Thursday, December 27, 2007

Basic Troubleshooting SOFTWARE Firewalls

Keeping safe online can be explained in two easy steps: Keep the bad stuff out and the good stuff in. Firewalls can do both, which makes them a vital piece of software in today’s age of hack attacks, adware, and spyware of every kind. A firewall is like a moat around your computer. It screens inbound and outbound traffic to determine if it should pass, keeping malicious code such as virus attacks from getting into your system and keeping private data from getting out when keylogging programs and other nasty codes try to steal it. Windows XP (Service Pack 2) comes with a built-in firewall called the Windows Firewall. But many notebooks and desktops come preloaded with third-party software from Symantec (www.symantec.com), McAfee (www.mcafee.com), CA (www.ca .com), Zone Labs (www.zonelabs .com), and others. To see which firewall you have (or whether you have one at all), click Start and All Programs and look for the vendor’s name.

When the firewall stops working, so does your Internet connection or even your whole computer. But there are ways to fix it, and most of them are simple. Who’s At Fault? First things first. Before you get started, you need to know what’s truly causing your problem. Is it your firewall? Your ISP (Internet service provider)? Your phone line? The best way to determine if your firewall is playing tricks on you is to turn it off and see if your problem persists. If the problem disappears, you know what the culprit is. If the problem persists, remember that many things can prevent you from viewing a Web site, sending or receiving email, using a chat program, streaming a movie, or sending photos to Flickr (www.flickr.com) or My- Space (www.myspace.com), all of which are tasks governed by firewalls because they involve the transmission of data over the Internet. For instance, if you can’t view a Web site, the problem could be the settings in your Web browser or a problem on the Web site itself. Some Web sites use ActiveX and JavaScript types of code that give a Web page advanced features but also give hackers a way to exploit your computer which your browser may block for safety. (To check your security settings in Internet Explorer, including your ActiveX and JavaScript settings, click Tools, Internet Options, and Security.) The Nitty Gritty If you think your firewall is at fault, try the steps below to fix the most common problems. If you don’t find what you need, try your software’s users guide, Web site, or support line, since most firewall problems are well-known to the companies that make them.

Problem: I can’t send or receive data on my computer.
Solution: A firewall keeps the bad stuff out and the good stuff in, but sometimes it can keep programs you need from sending and receiving the data they need to function. In that case, the program is said to be “blocked.” Often you’ll see a pop-up window explaining this and prompting you to unblock the program or continue to block it. For instance, if Windows Firewall has blocked a program, it will show you a message reading, “To help protect your computer, Windows Firewall has blocked some features of this program.” The message has three buttons: Keep Blocking, Unblock, and Ask Me Later. If you know and trust the program that’s trying to send or receive data, just click the Unblock button, and the problem is solved. (NOTE: The Windows Firewall only blocks incoming data. Only third-party firewalls, such as the firewall in Symantec’s Norton Internet Security or McAfee’s Internet Security Suite, will block data from leaving your computer as well as invading it.)

Problem: I need to unblock a program, but I’m not prompted to do so.
Solution: Most firewalls will show you an alert when a program tries to send or receive data over the Internet, prompting you to block the program, unblock it, or defer your decision. If you don’t see an alert, you’ll have to unblock the program directly. The procedure varies slightly from program to program, but it’s largely the same. For instance, to unblock a program using the firewall in Norton Internet Security, look for the Norton icon in the System Tray (the set of icons in the bottom-right corner of your screen, next to the clock). The icon, which differs slightly from version to version, looks like a globe combined with a grid. When you’ve found the icon, double-click it to open the Norton control panel. Next, click Personal Firewall and then Configure. Click the Programs tab. In the Manual Program Control section, Click Add and then browse to the program you’d like to add. (Most programs can be found in C:\Program Files, the default location for Windows software.) From there, just follow the prompts to return to the Desktop and reboot your system.

Problem: I can’t print to a networked printer or access documents on another computer.
Solution: Sometimes your firewall will keep you from using a network resource, such as a printer or a document store, on your small or home office network. If your company gave you the computer and the IT department installed your network and firewall, it’s best to let someone from your company resolve this problem. You’re not passing the buck; you’re just being careful because you might change a setting that unwittingly opens your corporate network to attack. If you’re using your own network and have more leeway to alter your software’s settings, you can fix the problem fairly quickly. If you’re using the built-in Windows Firewall, which is the software most likely to block a printer or file share, open the Windows Security Center by clicking Start and Run and typing Wscui.cpl in the Open box. Then click OK. In the Windows Security Center window, click the Windows Firewall link at the bottom, choose the Exceptions tab, and select the File and Printer Sharing option from the Programs And Services list. Click OK and close the Security Center window and reboot your computer. This will give you access to shares that were blocked, but there’s a catch: Using the File And Printer Sharing exception on any computer that’s directly connected to the Internet can give hackers access to the shared documents on your network. To guard against this, you can double-click the File And Printer Sharing option in the Programs And Services menu and click the Change Scope button in the Edit a Service dialog box. In the Change Scope dialog box, make sure that My network (subnet) only is checked and follow the prompts to return to the Desktop and reboot your system. But even that can expose you to unneeded risk. A far better way to fix the problem is to use a third-party firewall that will give you full access to your network, without exposing your machine to the dangers of the wild, wild Web. By Microsoft’s own admission, the Windows Firewall is not designed to give you full protection, merely to add a basic layer of defense to Windows.

