Network Security software Sygate Personal Firewall 5.0 (SPF) Lab Tutorial

smileybloatNetworking and Communications

Nov 20, 2013 (4 years and 1 month ago)

99 views

Network Security software



Sygate Personal Firewall 5.0 (SPF)

Lab Tutorial


SPF Introduction


Sygate Personal Firewall offers unparalleled protection against malicious intrusion
attempts by hackers, script kiddies, and cracks. It has the combined power o
f bi
-
directional intrusion detection, vulnerability assessment, and extensive logging and
forensics capabilities.




Protects against Trojans, spyware, worms and other known & unknown threats



Prevents unauthorized or malicious applications from bypassing the

firewall



Enables even inexperienced users to easily customize and fine
-
tune security
policies



Provides best of breed evidence logs for intrusion analysis



Easiest
-
to
-
use PC firewall and still free for personal/home use






















Download and
Installation


SPF 5.0 is free for download and personal/home use. You can download it at
http://soho.sygate.com/products/shield_ov.htm. (You’ll be redirected to download.com)

Same as any other windows application, the installation is quite simple. Double c
licking
the downloaded file, spf.exe, you can start up the installation. The steps you’ll go through
are shown as follows.







































Start it up

License Agreement

Choose Destination location

Choose Program Folder


















After restarting your computer, you can see SPF icon in the system tray.





Un
-
installation is simple also. Select uninstall Sygate Personal Firewall from the program
menu, and answer “yes” to the following dialog box. You need to restart your computer
to fully uninstall it.


Finished
!


Features of SPF


Main Console

The main console o
f Sygate Personal Firewall provides constant, real
-
time updates on
your computer's network traffic, application status, and security level. From the main
console, you can navigate to anywhere else within the firewall.

































Traff
ic History Graphs


The most noticeable feature of Sygate Personal Firewall is the set of Traffic History
graphs that are located below the toolbar on the main console.


















The Traffic History graphs produce a real time picture of the last two

minutes of your
traffic history. The graphs reload new information every second, providing instant data,
as measured in bytes, regarding your incoming and outgoing network traffic.
Additionally, the Attack History graph on the right side of the console pr
ovides
information on attempted attacks against your machine.


Hide Broadcast Traffic: Below the Traffic History graphs are two checkboxes. The Hide
Broadcast Traffic checkbox, if checked, will prevent broadcast traffic from being
displayed in the Traffic
History graphs. This will minimize the appearance of traffic by
limiting the display to unicast traffic only.



Running Applications List


The Running Applications list, which is located below the traffic flow graphs, displays all
applications and services

that are currently accessing (or attempting to access) your
network connection. The status of the applications is also displayed:


Icon

Meaning


If an application has a status of "Allow", and is accessing your network
connection, it is displayed as a normal icon.


If an application has a st
atus of "Ask" and is accessing your network
connection, it's icon will be displayed with a yellow question mark over it.


If an application is be
ing blocked, its icon will be displayed with a red circle
and cross mark over it.


If an icon is displayed with small blue dots over the l
ower
-
left or lower
-
right
corners, then the application is receiving (left dot) or sending (right dot)
traffic through your network connection.


You can change the size of the icons and the information displayed within the Running
Applications field by rig
ht
-
clicking within the field and selecting the desired view from
the list of options provided. Alternately, you can open the view menu at the top of the
main console, and select the desired view from the list provided.





Logs


Understanding Logs


In Syg
ate Personal Firewall, a log is a record of information attempting to enter or exit
you computer through your network connection. There are four separate logs that monitor
different aspects of your network connection.


Logs are an important method for trac
king your computer's activity and interaction with
other computers and computer networks. They particularly useful in detecting potentially
threatening activity, such as port scanning, that is aimed at your computer.


To view the different logs available
in Sygate Personal Firewall, click on the Logs icon
on the toolbar at the top of the main screen.


Click icon to view security log





OR click down arrow and select log type


There are four different log types in Sygate Personal Firewall: System Log, Sec
urity Log,
Traffic Log, and Packet Log.

System Log


The System Log records all operational changes, such as the starting and stopping of
services, detection of network applications, software configuration modifications, and
software execution errors. The S
ystem Log is especially useful for troubleshooting
Sygate Personal Firewall.


Traffic Log


The Traffic Log records every packet of information that enters or leaves a port on your
computer.


Packet Log


The Packet Log captures every packet of data that ent
ers or leaves a port on your
computer. The Packet Log is disabled by default in Sygate Personal Firewall because of
its size.


To enable the Packet Log, open the Options window by selecting Options... from the
Tools menu. Click on the Log File tab and clic
k the check box next to the text Enable
Packet Log. Then click Apply.

Security Log


The Security Log records potentially threatening activity directed towards your computer,
such as port scanning, or denial of service attacks.. The Security Log is probably

the most
important log file in Sygate Personal Firewall.


