated as set forth

herein. This Agreement will terminate automatically if you fail to comply with any of the limitations or other requirements described herein. Upon any termination or expiration of this Agreement, you must cease use of the Software and destroy all copies of the Software an d the Documentat ion.

3. Updates. For the time period specified in the applicable product invoicing or product packaging for the

Software, you are entitled to download revisions or updates to the Software when and as Mc Afee publishes t hem via its elect ronic bullet in boar d syste m, websi te or t hrough o ther on line ser vices. For a pe riod of ninety (90) days from the date of the of original purchase of the Software, you are entitled to download one (1) revision or upgrade to the Software when and as McAfee publishes it via its electronic bulletin board system, website or through other online services. After the specified time period, you have no further rights to receive any revisions or upgrades with out purchase of a new lic ense to the Software .

4. Ownership Ri ghts. The Software i s pr ot ected by United State s co pyright laws and int er national treaty

provisions. McAfee and its suppliers o wn and retain all right, title and intere st in and to the Software, in cludin g all copyrights, patents, trade secret rights, trademarks and other intellectual property rights therein. Your possession, installatio n, or us e of the Software does not trans fer to you any title to the in tellectual p roperty in the Software, and you will not acquire any rights to the Software e xcept as e xpressly s et for th in thi s Agreement. All copies of the Software and Documentation made hereunder must contain the same proprietary notices that appear on and in the Softw ar e and Documentati on.

5. Restrictions. You may not sell, lease, license, rent, lo an or otherwise transf er, with or without consid eration, the

Software. Mc A fee updates its Soft ware frequently and performance dat a for its Software change. Before conducting be nchmark tests rega rding this Softwa re, contact McAfe e to verify that You possess the correct Software for the test and the then current version and editio n of the Software . You agree not to permit any third party (other than t hi rd parties under contract with You whic h contains nondiscl os u r e obligations no less restrictive than thos e set forth herein) to use the Licensed Pro gram in any form and sha ll use all reasonab le efforts to ensure that no im p r oper or unauthorize d use of the Licensed Prog r am is made. You may no t p ermit third parties to benefit from the use or functionality of the Software via a timesharing, service bureau or other arrangement, except to the extent such use is specified in the applicable list price or product packaging for the Software. You m ay not transfer any of th e ri ghts granted to you under this Agreement. You may not re ver se engineer, decompile, or disassemble the Software, except to the extent the forego in g restriction is ex pr essly prohibited by applicable law. You may not mo dify, or crea te derivative wo rks based upon, the Software in whole or in part. You may not copy the Software or Documentation except as expressly permitted in Section 1 above. You may not rem ove any proprieta ry notices or labels on the Software. All ri ghts not expressly set forth hereunder are res erved by McAfee.

6. Warranty and Disclaimer.

a. Limited Warranty

. McAfee warrants that for sixty (60) days from the date of original purchase the media (e.g., diskettes) on which the Software is contained will be free from defects in materials and workmanship.

b. Customer Remedies

. McAfee's and its suppliers' entire liability and your exclusive remedy for any breach of the fo regoing warranty s hall be, at McAfee' s option, either (i) return of the purchase price paid for the license, if any, or (ii) replacement of the defective media in which the Software is contained. You m us t r et ur n the defective media to M cAfee at your expense w ith a copy of your receipt. This limited war ranty is void if the defect has resu lted from accident , abuse, or misapp lication. Any replacement media will be warran te d for the remainder of the original warranty period. Outside the United States, this remedy is not available to the extent McAfee is subject to restrictions under United States export control laws and regulations.

iv McAfee Firewall 4.0

c. Warranty Disclaimer. Except for the limited warranty set forth herein, THE SOFTWARE IS

PROVIDED "AS IS." TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MCAFEE DISCLAIMS ALL WARRANTIES, EI THER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT WITH RESPECT TO THE SOFTWARE AND THE ACCOMPANYING DOCUMENTATION. YOU ASSUME RESPONSIBILITY FOR SELECTING THE SOFTWARE TO ACHIEVE YOUR INTENDED RESULTS, AND FOR THE INSTALLATION OF, USE OF, AND RESULTS OBTAINED FROM THE SOFTWARE. WITHOUT LIMITING THE FOREGOING PROVISIONS, MCAFEE MAKES NO WARRANTY THAT THE SOFTWARE WILL BE ERROR-FREE OR FREE FROM INTERRUPTIONS OR OTHER FAILURES OR THAT THE SOFTWARE WILL MEET YOUR REQUIREMENTS. SOME STATES AND JURISDICTIONS DO NOT ALLOW LIMITATIONS ON IMPLIED WARRANTIES, SO THE ABOVE LIMITATION MAY NOT APPLY TO YOU. The foregoing provisions shall be enforceable to the maximum extent permitted by applicable law.

7. Limitation of Liability. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER

IN TORT, CONTRACT, OR OTHERWISE, SHALL MCAFEE OR ITS SUPPLIERS BE LIABLE TO YOU OR TO ANY OTHER PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR FOR ANY AND ALL OTHER DAMAGES OR LOSSES. IN NO EVENT WILL MCAFEE BE LIABLE FOR ANY DAMAGES IN EXCESS OF THE LIST PRICE MCAFEE CHAR GES FOR A LICENSE TO THE SOFTWARE, EVEN IF MCAFEE SHALL HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY TO THE EXTENT THAT APPLICABLE LAW PROHI BITS SUCH LIMITATION. FURTHERMORE, SOME STATES AND JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION AND EXCLUSION MAY NOT APPLY TO YOU. The foregoing provisions shall be enforceable to the maximum extent permitted by applic able law.

8. United States Government. Th e Software and accompanying Documentation are deemed to be "commercial

computer software" and "commercial computer software documentation," respectively, pursuant to DFAR Section 227.7202 and FAR Section 12.212, as applicable. Any use, modification, reproduction, release, performance, di splay or disclosure of the Software an d accompanying Do cumentation by th e U ni t ed States Government shall be govern ed solely b y the ter ms of this Agreement and shall b e prohibite d except t o the ex tent expressly permitted by the terms of this Agreement.

9. Export Controls. You are advised that the Software is subject to the U.S. Export Administration Regulations.

You shall not exp ort, import or transfer Software cont rary to U.S. or other applicable laws, w hether directly or indirectly, and will not cause, app ro ve or otherwise facilitate others such as agents or any third par tie s in do ing so. You represen t and agrees that neit her the United States Bureau of Export A dministration nor any other federal agency has suspended, revoked or denied your export privileges. You agree not to use or transfer the Software for end use relating to an y nuclear, chemical or biological weapons, or missile technology unless authorized by the U.S. Government by regulation or specific license. Additionally, you acknowledge that the Software is sub j ect to export control regulations in the E ur opean Union and you h ereby declare and agree that the Software will not be used for any other purpose than civil (non-military) purposes. The parties agree to cooperate w ith eac h ot he r with re spec t to any app lic at io n f or a ny req ui re d li cen ses an d ap pr ova ls, ho wev er, yo u acknowledge it is your ultimate responsibility to comply with any and all export and import laws and that McAfee has no further responsibility after the initial sale to you within the original country of sale.

Product Guide v

10. High Risk Activities. The Softwar e i s not fault-tolerant and is not designed o r i nt ended for use in hazardous

environments requiring fa il-safe perf ormance, including wi thout limitatio n, in the operati on of nuclear f acilities, aircraft navigation or communication systems, air traffic control, weapons systems, direct life-support machines, or any other application in which the failure of the Software could lead directly to death, personal injury, or severe physical or property damage (collectively, "High Risk Activities"). McAfee expressly disclaims any express or impli ed w arranty of fitness f o r High Risk Activities .

11. Miscellaneous. This Agreement is governed by the laws of the United States and the State of California,

without reference to conflic t o f laws principles. The application of the United Na tio ns Convention of Contracts for the International Sa le of Goods is e xpress ly exc luded. This Agree ment se ts f orth a ll rig hts for the user of the Software and is the entire agreement between the parties. McAfee reserves the right to periodically audit you to ensure that you are not usi ng an y Soft ware in v io lat io n of t his Agree men t. D uri ng yo ur sta ndar d bus ine ss hour s and upon prior wr itt en notice, McAfee may visit you and you w i ll m ake available to Mc A fee or its representatives any records perta ining to the Softwar e to McAfee. The cost of any requeste d audit will be solely borne by McAfee, unless such aud it di scloses an underpayment or amount due to McAfee in exce ss of five percent (5%) of the initial li cens e f ee fo r th e S of twar e or y ou ar e usin g the Software in an unauthorized manor, in which case you shall pay the cost of the au di t. This Agreement supersedes any other communications w ith respect to the Software and Documentation. This Agreement may not be modified except by a written addendum issued by a duly authorized representative of McAfee. No provision hereof shall be deemed waived unless such waiver shall be in writing and signed by McAfee or a duly authorized representative of McAfee. If any provision of this Agreement is held invalid, the remainder of this Agreement shall continue in full force and effect. The parties c onfirm th a t it is their wish that this Agreement has been writ ten in the English language on ly.

