may I have a question?I saw this thread http://forums.zonealarm.org/zonelabs...ssage.id=53594
and there is "ZA | Firewall | Trusted Security Zone | first set the slider to Medium not High. Then open the Custom button. Select the "Medium security settings for the Trusted Zone "....
Why should I use Medium setting for the Trusted Zone only? When I use High setting my connection is lost after time. But I would like to leave my Trusted and Internet Zone Setting on High.
My current settings: Internet Zone- High,
Trusted Zone-Med., unchecked "Automatically check for security enf...", checked "This comp is not on an ICS...". It seems it works but I will see how long time...
You may have a question or as many question as you like.
All will be attempted to be answered as best as possible.
Trusted Zone Security slider does the adjusting of the firewall with how it deals or handles the port connections for the Trusted Zone.
The Internet Zone Security slider does the adjusting of the firewall with how it deals or handles the port connections for the Internet Zone.
Basically the firewall (any firewall for that matter) does not control the exact TCP/IP stack or driver - it instead is acting inbetween the stack and the internet/network.
No firewall is replacing the tcp/ip stack of windows - it just steps in the middle and handles things as configured and designed.
Regardless if the ports are open or closed status in windows itself, the firewall steps in between and then controls the port connections and whether or not if the ports are to be stealthed, seen as closed or open.
Basically the firewwall is controlling the traffic to and from the ports, but not actually part of the ports via the tcp/ip stack of windows.
Closed ports are ports that will respond to connections attempts and basically always reply it is not available and the sender will then cease to attempt to connect to the closed port.
A closed port is similar to a closed door - it is closed and there is no enterance.
The closed port is then considered to be 'seen' when it replied back "I am here and do not bother me anymore".
It is visible although not really useable (closed ports will open if they are asked properly or with various tricks, but this is not the usual case - some hackers do know the tricks to 'open' closed ports)
Open ports are ports that respond to connections attempts and basically reply yes it is available and please send more information if you want to connect. Then if the next incoming connection is not related to that open port's useage, then the open port will reply it is not available. It bascially sends back the same message as the closed port - "I am here and do not bother me anymore".
If the incoming connection is designed for that particular port, then the open port will only then allow incoming connections
The open port is then considered to be 'seen' and since it it replied back to the connection attempt it is ready to receive further connections - it is considered to be 'open'.
As to whether or not there are any further connections or actually information entering depends strictly on the reply from the sender showing it is right for that port.
That itself is determined by the actual service/daemon/program associated with that port (netbios is a good example- if something attempts to enter port 139 and it is not designed for that port, even though port 139 is open, there will be no information entering through that port regardless of how many times it attempts to connect. It must have packets showing it is designed strcitly for the service using that port 139 or else no enterance).
Steathed ports are different - there is never a reply as to whether the port is actually open or closed.
Only firewall will stealth ports (even the window's xp firewall will stealth ports) - any networked device has never stealthed ports.
Since there is never a reply as to whether the port is closed or open, the port is then considered to be 'stealthed'.
Stealthed port also means it is similar to a closed port but without the reply that it is closed, but really there is no connections that will pass through by the firewall's stealthing - regardless if the port involved itself is opened or closed.
The port are stealthed by the firewall stepping between the connection and the ports.
Remember the firewaIl is not controlling the actual ports themselves - but it is controlling the connections to and from these ports.
Open and closed port 'states' are 'port status' - so is the newer 'stealthed' port status.
Many firewalls will stealth for the ports by default and offer no slider or settings for adjusting the port status.
Or they will not stealth and offer no port control.
These firewalls are bascially Off or On.
However the ZoneAlarm does offer a slider to vary the port states:
Low is no port control and there is only remaining application control.
Medium is there port control but no stealthing - ports can be sen as either closed or open and the firewall will let outgoing connection to function and if that port desires an open port, then the ZA will allow the connections. The firewall does not step in between the incoming connections and the ports but still controls the outgoing and the application control.
High level is stealthed. There is never a responce from the port.
Trusted Zone is just that - the dhcp and dns servers and any other local area networked device that is allowed.
Internet Zone is just that - everything not Trusted such as web server.
When you set the Trusted Zone Security to High instead of the recommended Medium - it then stealthed the ports and if the the firewall is not configured properly, then the dhcp connections are dropped and thus no more connections.
In other words, DO NOT USE THE HIGH LEVEL for the TRUSTED ZONE SECURITY unless it is perfectly configured with all of the needed expert rules.
On your desktop.
You can use the High level for the Internet Zone Security slider - with no issues unless you are doing IM or some P2P or some program that does need to not have stealthed ports.