Firewall protection

ZoneAlarm Pro's firewall protection guards the "doors" into your computer to keep you safe from "fires" out on the Internet.

What is a firewall?

In buildings, a firewall is a barrier that prevents a fire from spreading. In computers, the concept is similar. There are a variety of "fires" there out on the Internet—hacker activity, viruses, worms, and so forth. A firewall is a system that stops the fire from spreading to your computer.

A firewall guards the "doors" to your computer—that is, the ports through which Internet traffic comes in and goes out. The firewall only lets traffic through the ports that you have specified can be used. This has two security benefits:

• No one can sneak into your computer through an unguarded port.
• Programs on your computer can't use unguarded ports to contact the outside world without your permission.

What are ports?

Ports are logical channels through which traffic enters or leaves your computer. Your computer has thousands of ports, each identified by a number.

Whenever a another computer sends a message to your computer, it addresses that message to a specific port. For example, a server delivering a Web page to your browser, using the Hypertext Transfer Protocol (HTTP), traditionally sends to port 80.

What is a protocol?

A protocol is a bit like a language—it is an agreed-on way of transmitting information. The Internet uses many protocols, and each of them is normally associated with a particular port or ports. For example, the NetBIOS protocol, which is used by Windows systems to enable resource sharing on a local network, traditionally uses ports 135, 137-39, and 445.

How does it work?

All Internet traffic—Web pages, e-mail, audio files, and so on—are transmitted in bite-sized chunks called "packets." Each packet is addressed to a particular computer, and to a particular port on that computer.

ZoneAlarm Pro examines every packet that arrives at your computer and asks four questions:

1. What Zone did the message come from? Trusted, Internet, or Blocked?
2. What port is it addressed to?
3. Do the rules for that Zone allow traffic through that port?
4. Are there any other rules the packet violates? (Fragmented, source-routed, etc.? )

	If yes, the packet is allowed in.
	If no, the packet is blocked.

Note This describes the treatment of unsolicited traffic—that is, packets that arrive from the Internet or a local network unexpectedly. Port scans are a good example of unsolicited traffic that ZoneAlarm Pro protects you from. When a permitted program on your computer has established a communications session with another computer, Program Control rules decide what ports can be used.

How does the firewall use Zones and security levels?

The answer to question number three above ("Do the rules for that Zone allow traffic through that port?") depends on the security level that is applied to each Zone.

To choose a security level for a Zone, use the slider controls in the Main tab of the Firewall panel (see the left column in the table below).

To define the meaning of each security level (that is, the ports that are blocked or allowed at that level) , use the Internet Zone tab and Trusted Zone tab in the Custom Securities dialog box (see the right column in the table below).

Zone and security level (set in the Main tab of the Firewall panel)	What the level means (set in Custom Securities dialog box, Internet Zone tab and Trusted Zone tab)
	All ports blocked.

Related Topics

What's a Zone?
Internet Zone tab
Trusted Zone tab

Glossary

Internet Zone
The Internet Zone contains all the computers in the world—except those you have added to the Trusted Zone or Blocked Zone.

ZoneAlarm Pro applies the strictest security to the Internet Zone, keeping you safe from hackers. Meanwhile, the medium security settings of the Trusted Zone enable you to communicate easily with the computers or networks you know and trust—for example, your home network PCs, or your business network.

Trusted Zone
The Trusted Zone contains computers you trust want to share resources with.

For example, if you have three home PCs that are linked together in an Ethernet network, you can put each individual computer or the entire network adapter subnet in the ZoneAlarm Pro Trusted Zone. The Trusted Zone's default medium security settings enable you to safely share files, printers, and other resources over the home network. Hackers are confined to the Internet Zone, where high security settings keep you safe.

Blocked Zone
The Blocked Zone contains computers you want no contact with. ZoneAlarm Pro prevents any communication between your computer and the machines in this Zone.

port scan
A technique hackers use to find unprotected computers on the Internet. Using automated tools, the hacker systematically scans the ports on all the computers in a range of IP addresses, looking for unprotected or "open" ports. Once an open port is located, the hacker can use it as an access point to break in to the unprotected computer.