12. MCAFEE CUSTOMER CONTACT. If you have any questions concerning these terms and conditions, or if

you would like to contact McAfee for any other reason, please call (408) 988-3832, fax (408) 970-9727, or write: Network Associ ates, Inc., McAfee Software Division, 3 965 Freedom Circle, Santa Clara, Califo rn ia 95054. http://www.nai.com.

vi McAfee Firewall 4.0

McAfee Perpetual End User License Agr eement – Canada

NOTICE TO ALL USERS: CA REFULLY READ THE FOLLOWING LEGAL AGREEMENT ("AGREEMENT"), FOR THE LICENSE OF SPECIFIED SOFTWARE ("SOFTWARE") BY NETWORK ASSOCIATES INTERNATIONAL B.V. ("McAfee"). BY CLICKING THE ACCEPT BUTTON OR INSTALLING THE SOFTWARE, YOU (EITHER AN I NDIVIDUAL OR A SINGLE ENTITY) CONSENT TO BE BOUND BY AND BECOME A PARTY TO THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TER MS OF THIS AGREEMENT, CLICK THE BUTTON THAT INDICATES THAT YOU DO NOT ACCEPT THE TERMS OF THIS AGREEMENT AND DO NOT INSTALL THE SO FTWARE. (IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO THE PLACE OF PURCHASE FOR A FULL REFUND.)

1. License Grant. Subject to the payment of the applicable license fees, and subject to the terms and conditions of

a. Use

b. Server-Mo de U se

. You may use the Software on a Client Device as a server ("Se rver") within a multi-user or n et wor ke d en vi ronm ent (" Se rver -Mo de" ) on ly if s uch use is pe rmit te d i n the a p pl icab le price list or prod uc t p ack ag in g f or t he S of twar e w hic h y ou a ck now le dge y o u hav e r ec eive d and r ea d. A separate licens e is required for each Client Device or "s eat" that may connect to the Server at any time, regardless of whether such licensed Client Devices or seats are concurrently connected to, accessing or using t he Software. Use of software or hardware th at reduces the number of Client Devices or seats directly accessing or utilizing the Software (e.g., "multiplexing" or "pooling" software or hardware) does not reduce the number of licens es required (i.e., the required number of licenses would equal the number of distinct inputs to the multiplexing or pooling software or hardware "front end"). If the number of Client Devices or seats that can connect to the Software can exceed the number of lice nses yo u have obt ained, then you m ust have a reasona ble mecha nism in pl ace to ensure that your use of the Software does not exceed the use limits specified for the licenses you have obtained. This license authorizes you to make or download one copy of the Documentation for each Client Devi ce or sea t that i s licensed , provi ded that each such c opy cont ains all of the Doc umentati on's proprietary noti ce s unaltered and unobst ructed.

Product Guide vii

c. Volume License Use. If the Software is licensed with volume lic ense terms specified in t he applicable

price list or product packaging for the Software, you may make, use and install as many additional copies of the Softw ar e on the number of Client D evices as the volume license authorizes. Y ou must have a reasonable mechanism in place to ensure that t he number of Clien t Devices on which the Software has been installed does not exceed the number of licenses you have obtained. This license authorizes you to m ake or download one co py of the Documentation for each additional copy authorized by th e volume license, provided that each su ch copy contains all o f t he D ocumentation' s proprietary notices unaltered and unobstructed.

2. Term. This Agreement is effective for an unlimited duration unless and until earlier terminated as set forth

3. Updates. For th e time period specified in the applicable price list or prod uct packaging for the Software, you are

entitled to download revisions or updates to the Software when and as McAfee publishes them via its electronic bulletin board system, website or through other online services. For a period of ninety (90) days from the date of the of origina l pu rchase of the Software, you are entitled to download one (1) revision or upgrade to the Software whe n and as McAfee publi shes it via its electro nic bulletin board system, websit e or through other online services. After the specified time period, you have no further rights to receive any revisions or upgrades without purchase of a new license to the Software.

4. Ownership Ri ghts. The Software is prot ected by United State s co pyright laws and int er national treaty

5. Restrictions. You may not sell, leas e, license, rent, lo an or otherwise transf er, with or without consid eration, the

Software. Mc A fee updates its Soft ware frequently and performance dat a for its Software change. Before conducting be nchmark tests rega rding this Softwa re, contact McAfe e to verify that You possess the correct Software for the test and the then current version and edition of the Software. Benchmark tests of former, outdated or inappropriate versions or editions of the Software may yield results that are not reflective of the performance of the current version o r edition of the Software. You agree not to permit any thir d party (other than third parties under contract with you which contract contains nondisclosure obligations no less restrictive than those set forth herein) to use the Software in any form and shall use all reasonable efforts to ensure that there is no improper or un aut horized use of the Sof tware. You may not per m it third parties to benefit from the use or functionalit y of the Software via a timesharing, service bureau o r other arrangement, except to the extent such use is specified in th e applicable list pri ce or product packag in g for the Software. Y ou m ay not transfer any of the rights granted to you under this Agreement. You may not reverse engineer, decompile, or disassemble the Software, except to the extent the foregoing restriction is expressly prohibited by applicable law. The interface information necessary to achieve interopera bility of the Software with indep endently created comp uter programs will be supplied by McAfee on reque st and on payment of suc h reasonable costs and expenses of McAfee in supplying th at i nfor mat i on. Yo u ma y not m odif y, or cre a te de ri vati ve work s ba sed up on, th e Sof twar e in whol e or in part. You may not copy the Software or Documentation except as expressly permitted in Section 1 above. You may not remove or alter any proprietary notices or labels o n the Softwa re or Documen tation . All righ ts not expressly set fo rth hereunder are reserved by McA f ee.

6. Warranty and Disclaimer.

viii McAfee Firewall 4.0

a. Limi ted Warranty. McAfee warrants that for sixty (60) days from the date of original purchase the

media (e.g., diskettes) on which the Software is contained will be free from defects in materials and workmanship.

b. Customer Remedies

. McAfee's and its suppliers' entire liability and your exclusive remedy for any breach of the fo regoing warranty s hall be, at McAfee' s option, either (i) re t urn of the purchase price paid for the license, if any, or (ii) replacement of the defective media in which the Software is contained. You m us t r et ur n the defective media to M cAfee at your expense w ith a copy of your receipt. This limited war ranty is void if the defect has resu lted from acciden t, abuse, or misapp lication. Any replacement media will be warran te d for the remainder of the original warranty period. Outside the United States, this remedy is not available to the extent McAfee is subject to restrictions under United States export control laws and regulations.

c. Warranty Disclaimer

. Except for the limited warranty set forth herein, THE SOFTWARE IS PROVIDED "AS IS." TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MCAFEE DISCLAIMS ALL WARRANTIES, REPRESENATIONS AND CONDITIONS, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LI M ITED TO IMP LI ED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT WITH RESPECT TO THE SOFTWARE AND THE ACCOMPANYING DOCUMENTATION. YOU ASSUME RESPONSIBILITY FOR SELECTING THE SOFTWARE TO ACHIEVE YOUR INTENDED RESULTS, AND FOR THE INSTALLATION OF, USE OF, AND RESULTS OBTAINED FROM THE SOFTWARE. WITHOUT LIMITING THE FOREGOING PROVISIONS, MCAFEE MAKES NO WARRANTY, REPRESENTATION OR CONDITION THAT THE SOFTWARE WILL BE ERROR-FRE E OR FREE FROM INTERRUPTIONS OR OTHER FAILURES OR THAT THE SOFTWARE WILL MEET YOUR REQUIREMENTS. SOME STATES AND JURISDICTIONS DO NOT ALLOW LIMITATIONS ON IMPLIED WARRANTIES, SO THE ABOVE LIMITATION MAY NOT APPLY TO YOU.

7. Limitation of Liability. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER

8. United States Government. The Software and accompanying Documentation are deemed to be "commercial

Product Guide ix

9. Export Controls. You have been advised that the Software is subject to the U. S. Export Administrat ion

Regulations and applicable loca l export contro l laws. Yo u shall not export, import or trans fer Pro ducts con trary to U.S. or other applicable local laws , whether directly or indirectly, and will not cause, approve or otherwise facilitate others such a s agen ts or an y third par ties i n doing s o. If appl icable to you, you re present a nd agr ee that neither the Uni ted S tates Bureau of Expo rt Admi nistr atio n nor any other fe dera l agenc y has suspend ed, r evoked or denied your export privileges. You agree not to use or transfer the Software for end use relating to any nuclear, chemical or biological weapons, or missile technology unless authorized by the U.S. Government and any other applicable local authority by regula tion or specifi c license. Additionall y, you acknowledge tha t the Software is subject to exp ort cont rol reg ul at ion s in t he Eur ope an Unio n an d you he reb y de cl are an d ag ree t hat the Sof twar e will not be used for any other purpose than civil (non-military) purposes. The parties agree to cooperate with each other with respect to any application for any required licenses and approvals, however, you acknowledge it is your ultimate responsibi lity to comply with any and all e xport and import laws and that McAfee has no furthe r responsibility after the initial sale to you within the original country of sale.

