Guarding against intrusion attempts
How Norton Personal Firewall protects against network attacks
71
Because attacks may span packets, Intrusion Detection examines packets
in two different ways. It scans each packet individually looking for patterns
that are typical of an attack. It also monitors the packets as a stream of
information, which lets it identify attacks spread across multiple packets.
If the information matches a known attack, Intrusion Detection
automatically discards the packet and severs the
connection
with the
computer that sent the data. This protects your computer from being
affected in any way.
You can modify how Intrusion Detection responds to attacks by excluding
attack signatures from being monitored and by enabling or disabling
AutoBlock, which automatically blocks all communication with an
attacking computer. By excluding certain network behavior from blocking,
you can continue to be productive, even while your computer is under
attack.
Along with protecting your computer against attacks, Norton Personal
Firewall also monitors all of the information that your computer sends to
other computers. This ensures that your computer cannot be used to attack
other users or be exploited by
zombies
. If Norton Personal Firewall detects
that your computer is sending information that is typical of an attack, it
immediately blocks the connection and warns you about the possible
problem.
To reduce the number of warnings that you receive, Norton Personal
Firewall only monitors attacks that are targeted at ports that your computer
uses. If an attacker attempts to connect to your computer via an inactive
port or a port that has been blocked by the firewall, Norton Personal
Firewall will not notify you because there is no risk of an intrusion.
Norton Personal Firewall does not scan for intrusions by computers in your
Trusted Zone. However, Intrusion Detection does monitor the information
that you send to Trusted computers for signs of zombies and other remote
control attacks.
See
“Keeping
current with
LiveUpdate”
on
page 53.
Intrusion Detection relies on an extensive list of attack signatures to detect
and block suspicious network activity. Run LiveUpdate regularly to ensure
that your list of attack signatures is up to date.
Visual Tracking locates attackers
See
“Identify the
source of
communications”
on page 43.
Norton Personal Firewall now includes Visual Tracking, which lets you get
information about the IP address used for a particular connection. This can
help you identify the source of an attack.
Summary of Contents for Norton Personal Firewall 2003
Page 1: ...User s Guide ...
Page 10: ...Contents 10 Glossary Service and support solutions Index CD Replacement Form ...
Page 14: ...Responding to emergencies Prevent future problems 14 ...
Page 60: ...Keeping current with LiveUpdate Run LiveUpdate automatically 60 ...
Page 102: ...Blocking Internet advertisements Use text strings to identify ads to block or permit 102 ...
Page 116: ...Troubleshooting Norton Personal Firewall Troubleshoot Norton Personal Firewall problems 116 ...
Page 140: ...Glossary 140 ...
Page 144: ...Service and support solutions 144 ...