Security Settings in ZoneAlarm?

GTaudiophile

Lifer
Oct 24, 2000
29,767
32
81
I know I should post this in Software, but I never get a response there.

I'm on a LAN (Georgia Tech), and I'm wondering what my ZoneAlarm (free) settings should be. I had my local setting on Medium and my Internet setting on High, but recently changed my local setting to Low. I did that because I was getting some 500 (the max) alerts within like an hour, most them probably being local noise.

Those of you on a LAN, what are your ZoneAlarm settings?
 

Anghang

Platinum Member
Apr 30, 2001
2,853
0
71
i have it set on high for both intranet and internet...that's just me being paranoid tho, i work in the IT security industry...so i seen some whacked out stuff...

if you know your network and are comfortable with the traffic flowing on it, then how bout setting zonealarm to medium for internal...then high on external...or whatever..scratch that....what it comes down to is like i said, how well do you know and trust your own network? see if you can confirm and identify what all the local noise is...
 

GTaudiophile

Lifer
Oct 24, 2000
29,767
32
81
I noticed that in the Advanced Security settings, I did not have my NIC selected as an adapter subnet. Should I have that checked?
 

Muadib

Lifer
May 30, 2000
17,971
857
126
When I was using it, I also had it set to high. You would be better off not showing the alerts, and not changing your settings. You can go back and read the log later to see what's setting it off.
 

Muadib

Lifer
May 30, 2000
17,971
857
126
I noticed that in the Advanced Security settings, I did not have my NIC selected as an adapter subnet. Should I have that checked?
You don't need to.
 

Anghang

Platinum Member
Apr 30, 2001
2,853
0
71


<< I noticed that in the Advanced Security settings, I did not have my NIC selected as an adapter subnet. Should I have that checked? >>



off the top of my head i wouldn't know, but i know i didn't change that setting from its default when i first installed it...i'm at work right now so i wouldn't be able to see that setting for myself...leave it default if anything...your fine....so long as your able to connect to the net and block unuauthorized traffic...
 

cipher00

Golden Member
Jan 29, 2001
1,295
0
76
If you're on a LAN, then you might want to allow local users' flagging attempts as valid. Somewhere in an advanced tab (sorry, not at my regular box right now) you can specify an address range that ZA will let pass (192.168.xxx.xxx to .yyy, or something of similar ilk).

BTW, the Networking forum gurus should be able to help even more; they're usually around & you'll get a response pretty quickly. You may want to post there.
 

GTaudiophile

Lifer
Oct 24, 2000
29,767
32
81
A lot of the alerts are like this:


The firewall has blocked routed traffic from 62.XXX.XXX.XX (TCP Port 6YYYY) to 128.61.XX.XX (TCP Port 1YYY) [TCP Flags: S].

User: Administrator
Program: Internet Explorer
Time: 2/15/2002 9:01:00 AM
 

Muadib

Lifer
May 30, 2000
17,971
857
126
can't turn off the showing/logging of alerts!
Yes you can. Open Zonealarm and click on the alerts tab, then uncheck the alert popup window. Check the log alerts to a text file so you can still see what is being blocked.
 

Muadib

Lifer
May 30, 2000
17,971
857
126
GTaudiophile, if you didn't make up those ip addresses, you should edit your last post.