10. High Risk Activities. The Software is not fault-tolerant and is not designed o r i nt ended for use in hazardous

environments requiring fa il-safe perf ormance, including wi thout limitatio n, in the operati on of nuclear f acilities, aircraft navigation or communication systems, air traffic control, weapons systems, direct life-support machines, or any other application in which the failure of the Software could lead directly to death, personal injury, or severe physical or property damage (collectively, "High Risk Activities"). McAfee expressly disclaims any express or implied warranty or condition of fitness for High Risk Activities.

11. Miscellaneous. This Agreement is governed by the la w s o f t he N etherlands. The app lication of the United

Nations Conven tion of Contract s for the In ternation al Sale of Goods is ex pressly ex cluded. D isputes wi th respe ct to this Agreement, as well as with respect to its conclusion and execution, will be submitted exclusively to the competent court in Amsterdam. This Agreement s ets forth al l rights for the user of the Soft ware and is the ent ire agreement between the parties. McAfee reserves the right to periodically audit you to ensure that you are not using any Software in violation of this Agreement. During your standard b us iness hours and upon prior written notice, McAfee may visit you and yo u w i ll m ake available to McAfee or its represe nt at ives any records pertaining to the Software to McAf ee. The cost of any req ues ted audit will be solely borne by McAfee, unless such audit discloses an underpayment or amount due to McAfee in excess of five percent (5%) of the initial license fee for the Software or you are using the Software in an unauthorized manor, in which case you shall pay the cost of the audit. This Agreement supersedes any other communications with respect to the Software and Documentation. This Agreement may n ot be modified except by a writt en addendum issued by a duly authori zed representative of McAfee. No pr ovi s ion hereof shall be deemed waived un le ss such waiver shall be in writing and signed by McA fee or a d uly auth orize d rep rese ntati ve o f McAf ee. I f an y pr ovis ion of thi s Ag reeme nt is hel d invalid, the remainder of this Agreement shall continue in full force and effect. The parties have required that this Agreement and all documents relating thereto be drawn up in English. Les parties ont demandé que cette convention ainsi que tous les doc um ents que s'y attachent soient rédigés en anglais.

12. MCAFEE CUSTOMER CONTACT. If you have any questions concerning these terms and conditions, or if

you would like to contact McAfee for any other reason, pl ease call +31 20 586 61 00 or write: McAfee, Gatwickstraat 25, 1043 GL Amsterdam, Netherlands. You will find our In ternet web-site at http:// www.nai.com.

x McAfee Firewall 4.0

Contents

Welcome to McAfee Firewall 4.0 . . . . . . . . . . . . . . . . . . . . . . . . . . 13

What’s new in this release? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

How McAfee Firewall works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

About this manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Frequently asked questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Installing McAfee Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Installation steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Troubleshooting installation problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Removing or modifying your McAfee Firewall installation . . . . . . . . . . . . . . . . . . . . . . . . . 24

Important information about Windows XP migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Getting Started with McAfee Firewall . . . . . . . . . . . . . . . . . . . . . . 25

The Configuration Assistant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

The McAfee Firewall Home page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

The Title bar and Tool bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Status information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

The Task pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Other McAfee Firewall features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

McAfee Firewall Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Program configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

System configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

McAfee Firewall’s Intrusion Detection System . . . . . . . . . . . . . . 43

About Intrusion Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

How to Configure the Intrusion Detection System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Common attacks recognized by IDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Product Guide xi

Contents

Updating McAfee Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

About Instant Updater . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Instant Updater features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

How to contact McAfee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

About www.McAfee-at-Home.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Customer Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Technical support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

xii McAfee Firewall 4.0

Welcome to McAfee Firewall 4.0

Protect yourself while online with the advanced security of McAfee Firewall. Easy-to-use, yet highly configurable, McAfee Firewall secures your PCs connection to the Internet whether you connect via DSL, cable modem or dial-up. With intrusion detection, color coded security alerts, customizable audible alerts, detailed logging, and an application scan for Internet enabled applications, McAfee Firewall gives you the power you need to control the communications into and out of your PC, ensuring tha t your online experience is as safe as it is enjoyable.

McAfee Firewall:

n Controls file and print share access. n Shows who is connecting to your computer if you allow sharing. n Stops floods and other attack packets from being received by the

Operating System.

n Blocks untrusted applications from communicating over the network. n Provides detailed information about which sites you have contacted and

the type of connection that was made.

n Can be set to block all traffic or traffic from a spec ific IP address

immediately.

What’s new in this release?

n Firewall security check: Examines yo ur security sett i ngs for possible

vulnerabilities.

n Enhanced hacker tracin g with the addition of McAfee’s Visual Trace

technology.

n Intrusion Detection System: Detects common attack types and

suspicious activity.

n Home networking wiza rd: Set up protection for personal computers

sharing an Internet connection.

n Wizard for creating custom rules: Create custom configurations for

specific programs.

Product Guide 13

Welcome to McAfee Firewall 4.0

n Password protection: Prevent others from tampering with your firewall

n Improved support for broadband connections. n Usability enhancements: McAfee Firewall 4.0 includes many user

settings using password protection.

interface enhancements to make it easier than ever to secure your computer.

14 McAfee Firewall 4.0

How McAfee Firewall works

McAfee Firewall is a simple-to-operate security tool that dynamically manages your computing security behind the scenes.

Setup

During the installation process, the Configuration Assistant prompts you with basic questions to set up McAfee Firewall to do specific tasks – according to your needs (e.g. allow sharing of files or not).

Operation

McAfee Firewall filters traffic at the devices that your system uses - network cards and modems. This means that it can reject inbound traffic before that traffic can reach vital functi ons in your com puter and waste valuable syste m resources.

McAfee Firewall – the Gatekeeper

When McAfee Firewall is running, it monitors trusted and untrusted programs that communicate using the Internet. If a trusted application attempts to communicate, M cAfee Firewall allows the prog ram to function without restrictions. If an untrusted program atte mpts to communicate into or out of your computer, McAfee Firewall blocks the program’s attempt to communicate via the Internet.

Welcome to McAfee Firewall 4.0

Configuration

Some network communications are needed to maintain network-based services. These are managed through user defined rules under the system settings of McAfee Firewall. The default system settings feature provides superior protection from hostile threats.

About this manual

This manual provides the basic information you need to install, set up and get started with McAfee Firewall. More detailed information about how to perform tasks within McAfee Firewall is provided via online Help. You can get Help while working with the different windows and dialog boxes. You can also review the Readme.txt file which contains other general information, known issues, etc., about this product.

Product Guide 15

Welcome to McAfee Firewall 4.0

Frequently asked questions

The following are some frequently asked questions that you can briefly review:

How will McA fe e Fi re wall h e lp me?

McAfee Firewall protects your computer at the network level. It acts as a gatekeeper, checking every data packet going in or out of your PC. It allows only what you tell it to allow.

McAfee Firewall has been designed to be easy to use, while providing superior protection. Once you install and run it, it is configured to block known attacks and to ask you before allowing applications to communicate.

How is my PC at r isk o n th e Int e rnet ?

When you connect to the Internet, you share a network with millions of people from around the world. While the Internet is a wonderful and amazing accomplishment, it brings with it all the problems of being accessible to complete strangers.

While communicating via the Internet, you should take safety precautions to protect your computing environment. If you use IRC (Internet Relay Chat) programs, be suspicious of files total strangers send you. Programs that give others remote access to your computer, such as Back Orifice (BO), are frequently disseminated in this manner. It is a good practice to scan files received using anti-virus programs such as McAfee VirusScan before you open or view files and their attachments.

16 McAfee Firewall 4.0

When on the Internet, others can try to acce ss your f ile sha res. Therefore, you should check that they are only accessible to those you trust. Otherwise, untrusted parties can read and delete what is in you r c o mputer.

What other protection do I need?

McAfee Firewall provides network level protection. Other important types of protection are:

n Anti-virus programs for application-level protection. n Logon screens and screen saver passwords to prevent unauthorized

access.

n File encryption or encrypting file systems to keep information secret. n Boot-time passwords to stop someone else from starting your PC. n Physical access to the computer, e.g. stealing the hard drive.

Welcome to McAfee Firewall 4.0

A separate but also important issue is controlling access to information, misinformation and “filth” that is widely available on the Internet. You can use a number of content-filtering services or programs such as McAfee’s Internet Security that can filter th e contents of data packets or r estrict access to certain sites.

Are there any data packe ts tha t McAfe e Firewa ll canno t stop?

Inbound Data: No. As long as McAfee Firewall supports a network device and is running, it is intercepting all incoming packets and will allow or block according to the way you have it configured. If you choose to block everything, it will.

Outbound Data: Yes and no. McAfee Firewall intercepts outbound data packets as they are passed to the network device driver. All popular applications communicate this way. A malicious program could communicate by other means, however.