Problem: I can’t turn my firewall on.
Solution: Two things will keep you from using your firewall: The first is a faulty installation, which you can often fix quickly. The second is more worrisome. Spyware and other malware can turn off or completely kill your firewall as part of its plan to hijack your system. If you think your firewall did not install properly, uninstall and reinstall it using the directions that came in your software’s users guide (or see the problem below on uninstalling your firewall). On the other hand, if your firewall installed correctly and worked fine until you clicked a suspicious Web site or opened a specious email, use a spyware/adware detector to clean your system. Norton, McAfee, Zone Labs, and LavaSoft (www.lavasoftusa.com) all make well known programs that can remove most but not all malware from your system. You can also contact your firewall vendor to see if it offers a fix. For instance, McAfee’s firewalls can be attacked by spyware that very subtly edits the Windows Registry to disable it. (The Registry is a master database of program settings in nearly all versions of Windows.) It alters the following Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\Windows NT\CurrentVersion\ Winlogon\Notify\Sens- Logn to read as follows: HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\Windows NT\CurrentVersion\ Winlogon_disable\Notify\ SensLogn In the second key, there’s an extra word (“disable”). Rather than fix it yourself, it’s better to contact your support team because even the smallest change to the Registry can result in disastrous effects. Once you’ve run a spyware tool or a utility from your firewall vendor, you may have to reinstall your firewall because malware can leave it so damaged that you need a fresh copy. If the problem still persists after all these steps, contact your firewall vendor again to seek help.

Problem:
My firewall turned off Internet Connection Sharing.
Solution:
ICS (Internet Connection Sharing) is a Microsoft program that lets you share one Internet connection among many computers. Some firewalls turn it off when they install, along with connection sharing programs from any vendor. One solution is to repeat the ICS setup. But first check with your firewall vendor; some make tools you can download to reestablish your ICS connection quickly. You can download the tools from the vendors’ Web sites. Also be careful about the effects ICS can have on your firewall. Some vendors note that you can install their firewall on the ICS gateway (that is, the computer that’s directly connected to the Internet) and guard all computers that share its connection from malicious inbound traffic. But if you want to guard against outbound traffic, you’ll have to install the firewall on every ICS computer you want to protect.

Problem: I can’t uninstall my firewall.
Solution:
Firewalls can be hard to uninstall. Spyware, adware, and hack attacks can try to alter or remove your firewall from your system, so firewall vendors make the programs stick to it. The best way to remove a firewall is to use the Add Or Remove Programs feature in the Windows Control Panel because it triggers the firewall’s builtin removal process. If the Add Or Remove Programs feature doesn’t work, consult your users guide or vendor’s Web site to see if there are different ways to remove the software. For instance, you can remove certain McAfee programs, including the McAfee Personal Firewall Plus, with a program called the McAfee Removal Tool that you can download from www.mcafee.com.

Problem:
I have two firewalls running at once.
Solution:
By all means, turn one off. Using more than one firewall does not make your system any safer. It just makes it harder to manage inbound and outbound traffic by setting rules, policies, and exceptions because you now have twice as much work. Most experts suggest you use a third-party product over WinXP’s built-in firewall because the Windows version only protects against malicious inbound traffic. If you’ve unknowingly installed a piece of spyware that begins to send your personal data over the Internet, Windows Firewall has no way of protecting against it. (The firewall in Windows Vista does protect against malicious outbound traffic, but users have to configure the protection themselves because it’s turned off by default.)

Problem: I can’t configure my firewall. All the options and advanced settings are grayed out.
Solution:
This is an occasional problem with the Windows Firewall. It means that you’re not logged on to your system as an administrator and don’t have the right permissions to alter sensitive system settings. To fix the problem, log off and then log back on as an administrator. If you’re using a corporate desktop or notebook, your account may not have administrator’s rights, and you’ll have to ask your IT department to do the work for you. (It’s possible your IT group did this to keep you from changing your settings and leaving a hole in the network.) If you can’t alter the advanced settings of firewalls from Norton, McAfee, Trend Micro (www.trendmicro.com), Zone Labs, and others, you should run antispyware and antiadware programs on your system to ensure a hack attack is not the root of your problem.

Problem: I can’t connect to my office VPN.
Solution:
A virtual private network lets you send encrypted information through the Internet to your office computers, keeping it safe even though it moves through a highly public set of networks. On occasion, your firewall will conflict with your VPN software, leaving you without a connection to the office. If this happens, contact your help desk or IT department and notify them of the problem. If you alter your firewall or VPN settings, you could unknowingly open a hole in your corporate network.

Problem: I keep losing my Internet connection.
Solution: If you can’t keep a connection, check your modem, phone line, or any software that governs your connection. But there’s a chance your firewall is the nosy culprit. Some ISPs save money by disconnecting idle users to keep them from chewing up modems and bandwidth. To determine if a user is idle, the ISP sends a heartbeat message a small packet of data to test your connection to your machine. Some firewalls anti block heartbeats because they tend to use protocols that hackers also exploit. Zone Labs is one such firewall, but you can instruct it to permit heartbeats. If and when your ISP cuts your connection, open the Zone Labs Log Viewer by clicking the Alerts & Logs button in the Zone Labs interface. Then peruse the list to find the disconnection alert and note the Source DNS in the Entry Detail field. (DNS stands for Domain Name System, the method computers use to translate domains or Web site names into a set of numbers, and vice versa. Once you’ve found the DNS information a series of four numbers separated by dots add it to Zone Labs’ Trusted Zone. If you can’t find the DNS number you need, call your ISP to ask for the DNS number of the server that sends out heartbeats. Tell them why you need it, too, since it’s not every day that someone asks them for private network data. If you keep your firewall in good working order, you can trust it to keep you safe from the threats that mar an otherwise wonderful Web.

No comments:

Post a Comment