Back Tracing Hack Attempts and display hops information


From the Security Log file, click on the event you want to back trace so that the entire
row is highlighted.




Either right
-
click the row and

select Back Trace from the pop
-
up window, or click
the Action menu and select Back Trace.




Sygate Personal Firewall will back trace the event information. The Back Trace
Information window will open, displaying a trace route log.




To view detailed inform
ation on the original IP address, click the Whois>> button
at the bottom of the Back Trace Information window. A drop panel appears,
displaying detailed information about the owner of the IP Address from which the
security event originated.




Click the Whoi
s<< button again to hide the information.






















Note: Back Tracing can be used in traffic log, and packet log also.


Setup Traffic Control Rules


Rule Configuration


To create a rule, you must first specify the kind of traffic that should

be affected by the
rule. There are several different characteristics of traffic, each of which you can use to
specify the kind of traffic that you want to control. There are four different sections
within the Advanced Rule Settings window where you can sp
ecify the characteristics of
the traffic: General, Hosts, Ports and Protocols, Scheduling, and Applications.


Adding Rules


When you create a universal rule, first decide what effect you want the rule to have. Do
you want to block all traffic when your scr
eensaver is on? Would you like to allow all
traffic from a particular source? Do you want to block UDP packets from a web site?


For Example: Suppose you want to block all the traffic from and to the IP range of
172.16.*.* to 172.31.*.* on TCP port 22 (SSH
). Apply this rule from every day10PM to
next morning 8AM


To begin, open the Tools menu at the top of the main console, and select Advanced
Rules. The Advanced Rules window will open.


























Click the Add button. The Advanced Rule Setti
ngs window opens. In
General

tab, you
can name the rule.






















In
hosts

tab, you can specify the IP range of the source hosts to be blocked.






















In
Ports and Protocols

tab, you can figure out what kind of protocols will be

restricted
by this rule. In this case, we’re going to block all the TCP traffic on remote port 22.






















In the
scheduling

tab, you can schedule the rule. We will apply it every day from 10 PM
to next morning 8 AM.






















In

Application

tab, if you don’t select any application, the rule will be applied to all
applications.


Once you finish the configuration, you can go back to the Advanced Rules dialog box by
clicking “OK”. The rule we just created will be listed here. A brie
f summary will be
shown if you move your mouse on it.





























Scan Your Computer to Test the Vulnerability


(which is an online service provided by Sygate)


SOS Vulnerability Assessment


Assessing your vulnerability to attack and test
ing your firewall are some of the most
important things you can do to ensure that you are protected from possible intruders.


Click the Test button located on the main console of Sygate Personal Firewall, or select
Test Your System Security from the Tools

menu.


The Sygate® Technologies web page (http://scan.sygatetech.com/) will load, and the
Sygate® Online Services scanner will scan your computer and attempt to determine your
IP address, operating system, and web browser.


Six Different Scans


There are
six different scans available through Sygate® Online Services, listed along the
left side of the main scan page. To view a brief description of the scan, click the name
once. The description will load on the right side of the screen.


To Scan


To utilize a

scan, click on the name of the scan and then click the Scan Now button.


A brief document of frequently asked questions about Sygate® Online Services can also
be accessed from the main scan page, by clicking link labeled Scan FAQ at the bottom,
left hand
side of the screen.


Quick scan


Quickscan is a brief, general scan that encompasses several scan processes. The
Quickscan feature usually takes 40 seconds or less to accurately scan your computer’s
ports, protocols, services, and possible Trojans. Quicksc
an will be recorded in Sygate
Personal Firewall's Security Log.


Stealth scan


Stealth scan scans your computer using specialized stealthing techniques, which mimic
portions of legitimate computer communication in order to detect the presence of a
computer
. The Stealth scan takes about 40 seconds to complete, and will most likely not
be recorded in the Security log.


Trojan scan


The Trojan scan feature scans all of your computer’s 65,535 ports for active Trojan horse
programs that you or someone else may h
ave inadvertently downloaded onto your
computer. The Trojan scan takes about 10 minutes to complete. A list of common Trojans
is available on the Web site.


TCP scan


The TCP scan examines the 1,024 ports that are mainly reserved for TCP services, such
as
instant messaging services, to see if these ports are open to communication. Open ports
indicate a dangerous security hole that can be exploited by malicious hackers.

SOS TCP scan will scan devices such as routers and proxies for users connecting to the
W
eb site through such a device. The scan takes roughly 20 minutes to complete and is
logged by Sygate Personal Firewall as a scan event in the Security log.


UDP scan


The UDP scan uses various methods and protocols to probe for open ports utilizing UDP.
SO
S UDP scan will scan devices such as routers and proxies for users connecting to the
Web site through such a device. The scan takes about 10 minutes and should be logged in
the Security log as a portscan from Sygate®.


ICMP scan


When an SOS scan has compl
eted scanning a user’s computer, it will display a page with
the results of the scan. If a user is running Sygate Personal Firewall, all scans should be
blocked.