What network devices does McAfee Firewall support?

McAfee Firewall supports Ethernet and Ethernet-like devices. This includes dial-up connections, most cable and ISDN modems and most Ethernet cards. It does not support Token Ring, FDDI, ATM, Frame Relay and other networks.

What protocols can McAfee Firewall filter?

McAfee Firewall can filter TCP/IP, UDP/IP, ICMP/IP and ARP. It intercep ts all protocols, but others, such as IPX, must be either allowed or blocked - no filtering is done. The Internet uses the IP protocols. No others are sent. Also, IP networks are the most common.

How can I stil l b e ha ras sed , ev en w i th Mc Afe e F i rewa ll ?

Many people use McAfee Firewall to block the “nukes” that cause their IRC connections to be broken. While McAfee Firewall blocks the nukes, there are other ways that attackers can still cause the connections to be broken:

n Server-side nuking. This is when the "nukes" are sent to the IRC server,

not to your computer, telling the server that you can no longer be reached. To prevent this, the IRC server needs a firewall.

n Flood blocking a TCP connection. If a flood of packets is sent to you

from a higher speed connection, McAfee Firewall can stop the packets, but the flood takes up all your bandwidth. Your system does not get a chance to send anything. Dial-up users are particularly vulnerable since they have the lowest speed connections.

TIP

To read additional frequently asked questions, refer to the Readme.txt file.

Product Guide 17

Welcome to McAfee Firewall 4.0

18 McAfee Firewall 4.0

Installing McAfee Firewall

The setup program on your McAfee Firewall 4.0 installation CD lets you install the program easily on your computer. Installation should start automatically when you insert the CD into your computer’s CD-ROM drive. The information in the following paragraphs will help you install and start using McAfee Firewall.

System requirements

To use McAfee Firewall you need:

n Microsoft Windows XP Home Edition, Windows XP Professional

Edition, Windows 2000 Professional, Windows Me, Windows 98, or Windows 98 SE.

n Internet Explorer 4.01, Service Pack 2 or higher required; IE 5.01 or later

recommended.

n Personal computer with a Pentium 100 MHz or higher processor. n 32 megabytes (MB) of RAM.

n 30 MB of free hard disk space. n CD ROM drive. n Internet access required for various feat ures.

About Winsock 2

McAfee Firewall uses an API (Application Programming Interface) that is not supported by versions of Winsock prior to v2.0. McAfee Firewall checks for the presence of Winsock 2 during the installation procedure and will inform you if the system does not have it. If you have the latest browser (e.g., Internet Explorer 6), this component is already built-in and you will not receive this prompt. Otherwise, you can get a free upgrade and is available from http://www.microsoft.com as well as other Web sites.

Product Guide 19

Installing McAfee Firewall

Installation steps

To avoid installation problems, close all open programs before you install McAfee Firewall, including programs that run in the background, such as screen savers or virus checkers.

After inserting the McAfee Firewall 4.0 installation CD into your computer’s CD-ROM drive, an Autorun image should automatically display. To install McAfee Firewall software immediately, click Install McAfee Firewall, then skip to Step 5 to continue with Setup.

Use the steps b e low to i nst al l you r sof twa re.

1 If your computer runs Windows 2000 Professional, or Windows XP, log

on to your computer as a user with administrative rights. You mus t have administrative rights to install this software.

2 Insert the McAfee Firewall 4.0 CD in to your computer’s CD-RO M drive.

If the Installation Wizard does not au tomatical ly displa y, go to Step 3. Otherwise, skip to Step 4.

3 Use the following procedure if the Autorun installation menu does not

display, or, if you obtained your software via download at a McAfee web site.

a From the Windows Start menu, select Run.

The Run dialog box displays.

20 McAfee Firewall 4.0

b Type <X>:\SETUP.EXE in the text box provided, then click OK.

4 Here, <X> represents the drive letter for your CD-ROM drive or the path

to the folder that contains your extracted McAfee Firewall files. To search for the correct files on your hard disk or CD-ROM, click Browse.

a Before proceeding with the installation, Setup first checks to see

whether your computer has the Microsoft Windows Installer (MSI) utility running as part of your system software. If your computer runs Windows XP, the current version of MSI already exists on your system. If your computer runs an earlier Windows release, you may still have MSI in your computer if you previously installed other software that uses MSI. In either of these cases, Setup will display its first wizard pane l immediately. Skip to Step 5 t o continue.

b If Setup does not find MSI or an earlier version of MSI is installed

in your computer, it installs files necessary to continue the installation, then prompts you to restart your computer. Click Restart System. When your computer restarts, Setup will continue from where it left off.

Installing McAfee Firewall

5 Refer to steps displayed on the Installation Wizard to complete your

installation.

TIP

If your computer does not have the required fonts to view the End User’s License Agreement (EULA), then you can locate the appropriate EULA on your McAfee soft ware insta llation CD. You must read and agree to the terms of the agreement to complete your installation.

NOTE

For all Windows 2000 Professional installations, McAfee Firewall requires a unique driver in order to function. During the installation process, you will be confronted with several warning messages notifying you that you are attempting to install an unsigned driver. Therefore, please click OK as often as necessary to install the driver and restart your computer if prompted to do so.

Product Guide 21

Installing McAfee Firewall

Troubleshooting installation problems

A failed installation can cause software problems that are difficult to track down. The major causes of installation failure are:

n Attempting to install while other software is running. n Temporary files that conflict with the installation. n Hard drive errors.

Follow the procedure outlined below to minimize the affect that these common conditions may have on your installation.

Step 1: Close other software

Disable all software running in the background:

1 Hold down the Ctrl and Alt keys on your keyboard, and then press the

Delete key once. The Close Program dialog box appears.

2 Click End Task for every item on the list except Explorer. 3 Repeat steps 2 and 3 until you’ve closed everything except Explorer. 4 When you see only Explorer in the Close Program dialog box, click

Cancel.

22 McAfee Firewall 4.0

Step 2: Remove t empor ary f iles

Delete the contents of the Windows Temp folder:

1 Double-click the My Computer icon on your desktop. The My Compute r

window opens. Double-click the C: drive. You are now viewing the contents of your hard drive.

2 Double-click the Windows folder. 3 In the Windows folder, double-click the Temp folder. 4 In the menu, click Edit, then click Select All. All of the items in your

Temp folder are highlighted.

5 Press the Delete key on your keyboard to delete the files. If Windows

asks about deleting files, click Yes.

6 In the Windows taskbar, click Start, then click Shut Down. 7 Click Restart the computer, then click Yes in the Shut Down Windows

dialog box to restar t your PC.

Installing McAfee Firewall

Step 3: Clean your hard drive

Run the Windows hard drive utilities, ScanDisk and Disk Defragmenter to identify and fix any error s on you r hard drive:

1 Click Start on the Windows taskbar, point to Programs, then Accessories,

then System Tools, and click ScanDisk .

2 In the ScanDisk window, select Standard and Automatically fix errors. 3 Click Advanced. In the Advanced Settings dialog box, make sure the

following settings are selected:

M Only if errors found M Replace log M Delete M Free

4 Ignore the other options, and click OK. Click Start. ScanDisk begins

scanning your drive for errors. Depending on the size of your hard drive, ScanDisk may take several minutes to complete its job.

5 When ScanDisk is finished, close ScanDisk. 6 Click Start on the Windows taskbar, point to Programs, then Accessories,

then System Tools, and click Disk Defragmenter.

7 Click OK to start Disk Defragmenter. Depending on the speed of your

computer and the size of your drive, this may take several minutes to complete.

8 Close Disk Defragmenter when it has finished defragmenting your disk.

Product Guide 23

Installing McAfee Firewall

Removing or modifying your McAfee F irewall installation

If your computer’s operating system is...

n Windows 2000 Professional n Windows XP Home Edition n Windows XP Professional Edition

... you must log on to your computer using a profile with administr ative rights. Then do the following:

1 From the Windows Control Panel, start the Add/Remove applet. 2 Select McAfee Firewall and click:

M Remove to remove McAfee Firewall from your computer. M Change to modify your McAfee Firewall installation.

3 Refer to steps displayed on the McAfee Firewall Installation Wizard to

complete your changes. Restart your computer as directed by setup.

Important information about Windows XP migration

Upgrading your computer's operating system from any version of Windows to Windows XP causes all McAfee products installed before migration to become disabled after migration to Windows XP.

You will be made aware of this situation as you make your first attempt to start a McAfee product (after migration) - you will be instructed to reinstall the product.

As such, you will need to uninstall all McAfee products and reinstall using your installation CD or the software obtained from McAfee via download.

24 McAfee Firewall 4.0

Getting Started with McAfee Firewall

After installing McAfee Firewall, you will need to configure your software for its first use. The Configuration Assistant guides you through this process.

The Configuration Assistant

Welcome Scre en

The McAfee Firewall Configuration Assistant displays the first time you start McAfee Firewall. This wizard guides you through initial setup and activates McAfee Firewall on your computer. Select Back, Next, Cancel, and Finish to navigate the Configuration Assistant screens.

