ZoneAlarm help - more help is available at www.zonelabs.com/support

5.0 The Security panel

The Security panel displays the security level and general server permissions for the Local and Internet Zones. The ZoneAlarm MailSafe email attachment protection feature is also enabled in this panel.

ZoneAlarm divides the computers on the worldwide network into two zones: the Local Zone and the Internet Zone. The Local Zone includes computers that are connected to your computer on a Local Area Network (LAN), and can include any other computers and networks you choose to add to your Local Zone. The Internet Zone includes everything on the Internet that is not in the Local Zone.

Each zone has a security level selector, allowing you to select a different security level for each zone. The default settings are medium for the Local Zone and high for the Internet Zone. As levels increase, the dynamic firewall places more access restrictions to your computer to protect you from potential threats

The block servers checkbox for each zone lets you prevent all programs from acting as servers for that zone. By checking this option, no application will be allowed to listen for incoming connections for that zone--even if you've checked the "Allow Server" option in the Programs panel. This lets you temporarily block out all server activity to a zone without changing the Program server settings.

The security level for the Internet Zone must be equal or higher than the level selected for the Local Zone.

5.1 Local Zone

The default security access level for the Local Zone is Medium. Application privileges from the Programs panel and Internet Lock settings are enforced by all security access levels. At higher security levels, ZoneAlarm's Dynamic Firewall blocks access to the network and system services:

Low - Enforces application privileges and Internet Lock settings only. Leaves your computer visible to other computers in the Local Zone. The firewall does not block file or printer shares or traffic to and from the Local Zone.
Medium - Default Local Zone setting. File, printer shares and Windows services are allowed for computers belonging to the Local Zone. The automatic lock is enhanced by the firewall and blocks all ports. The computer is visible to the Local Zone.
High - Highest security and application flexibility. The firewall blocks access from the Local Zone to Windows (NetBIOS) services and file and printer shares. Your computer is in Stealth Mode: all ports not currently in use by a program are blocked and not visible to the Local Zone. This mode automatically opens ports only when an approved program needs them.

By default, no computer belongs to the Local Zone. Please see section 5.3 to add computers to your trusted Local Zone.

5.2 Internet Zone

High is the default security access level for the Internet Zone. As with the Local zone, increasing security levels applies more restrictions.

Low - Enforces application privileges and Internet Lock settings only. Leaves your computer visible to other computers in the Internet Zone. The firewall does not block file or printer shares or traffic to and from the Internet Zone.
Medium - File, printer shares and Windows services are allowed. The firewall blocks access from the Internet Zone to Windows (NetBIOS) services. The automatic lock is enhanced by the firewall and blocks all ports. The computer is visible to the Internet Zone.
High - Default Internet Zone setting The firewall blocks access from the Internet Zone to Windows (NetBIOS) services and file and printer shares. Your computer is in Stealth Mode: all ports not currently in use by a program are blocked, and not visible to the Internet Zone. This mode automatically opens ports only when an approved program needs them.

5.3 Advanced Zone Properties

The Advanced Properties dialog lets you expand the reach of your Local Zone. This allows you to keep Internet Zone security settings at a high level, yet allow selected computers to connect with your computer at your Local Zone security level.

The Adapter Subnets section lists all your network and dialup adapters. Checking an adapter automatically adds all the other computers in that network adapter's local subnet to the local zone. If your network is a small local area network, this automatically adds all the nearby computers to your local zone.

ZoneAlarm automatically configures the Adapter Subnets so the subnets of network adapter cards, as well as dial up adapters, are not included in the local zone.

If your computer is part of a Local Area Network, you will need to place a checkmark next to the network adapter cards under Adapter Subnets. This will ensure that you have access to necessary resources of your Local Area Network.

A note for Cable modem users: If you use a network adapter card connected directly to a cable modem to connect to the Internet, you will want to leave the cable subnets unchecked, to prevent your neighbors from being able to access your computer.

If these default settings for the Local Zone don't meet your needs, ZoneAlarm lets you add computers and networks of computers to your Local Zone.

The Advanced Zone Properties dialog lets you add other computers to your Local Zone. Pressing the Add button gives you the choice to add a host (or site) by name, an IP address, a range of IP addresses, or an IP subnet.

Host/Site	Adds a computer name to your Local Zone. You'll be prompted to enter the name of the computer, and you can enter either a domain-style name (such as "ftp.zonelabs.com") or a Windows-style name (such as "FTPSERVER"). Please note that a single computer name might refer to more than one actual computer, if two or more servers cooperate to balance their loads. If this is the case, all the matching computers will be added to the Local Zone.
IP Address	Adds a single IP Address that refers to a single computer to your Local Zone.
IP Range	Adding an IP range adds a series of consecutive IP addresses to your Local Zone.
IP Subnet	Adds a subnet to your Local Zone. This is useful in offices where the Local-Area Network is divided into multiple subnets. For example, if Network printer is on a different subnet than your computer, the Dynamic Firewall will block access to the printer. Adding the printer's subnet to the Local Zone enabling you use the Network printer from your computer, as well as any other computers on the printer's subnet.

If you are in a corporate setting, your computer may be part of a larger corporate network. This network might be divided into smaller networks, or subnets. ZoneAlarm will not recognize the subnets that your computer is not on as being part of your Local Zone. This becomes a problem if your computer is on a different subnet than certain resources such as a network printers. The Advanced Properties of the Dynamic Firewall enable you to add such a resource to your Local Zone.

5.4 ZoneAlarm MailSafe

ZoneAlarm intercepts Visual Basic Script attachments in e-mail that you receive while ZoneAlarm is running and isolates the attachments so you are warned before running these attachments.

Most users will never have a need to receive scripts attached to e-mail and should be suspicious of such attachments. Script attachments are programs that might cause damage to your computer files, violate your privacy, or infect other computers with a dangerous virus. Examples of malicious Visual Basic Script email attachments include the recent "Love Letter" virus and its clones like "Funny Joke".

ZoneAlarm MailSafe does not delete script viruses, but instead protects your PC from damage by letting you identify and choose to cancel the script program before it runs.

ZoneAlarm MailSafe is active by default and can be enabled or disabled in the Security Panel.

ZoneAlarm MailSafe works with Internet mail clients that use POP3 and IMAP protocols, the most common Internet email protocols. At this time, ZoneAlarm MailSafe detects VBScript (.vbs) attachments, but not other types of script attachments (e.g. JavaScript).

Even when running ZoneAlarm with MailSafe active, it is important to use a virus scanner and, in general, to treat email attachments with caution.

BACK TO THE TOP

BACK MAIN NEXT

Copyright (C) 1999, 2000 Zone Labs, Inc. All rights reserved. ZoneAlarm includes TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, and TrueVector are registered trademarks of Zone Labs, Inc.