If you select Cancel on any Configuration Assistant screen, the activation and configuration process stops. You must complete the Configuration Assistant

on first use in order to activate and use McAfee Firewall.

Network Control Settings

Network Control Settings identify how you want McAfee Firewall to respond when a program attempts to access the Internet; either into or out of your computer.

1 To set your Network Control settings, from the Welcome to McAfee

Firewall screen, select one of the following.

Table 3-1. McAfee Firewall’s Network Control Settings

Internet Traffic Setting Description

Block all traffic Configures McAfee Firewall to block all Internet

traffic into and out of your computer. This is the most secure firewall setting; however, programs in your computer cannot acces s t he I nt er net.

Product Guide 25

Getting Started with McAfee Firewall

Internet Traffic Setting Description

Filter all traffic Gives you the opportunity to d ecide whether an

Allow all traffic Configures McAfee Firewall to allow all Internet

2 Click Next.

Startup Options

This screen allows you to choose how you want McAfee Firewall to respond as you start your computer.

Table 3-1. McAfee Firewall’s Network Control Settings

application or program in your computer will be allowed to access the Internet. If an unrecognized program attempts to access your computer from the Internet, you will also be given an opportunity to allow or block its access yo ur computer.

traffic into and out of your computer. All programs in your computer will be allowed to access the Internet; programs attempting to access your computer from the Internet will not be blocke d. Allo w all tra ffi c disables all McAfee Firewa l l prot ec t io n fe atures and should only be used for diagnostic purposes.

For your convenience, recommended Startup Load Options have been pre-selected for you.

1 Select Load McAfee Firewall automatically at startup if you want

firewall protection as you start your computer. If you do not want McAfee Firewall to start as your computer starts, then clear this check box.

2 If you want to display a McAfee Firewall icon on your Windows

desktop, then select Place a McAfee F irewall icon on th e desktop. If you do not want an icon on your Windows desktop, then clear this check box.

3 Click Next.

Access to shares

If your computer is part of a workgroup, such as a home network, you can configure McAfee Firewall to allow access to your computer’s network shares as well as allow your computer to access other computer’s shares. A share is a resource such as a drive, directory, file, or printer available to a workgroup or home networked computers.

26 McAfee Firewall 4.0

Getting Started with McAfee Firewall

1 Access to other shares: check the Allow my computer to access other

computer’s shares if you want to allow your computer to have access to the shared drives, directories, folders, and printers, etc. of other computers in your workgroup or home network.

2 Access to my shares: check the Allow other computers to access my

shares check box to allow other computers in your workgroup or home network to have access to your shared drives, directories, folders, and printers, etc.

3 Click Next.

Allowed applications

During the configuration process, McAfee Firewall scanned your computer's hard disk to identify programs that use the Inter net. For example, programs of this type would include Internet browsers, Internet e-mail programs, and ftp (file transfer protocol) clients. On this screen, you will identify programs that you will allow to access the Internet through McAfee Firewall.

To allow specific programs to access the Internet, do the following:

1 From the list of applications displayed on this, check the check box

corresponding to each program you will allow access to the Internet.

Click Search all drives to search all of your computer’s partitions, logical drives, and physical hard drives for programs that communicate using the Internet.

If you do not allow any or all of the programs displayed on this screen to communicate, you will be notified when each attempts to do so and decide whether to allow access to the Internet at that time.

2 Click Finish.

What’s happens next?

After you complete the steps associated with setting up your initial configuration, the following events take place:

1 The firewall service starts. 2 The McAfee Firewall Home page displays.

You are now ready to start using McAfee Firewall!

TIP

Previous versions of McAfee Firewall did not allow you to run the Configuration Assistant more than once. However, McAfee Firewall 4.0 allows you to run the Configuration Assistant with an easily accessible link on the McAfee Firewall Home page.

Product Guide 27

Getting Started with McAfee Firewall

The McAfee Firewall Home page

The McAfee Firewall main window is your central entry point to all of McAfee Firewall’s Tasks, Advanced Tasks, and shared features. The McAfee Firewall interface displays three regions common to all of McAfee Firewall’s screens.

The Title bar and Tool bar

Title bar

The Home page displays most of your standard Windows elements; that which includes:

n The title bar displays the name of the program that is currently running. n Close and minimize buttons. McAfee Firewall’s interface is of fixed

length and width. You cannot resize the interface.

Tool bar

The tool bar displays four browser-like buttons that are common to all screens.

n Back. Click Back to return to the last screen viewed.

28 McAfee Firewall 4.0

Figure 3-1. The McAfee Firewall Home page

Getting Started with McAfee Firewall

n Home. Click Home to go to the McAfee Firewall Home page from any

screen.

n Next. In conjunction with the Back button, use Next to go to any

previously viewed screen during your current session.

n Help. Click Help to view its submenu. The Help submenu may include

any of the following items.

Help submenu item Select this item to...

Help on this page

Contents and index Help on the Web

McAfee at Home on the Web

About McAfee Firewall

Status information

Depending upon your configuration, the McAfee Firewall Home page displays other helpful information such as:

n Firewall Status: Running or Stopped. Click the link below the status to

n Home page notification. If there is an update to your version of McAfee

n The number of programs currently communicating. If you want to

n Firewall warning information. If there are any communication

w View online Help for the screen you are currently

viewing.

w View online Help for McAfee Firewall. w Start your Internet browser and go directly to the

McAfee Help Web site at McAfee H el p.com.

w Start your Internet browser and go directly to

McAfee-at-home.com.

w Version information about M cAfee Firewall.

start or stop McAfee Firewall.

Firewall available for download, select this task.

identify the program’s communication, select this task to view your current activity.

warnings, select this task to view the warning log.

Internet traffic settings

The Internet Traffic setting frame displa ys your current filter ing setting. H ere you determine if you want to Block all, Al low all, or Filter Internet Traffic. For more information about these settings, refer to Table 3-1 on page 25.

To change an Internet traffic setting, simply click the de sired setting. Changes are real-time and effective immediately.

Product Guide 29

Getting Started with McAfee Firewall

McAfee Firewall status

This region of the Home page displays the current running state of McAfee Firewall. It is either running or not running.

If the McAfee Firewall status message is...

McAfee Firewall is Running

McAfee Firewall is Stopped

Then...

w Click Stop McAfee Firewall to disable

firewall protection.

w Click Start McAfee Firewall to enable

firewall protection.

Network Traffic monitor

The Network Traffic monitor displays a graphic representation of real-time network activity. The monitor is color-coded to help you identify normal network traffic, port scans, and worst of all, attacks.

n Green zone: Activity displayed in this zone is normal network activity.

It is not uncommon to see activity in this zone reaching the yellow area.

n Yellow zone: This is the caution zone. You can view the Activity Log to

analyze data for this traffic. Activity in the yellow zone could represent a port scan.

n Red zone: Red represents the worst level of net work activity and usually

represents an attack. You can view the details of the attack by accessing McAfee Firewall Activity Log. If this the attacker’s IP address is available, you can attempt to trace the attacker using McAfee Firewall’s Visual Trace component.

The Task pane

30 McAfee Firewall 4.0

The Task pane displays links that allow you to start McAfee Firewall’s Tasks and Advanced Tasks. Depending upon your configuration, the Task pane may or may not display a McAfee list. The McAfee list displays links that allow you start the Home page of any other current McAfee product installed in your computer.

About Tasks

Starting a task is as easy as clicking its link. The Task list allows you to start McAfee Firewall’s major components. Although the tasks you can perform will vary based upon your computer’s operating system and its configuration, primary tasks include:

n Control Internet programs: This task allows you to explicitly block or

allow specific programs to access the Internet.

Getting Started with McAfee Firewall

n View network activity: Select this task to view real-time network

activity and view your current activity log.

n Set alert preferences: Choose how you want McAfee Firewall to notify

you when a potential security breach occurs.

n Set up Home Networking: Help s make setting up protections for your

PCs sharing an Internet connection a breeze.

n Perform a security check: This task allows you to start the McAfee

Firewall Security Check process.

n Set startup options: Choose how you want McAfee Firewall to start. n Configuration Assistant: This task starts the Configuration Assistant.

About Advanced Tasks

Similar to the primary Task list, the Advanced Task list may vary depending upon your version of Windows, its configuration, and other software that may be installed in your computer. McAfee Firewall’s advanced tasks include:

n Advanced options and logging: Select this task to configure intrusion

defense mechanisms, set up the automatic configuration of filtering rules, and identify the type of traffic you want to log.

n Configure network adapters: Choose this task to view your current

network adapter and configure their communication settings.

n Intrusion detection settings: Select this task to configure how you want

McAfee Firewall to respond when it detects an intrusion.

n Block IP address: If there is a specific IP address that you want to block

from accessing your computer, or, if there is an IP address that is currently blocked that you want to allow, choose this task.

n Set up password: This task helps you to secure your McAfee Firewall

settings with password security.

n Other Tasks: Select this task to navigate to a screen that allows you to

start McAfee Firewall’s shared features

About the McAfee list

The McAfee list displays links to start the Home page to any other supported McAfee product.

Product Guide 31

Getting Started with McAfee Firewall

Other McAfee Firewall features

McAfee Firewall settings security chec k

Examines your firewall security settings, allowing you to rectify weaker settings before hackers get a chance to exploit them. The McAfee Firewall Settings Security Check flags and suggests changes to help you keep your system set to optimal security.

If Security Check detects an issue, click Fix and McAfee Firewall helps you analyze and correct potential problems.

Home networking wizard

Helps make setting u p protections f or your PCs shar ing an Internet connection a breeze, providing helpful wizards to walk you through the process.

All networking media and hardware (such as cables and network adapters) must be installed in each computer in order for this wizard to locate your computers.

Password protection

Prevent others from tampering with your firewall settings by locking access to them with password security. Also helps keep your firewall protections secure by preventing the firewall from being shut down without your password.

32 McAfee Firewall 4.0

About Visual Trace

Visual Trace is a multi-purpose Internet tool used for finding information and trouble-shooting connection problems.

At the simplest level Visual Trace shows you how packets (data) get from your computer to another computer on the Internet. You see all the nodes (equipment of various types on the Internet that is passing traffic) between your computer and the trace target.

There are many situations where you need this information. Visual Trace is a useful tool when troubleshooting connections or just verifying that everything is working OK. There is also a wealth of information presented by Visual Trace, including the domain owners, relative locations, and in many cases, the location of nodes.

Besides using V isu al Tr ace to l ook for w eak spo ts in a con nect ion y ou ca n use it to:

n Discover whether you can't reach a site due to a failure at your Internet

Service Provider (ISP) or further into the Internet

Getting Started with McAfee Firewall

n Determine the point of a network failure that is preventing you from

reaching a Web site.

n Determine the location of sites and their users, uncover the owners of a

site, and help track down the origin of unwanted e-mail messages ('spam').

n Get detailed contact information on sites all over the world (where

available).

How to start Vi su al T ra ce

You can start Visual Trace directly from the Windows start menu. You can also start Visual Trace from the McAfee Firewall Detail Activity screen, the Block IP dialog box, and if you are attacked, from the Windows system tray pop-up notification.

For more information about Visual Trace, please refer to online Help for Visual Trace.

Product Guide 33

Getting Started with McAfee Firewall

34 McAfee Firewall 4.0

McAfee Firewall Config urations

Overview

The configuration of McAfee Firewall is divided into two classifications – application (program) and system. Upon installation, a base set of rules for system servic es such as ICMP, DH CP and ARP are installed (these are considered default settings).

On the other hand, the programs classification is personalized. Whenever you run a new program that attempts to communicate over the Internet, McAfee Firewall will prompt and ask you whether you want to trust the program or not.

For example, using Internet Explorer, enter an Internet address or URL (i.e: http://www.mcafee-at-home.com) in the address bar of your browser and press ENTER. Internet Explorer will attempt to connect to that URL over the Internet. The first time you do this, McAfee Firewall prompts if you “trust” Internet Explorer. If you say “Yes,” McAfee Firewall notes Internet Explorer is allowed and whenever you use Internet Explorer in the future, McAfee Firewall will allow its traffic.

As you allow programs to use the Internet, McAfee Firewall “learns” the rules you are creating for the program and saves them for future use. If a Trojan horse program attempts to communicate out from your computer, McAfee Firewall will also prompt you whether you trust them or not, and the decision to block the Trojan horse program from communicating is easy and instantaneous.

Product Guide 35

McAfee Firewall Configurations

Program configuration

During your first attempt to start McAfee Firewall, the Configuration Assistant asked you to identify programs that you want to allow to communicate. At such time, McAfee Firewall created a default set of communication rules for the programs (applications); designated as allowed to communicate.

Based upon the type of program, for example, Internet browsers, e-mail, ftp, IRC, and file sharing programs, McAfee Firewall identifies the type of program and creates a default set of communication rules for each progra m in your computer. That is, to either block, allow, or filter a program’s communication attempts via the Internet.

Firewall Communication Alert Messages

A McAfee Firewall Communication Alert message displays if an unrecognized program attempts to communicate. There are several scenarios that could cause a program to be unrecognized.

n If you install a program that communicates via the Internet after

installing McAfee Firewall, the program’s first attempt to communicate will cause an alert message to display.

n Although the Configuration Assistant performs a thorough analysis of

your computer’s programs that use the Inte rnet to communicate , it may not have been able to identify all of your computer’s programs that use the Internet to communicate.

36 McAfee Firewall 4.0

If an unrecognized program attempts to communicate, the resulting alert message generally asks you to select one of the following options:

n No, deny at this time: Blocks the progr a m’s current and all future

attempts to communicate. The active program is a dded to the trusted list of programs with an allowed state of “blocked.”

n Yes, allow this time: The active attempt to communicate is allowed. The

program is not added to the trusted programs list.

n If you recognize the program and do not want to receive any future

alerts for this program, check the I recognize this program check box.

TIP

If you allow or block a program the first time you are prompted, McAfee Firewall provides you with the flexibility to change this setting and block or allow it to communicate at any time in the future. As you exit McAfee Firewall, your settings are saved and will be the same the next time it is run.

McAfee Firewall Configurations

Changing a program’s allowed state

McAfee Firewall monitors Internet traffic to see which programs are communicating. Depending on your settings, it will allow, block, or filter a program's attempt to communicate.

If you choose to “Allow all” programs to communicate through your f irewall, then all programs installed in your computer can communicate.

To view and configure the current list of trusted programs

1 From the Task list, select Control Internet programs. 2 Select the program whose filtering settings you wish to configure (or

click Browse to add a program to the list).

3 Select one of the following options:

M Filter this program’s access to the Internet. M Allow this program to have full unfiltered access to the Internet. M Block this program from accessing the Internet.

4 To add a program to the list, click Add and browse to select the program

you want to add. To remove a program from the list, sele ct the program you want to remove and click Remove.

5 Click Apply.

How to customize filtering rules for a specific program

For all programs designated as “filter,” McAfee Firewall provides power users with the flexibility to create a set of custom filtering rules for each filtered program.

TIP

The Customize button becomes accessible if you select the Filter this program’s access to the Internet option.

To create a custom filter ing rul e

1 From the Control Internet Programs screen, select the program for which

you want to create a custom filtering rule.

2 Select the Filter this program’s access to the Internet radio button. 3 Click Customize.

If the program currently maintains a default set of rules created by McAfee Firewall, then the Customize filtering rules dialog displays. If the program does not maintain a default set of rules, then the What do you want this filtering rule to do? dialog displays.

Product Guide 37

McAfee Firewall Configurations

4 Refer to the instructions displayed on the Custom Filtering rules dialog

Add w Click Add to add a new rule and to disp la y th e

Remove

Edit Restore

Cancel

boxes to complete your custom configuration.

Table 4-2. Customize Filtering Rules dialog buttons

Button Description

What do you want this rule to do? dialog .

w Click Remove to remove a rule from the

selected program. CAUTION: There is no “undo” feature.

w Click Edit to refine a filtering rule. w Click Restore to restore the default rules fo r the

selected program. TIP: If you inadvertently Rem ove a filtering rule, click this button to restore the default rules for the selected program .

w Click OK to close the Customize Filtering Rules

dialog and save your changes.

w Click Cancel to close the Customize Filtering

Rules dialog without savi ng your changes.

38 McAfee Firewall 4.0

Primary functions

From the list of primary functions displayed on the Customize Filtering Rules dialog, you can choose one of the following:

Table 4-3. Primary Functions

You can choose to... by...

Allow communication...

Block communication...

w protocol w local port w remote port

w IP address w domain name w direction

McAfee Firewall Configurations

Refining conditions

After you select the primary function for the rule, you can further refine the rule by checking the check boxes for any or all of the communication characteristics:

With... Using...

w direction w domain names w IP addresses

To customize the refinement condition, click [click here to select]

w protocols w remote ports w local ports

. Depending upon the communication characteristics selected, various dialog and text boxes display. For example, if the custom rule states “B lock thi s progra m from communicating and the IP address is,” then an Add/Edit rule text displays allowing you to enter an IP address. Similarly, if you want to block a program from communicating by protocol, an Edit Protocols dialog displays.

To save your changes, click OK.

Product Guide 39

McAfee Firewall Configurations

System configuration

Your computer’s operating system performs many types of network communication without reporting directly to you. McAfee Firewall lets you explicitly allow or block different system functions. Settings may be different for each network device, since a computer, for example, can be connected to an internal network as well as having a dial-up connection to the Internet.

Use the steps below to control your System settings.

1 From the Advanced Task list, select Configure network adapters. 2 From the Configure Network Adapter Settings screen, select the adapter

you want to configure and click Adapter Settings to view or change the properties of this adapter. Result: The Properties sheet for the selected network adapter displays.

You can then choose to allow or block NetBIOS over TCP, Identification, ICMP, ARP, DHCP, RIP, PPTP and other protocols (IP and non-IP).

Table 4-4. Default Settings for System Activity

System Activity Type Description

NetBIOS over TCP: Blocked

Identification: Blocked This service is often required when getting email and

ICMP: Blocked This protocol is often abused as a method of

ARP: Allowed ARP is a necessary Ethernet pr ot oc ol and is not

DHCP: Allowed if your system uses DHCP

This will block all file share activity over TCP as well as UDP broadcasts. Your system will not appear in anyone's “Network Neighborhood” and theirs will not appear in yours. If your system is configured to support NetBIOS over other protocols, such as IPX or NetBEUI, then file sharing may be allowed if “non-IP protocols” are a llowed (see “Other Protocols” below).

is required by most IRC servers.

breaking people's net wor k connections (especial l y on IRC).

known to be a threat. The program looks in your system Registry to see if

one of your network devices uses DHCP. If so, then DHCP is allowed for all devices. If not, then it is blocked for all devices. If you have more than one network device and one uses DHCP, you should check the DHCP setting f or each device and allow only for the device that uses it (m os t oft en cable or ADSL modems and some inter nal networks, not for dial-up).

40 McAfee Firewall 4.0

McAfee Firewall Configurations

Table 4-4. Default Settings for System Activity

System Activity Type Description

RIP: Blocked Allow RIP i f yo ur administrator or IS P ad v ise s yo u t o. PPTP: Blocked This should only be altered by t he administrator. Other Protocols: Blocked If you are on an IPX network, you should allow

“non-IP prot ocols”. If you use PPTP, you should allow “other IP protocols”. Ask your network administrator before making any change here.

Product Guide 41

McAfee Firewall Configurations

42 McAfee Firewall 4.0

McAfee Firewall’s Intrusion Detection Sys tem

About Intrusion Detection

Unlike other intrusion detection tools, McAfee Firewall’s powerful Intrusion Detection System (IDS) is simple to configure and activate. Instead of requiring users to learn and understand a complex set of attacks to b uild their own defense lines against intrusions, McAfee Firewall’s development t eam created a tool that, when activated with the click of a button, detects common attack typ es and suspicious activity.

Unprotected computers can be victimized. For example, attackers can use a TCP port scan to find out what services you are running on your machine. Once this is accomplished, they can try to connect to those services and attack your computer. If the attacker discovers that you are running a TELNET, ftp, or Web server, the attacker can try each of your computer’s ports seque ntially, from 1 to 65535, until an open port is found that they can connect to.

McAfee Firewall’s IDS feature looks for specific traffic patterns used by attackers. McAfee Firewall checks each packet that your machine receives to detect suspicious or known attack traffic. For example, if McAfee Firewall sees ICMP packets, it analyzes those packets for suspicious traffic patterns by comparing the ICMP traffic against known attack patterns. When McAfee Firewall matches packets with a known attack pa ttern, the softwar e generates an event to warn you of a possibl e security breach.

When intrusion detection is on, traffic is checked by the intrusion detection system. When intrusion detection is active and McAfee Firewall detects an attack, you can block further communication from the suspected machine’s IP address indefinitely or for a specific time period. When an attack is detected, McAfee Firew all alerts you with a Windows system tray notification.

NOTE

Because McAfee Firewall is analyzing packets and looking for patterns of packets that identify specific types of attacks, this feature may result in a very slight impact on your machine’s performance.

How to Configure the Intrusion Detection System

Use the steps below to configure McAfee Firewall’s intrusion detection system:

1 From the McAfee Firewall Home page, click Advanced Tasks.

Product Guide 43

McAfee Firewall’s Intrusion Detection System

2 From the Advanced Tasks list, select Intrusion detection settings.

Refer to the instructions displayed on the Configure Intrusion Detection Settings screen to complete this task.

44 McAfee Firewall 4.0

McAfee Firewall’s Intrusion Detection System

Common attacks recognized by IDS

The following table lists attacks recognized by McAfee Firewall’s IDS, a description of each attack, and the risk factor assigned to each attack.

Attack Description Risk

Factor

1234 Also known as the Flushot att ack , an at ta cker sends an oversize ping

packet that networking software can not handle. Usually, computers hang or slow down. If a total lockup occurs, unsaved data m ay be lost.

Back Orifice Back Orifice is a back door pr ogram for Windows 9x writt en by a group

calling themselves the Cult of the Dead Cow. This back door allows remote access to the machine once installed, al low in g t he i ns ta ller to run commands, get scree n shots, modify the registry, and perform other operations. Client programs to access Back Orifice are available for Windows and UNIX.

Bonk Designed to exploit an implementation error in the first Teardrop patch

released by Microsoft, this attack is basically a Windows-specific variant of the original Teardrop attack.

Fraggle This attack is a UDP variant of the Smurf attack. By sending a forged UDP

packet to a particular port on a br oadcast address, system s on the “amplifier” network will re spond to the target machine with either a UDP response or an ICMP UNREACHABLE packet. This flood of incoming packets results in a denia l of service attack against th e ta rg et m achine.

IP Spoofing IP spoofing involves sending data with a falsified return IP address. There

is nothing inherently dangerous about spoofing a source IP address, but this technique can be used in conjunction with others to carry out attacks TCP session hijacking, or to ob scure the source of denial of ser vi ce attacks (SYN flood, PING flood, etc.).

Jolt A remote denial of service att ac k usi ng specially crafted ICMP packet

fragments. May cause sl owdowns or crashes on ta rget systems.

Jolt 2 A remote Denial of Service (DoS) attack similar to Jolt that uses specially

crafted ICMP or UDP packet fragments. May cause slowdowns or crashes on target systems.

Land This attack is performed by sending a TCP packet to a running service on

the target host, with a source address of the same host. The TC P packet is a SYN packet, used to establish a new connection, and is sent from the same TCP source port as the destination port. When accepted by the target host, this packet causes a loop within the operating system, essentially locking up the sys te m.

Nestea This attack relies on an error in cal culating sizes during pack et fragment

reassemb l y. In the reassem bly routine of vulnerable systems, there was a failure to account for the length of the IP header field. By sending carefully crafted packets to a vulnerable system, it is possi bl e t o cr ash the target.

Medium

High

Medium

High

Product Guide 45

McAfee Firewall’s Intrusion Detection System

Attack Description Risk

Factor

Newtear A Denial of Service (DoS) att ack that usually causes co m put er s w i t h a

Windows NT-based o perating system to crash. Although the attack is not usually harmful to the computer itself, data from running applications will most certainly be lost.

Oshare A Denial of Service (DoS) attac k caused by sending a unique packet

structure to your computer. The results of these attacks can vary from a complete system crash, increased CPU loa d , o r mom entary delays, depending upon your computer’s configuration. This will affect almost all versions of Windows 98 and NT-based system s wi t h var yi ng degrees based on the hardware involved.

Ping Flood This attack involves send in g very large numbers of ICMP ECHO (PING)

requests to th e ho st u nd er a tt ack . Th is at ta ck is pa rt ic ul ar ly eff ec t i ve w hen the attacker has a faster ne t w or k connection than the victi m .

Ping of Death With this attack, a remote user ca n cause your system to reboot or panic

by sending it an oversized PIN G packet. This is done by send in g a fragmented packet lar ger th an 65536 bytes in length, ca using the remote system to incorrectly process the packet. The result is that the remote system will reboot or pan ic dur i ng processing.

Port Scanning While not an attack in and of itself, a port scan often indic at es that an

attacker has begun look in g at your system for potential weaknesses. A port scan consists of check i ng every TCP and/or UDP po rt to see what services (and hence, what vulnerabilities) migh t b e present.

Saihyouse n The Saihyousen at t ack may cau s e som e f ire wa l ls to c ra sh . It is ca use d by

an attacker sending a stream of UDP packets.

Smurf This attack is carried out by send i ng an ICMP ECHO REQUEST (PI NG )

packet with a forged sour ce address matching that of th e ta rg et system. This packet is sent to “amplifier ” networks — networks that allow sending packets to the broadcast address — so that every machi n e on t he amplifier network will res po nd t o w hat they think is a legitimate request from the target. As a result, the target system is flooded with ICMP ECHO REPLY messages, causing a denial of service attack.

SynDrop Overlapping fragmented data sent by an attacker causes your computer to

become unstable and or crash. Unsaved data cou ld be lo st .

Syn Flood Thi s at t ac k can be used to completely d is abl e your net w ork services by

flooding them with connection requests. This will fill the queue which maintains a list of unestabli shed incoming connections, forcing it to be unable to accept additio nal connections.

Teardrop On vulnerable systems , it is p oss ib l e to tak e advantage of a flaw in the

way the TCP/IP stack handles fragmented packet reassembly to consume available memory res our ces. By sending a speciall y cr af t ed I P dat agram, this attack can cause many operating systems t o hang or reboot.

High

Low

High

46 McAfee Firewall 4.0

McAfee Firewall’s Intrusion Detection System

Attack Description Risk

Factor

UDP Flood A remote Denial of Service (DoS) attac k designed to flood the target

machine with more data than it can process, thereby preventing legitimate connections from being esta blished.

Machine is inaccessible vi a TCP/ I P. Oc curs when machine is put to sleep and then awakened.

Make sure that “Load Only When Needed” is not checked in the TCP/IP control panel. Then TCP/IP is loaded all the time, allowing McAfee Firewall to function while the machine is asleep.

Winnuke This attack is a Denial of Service (DoS) attack that compl et el y disables

networking on many Win95 and WinNT machines. Although Winnuke will not neces sari ly dama ge y our comp uter , yo u may los e an y uns ave d dat a a t the time of the attack. Restar t in g your computer should re st or e fu ll operation.

High

Product Guide 47

McAfee Firewall’s Intrusion Detection System

48 McAfee Firewall 4.0

Updating McAfee Firewall

About Instant Updater

As technologies advance, we continually provide updates to McAfee software products. To ensure the highest level of protection, you should always obtain the latest version of your McAfee product.

Updating your software is simple using McAfee's Instant Updater. It is a seamless process and requires minimal interaction on your part.

Instant Updater is also the mechanism used to register your product with McAfee. In order to obtain product updates, you must register your product with McAfee.

Why Do You Need to Update?

n New features may be released for your McAfee product. n Product fixes are periodically available. n New product content is updated periodically. n Updates to anti-virus signature files are frequently available.

How Does the Updating Process Work?

Instant U p dater allows you to obtain and apply updates to your McAfee products while connected to the Internet. If an update exists, you will receive a notification. At that time, you can download and apply the updates to your products.

Instant Updater features

n Auto Update is Instant Upda ter’s default setting.

Instant Updater silently checks for, and as appropriate, applies product updates while you are connected to the Internet.

Occasionally, Instant Updater may ask you to restart your computer to apply the updates. Auto Upda te checks for upd at es da ily to e nsur e that your McAfee product, product content, and related elements such as the virus scan engine and DATs are current.

Product Guide 49

Updating McAfee Firewall

n Auto Inquiry: If Auto Inquiry is enabled, it allows you to receive

notification of product updates while connected to the Internet. We do not recommend using Auto Inquiry if you have a slow internet connection

n Manual Updating: If you rarely connect to the Internet, you may prefer

to use Manual Updating with your McAfee product. You can manually update while connected to the Internet. To do this, select the UPDATE function from within the individual product.

Manual Updating provides you with explicit control of the updating process.

Home page query

Related to Instant Updater is Home page query. This feature allows you to configure your McAfee product’s home page to di splay a message when an update is available. After you install your McAfee software, Home page query “on” is the default setting.

Configuration

For additional information regarding auto inquiry and auto update settings, please refer to online Help.

50 McAfee Firewall 4.0

How to contact McAfee

About www.McAfee-at-Home.com

McAfee is famous for its dedication to customer satisfaction. We have continued this tradition by making our site on the World Wide Web a valuable resource for answers to your questions about McAfee Consumer Products. We encourage you to visit us at http: //www.mcafee-at -home.com and m ake this your first stop for all of your product support needs.

Customer Service

To order products or obtain product information, contact the McAfee Customer Service department at (972) 308-9960 or write to the following address:

Network Assoc iates 13465 Midway Road Dallas, TX 75244 U.S.A

Please note, (972) 308-9960 is telephone call to the United States of America.

Technical support

For agent assisted technical support, please visit http://www.mcafeehelp.com. Our support web site offers 24-hour access to solutions to the most common support requests in our easy-to-use 3 step Answer Wizard. Additionally, you may use our advanced options, which include a Keyword Search and our Help Tree, which have been designed with the more knowledgeable user in mind. If a solution to your problem cannot be found, you may also access our 24-hour FREE Chat Now! and Email Express! options. Chat and E-mail will enable you to quickly reach our qualified support engineers, through the internet, at no cost. Phone support information can also be obtained from our self-help web si te at: http://www.mcafeehelp.com.

BEFORE YOU CONTACT McAfee Software for technical support, locate yourself near the computer with the McAfee product installed and verify the information listed below:

n Version number of your McAfee software

From the McAfee Firewall main window select Help > About to find this information

Product Guide 51

How to contact McAfee

n Windows operating system version number. n Amount of memory (RAM) n Complete description of the problem n EXACT error message as on screen n What steps were performed prior to receiving error message? n Is the error persistent; can you duplicate the problem? n Model name of hard disk (internal / external) n Extra cards, bo ards, or hardware

52 McAfee Firewall 4.0

Index

Numerics

1234 Attack, 45

About

Advanced tasks McAfee list, 31 Tasks, 30

Advanced Tasks, 31

Advanced options and lo gging, 31 Block IP address, 31 Configure network adapters, 31 Intrusion detection settings, 31 Set up password, 31

Alert Messages, 36

, 31

Back orifice, 45 Bonk, 45 Browser requirements, 19

Common Attacks

1234

, 45

Back orifice, 45 Bonk, 45 Flushot, 45 Fraggle, 45 IP spoofing, 45 Jolt, 45 Jolt 2, 45 Land, 45 Nestea, 45 Newtear, 46 Oshare, 46 Ping Flood, 46 Ping of Death, 46

Port Scanning, 46 Saihyousen, 46 Smurf, 46 Syn Flood, 46 SynDrop, 46 Teardrop, 46 UDP Flood, 47 Winnuke, 47

Configuration Assistant, 15, 25

Access to shares, 26 Allowed applications, 27 Network control settings, 25

Startup options, 26 Copyright Information, ii Custom filtering rules, 37

DATs, 49 Default Settings for System Activity, 40 Default system activity settings

ARP

, 40

DHCP, 40

ICMP, 40

Identification, 40

NetBIOS over TCP, 40

PPTP, 41

RIP, 41

FAQ, 16 Filtering protocols, 17 Firewall Communication Alert Messages, 36 Flood blocking a TCP connection, 17 Flushot, 45 Fraggle, 45 Frequently asked questions, 16

Product Guide 53

Index

Hard disk requirements, 19

Instant Updater

About

, 49

Auto Inquiry, 50 Auto Update, 49 Configuration, 50 Home page query, 50 Manual Update, 50

Internet traffic settings, 29 Intrusion Detection

About

, 43

How to Configure, 43

IP Spoofing, 45

Jolt, 45 Jolt 2, 45

Land, 45

McAfee list, 31 McAfee-at-Home.com, 51

Nestea, 45 Network Control Settings

Allow all Block all, 25 Filter, 26

Network devices support

Ethernet cards

Network Traffic monitor, 30 Newtear, 46

, 26

, 17

Operating system requirements, 19 Oshare, 46

Ping flood, 46 Ping of death, 46 Port scanning, 46 Product Support

Customer Service

Technical support, 51

, 51

RAM requirements, 19 Readme, 15

Saihyousen, 46 Screen layout

Internet traffic settings, 29

The Task pane, 30

Title bar, 28

Tool bar, 28 Server-side nuking, 17 Smurf, 46 Syn flood, 46 synDrop, 46 System settings, 40

Tasks, 30

Configuration Assistant, 31

Control Internet programs, 30

Other Tasks, 31

Perform a security check, 31

Set alert preferences, 31

Set startup options, 31

Set up Home Networking, 31

View network activity, 31 Teardrop, 46 The Task pane, 30 Title bar, 28 Token Ring, 17 Tool bar, 28 Troubleshooting

Installation problems

Windows XP migration, 24

, 22

54 McAfee Firewall 4.0

UDP flood, 47 Uninstalling, 24

VirusScan scan engine, 49

Windows XP migration, 24 Winnuke, 47 Winsock 2, 19

Index

Product Guide 55

For more information on

products, wo rldw id e se rv ice s,

and support, contact your

authorized McAfee sales

representative or visit us at:

Network Associates

13465 Midway Ro ad

Dallas, TX 75244

(972) 308-9960

www.mcafee-at-home.com

NAI-593-0010-1

Mcafee FIREWALL 4.0 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Welcome to McAfee Firewall 4.0

What’s new in this release?

How McAfee Firewall works

About this manual

Frequently asked questions

Installing McAfee Firewall

System requirements

Installation steps

Troubleshooting installation problems

Removing or modifying your McAfee F irewall installation

Important information about Windows XP migration

Getting Started with McAfee Firewall

The Configuration Assistant

The McAfee Firewall Home page

The Title bar and Tool bar

Status information

The Task pane

Other McAfee Firewall features

McAfee Firewall Config urations

Overview

Program configuration

System configuration

McAfee Firewall’s Intrusion Detection Sys tem

About Intrusion Detection

How to Configure the Intrusion Detection System

Common attacks recognized by IDS

Updating McAfee Firewall

About Instant Updater

Instant Updater features

How to contact McAfee

About www.McAfee-at-Home.com

Customer Service

Technical support

Index