intego netbarrier x4 user's manual · netbarrier x4 play a sound, put the host automatically...

Intego NetBarrier X4 User's Manual

Intego NetBarrier X4

User's Manual


Intego NetBarrier X4 for Macintosh

© 1999—2006 Intego. All Rights Reserved

Intego

www.intego.com

This manual was written for use with Intego NetBarrier X4 software for Macintosh. This

manual and the Intego NetBarrier X4 software described in it are copyrighted, with all

rights reserved. This manual and the Intego NetBarrier X4 software may not be copied,

except as otherwise provided in your software license or as expressly permitted in writing

by Intego.

The Software is owned by Intego and its suppliers, and its structure, organization and code

are the valuable trade secrets of Intego and its suppliers. The Software is protected by

United States Copyright Law and International Treaty provisions.


Contents

1- About Intego NetBarrier X4 ..................................................................................... 6

What is Intego NetBarrier X4? ....................................................................................................7

Intego NetBarrier X4's Features.................................................................................................................7

Personal Firewall...........................................................................................................................................7

Antivandal ......................................................................................................................................................7

Privacy Protection .........................................................................................................................................9

Monitoring ......................................................................................................................................................9

Using this User’s Manual .......................................................................................................... 10

2—Introduction to Computer Security ..................................................................... 11

Why You Need to be Protected................................................................................................. 12

How Can a Computer be Totally Safe?..................................................................................................13

What Is a Firewall? .....................................................................................................................................13

Friend or Foe? ..............................................................................................................................................14

What You Risk ............................................................................................................................... 15

Why People Break into Computers ........................................................................................................15

The Different Types of Attacks and Intrusions Possible ....................................................................16

Privacy Protection......................................................................................................................... 16

3—Installation ............................................................................................................. 18

System Requirements ................................................................................................................. 19

Installing Intego NetBarrier X4 ............................................................................................... 19

Serializing Intego NetBarrier X4 ............................................................................................ 24

Using Intego NetBarrier X4 in Evaluation Mode............................................................... 25

4—Quick Start.............................................................................................................. 27

Using Intego NetBarrier X4....................................................................................................... 28

Using the Intego NetBarrier X4 Overview Screen ............................................................. 28

Resizing the Intego NetBarrier X4 Window.........................................................................................31

Setting up the Firewall ............................................................................................................... 32

Using the NetBarrier X4 Menu................................................................................................ 37

Intego Widgets ............................................................................................................................... 39

Intego NetBarrier X4 Password Protection .......................................................................... 40

Getting Help................................................................................................................................... 40

Links to the Intego Website ...................................................................................................... 40

5—The 4 Lines of Defense ............................................................................................. 41


Firewall............................................................................................................................................. 42

Firewall settings ..........................................................................................................................................43

The Log..........................................................................................................................................................45

Trojan Horse Protection..............................................................................................................................64

Antivandal ...................................................................................................................................... 66

Policy ..............................................................................................................................................................67

Setting Ping Flood Sensitivity..................................................................................................................70

Setting Port Scan Sensitivity .....................................................................................................................71

Setting SYN Flooding Sensitivity ............................................................................................................72

Alerts ................................................................................................................................................ 73

Attack Counter.............................................................................................................................................75

Alerts..............................................................................................................................................................76

The Stop List .................................................................................................................................................79

The Trusted Group .....................................................................................................................................93

Anti-Spyware ............................................................................................................................... 106

Using the Anti-Spyware Tab .................................................................................................................107

Options.........................................................................................................................................................109

Privacy Filters .............................................................................................................................. 115

Data Filter ...................................................................................................................................................116

Banner Filter...............................................................................................................................................125

Cookie Manager ........................................................................................................................................130

Cleaning Browser Files............................................................................................................................136

Surf Filter ....................................................................................................................................................138

Monitoring .................................................................................................................................... 143

Traffic ...........................................................................................................................................................143

Using the NetBarrier Monitor Application .........................................................................................159

The NetBarrier Monitor Widget ............................................................................................................163

The Intego NetBarrier X4 Monitor Screen Saver ...............................................................................164

Services ........................................................................................................................................................167

Network .......................................................................................................................................................169

Whois ...........................................................................................................................................................174

Traceroute....................................................................................................................................................175

NetUpdate ..................................................................................................................................... 177

6—Preferences and Configurations .......................................................................... 178

Intego NetBarrier X4 Preferences ......................................................................................... 179

Modem.........................................................................................................................................................179

Log Export Preferences ............................................................................................................................180

Traffic Export Preferences........................................................................................................................185

Whois ...........................................................................................................................................................189

Advanced Options ....................................................................................................................................191

About Intego NetBarrier X4 .................................................................................................... 192

Configuration Manager ............................................................................................................ 193

Selecting the Active Configuration .......................................................................................................193


Adding Configuration Sets .....................................................................................................................194

Deleting Configuration Sets ...................................................................................................................195

Renaming Configuration Sets ................................................................................................................196

Exporting Settings .....................................................................................................................................197

Importing Settings.....................................................................................................................................197

7—Customized Protection ........................................................................................ 198

Using Intego NetBarrier X4’s Customized Mode ............................................................ 199

User-configurable Firewall Options .....................................................................................................200

Rule Order ..................................................................................................................................................200

Creating Rules with the Assistant ........................................................................................ 201

Creating Rules ............................................................................................................................. 211

Destinations ................................................................................................................................................221

Services ........................................................................................................................................................227

Interfaces......................................................................................................................................................233

Services Library.........................................................................................................................................237

Deleting Rules ...........................................................................................................................................238

Editing Rules..............................................................................................................................................238

Using the Stop Evaluating Rules Function.........................................................................................239

Using the Rule Contextual Menu .........................................................................................................240

8—Technical Support ................................................................................................. 243

9—Glossary................................................................................................................. 246

Chapter 1 – About Intego NetBarrier X3


1- About Intego NetBarrier X4



What is Intego NetBarrier X4?

Intego NetBarrier X4 is the Internet security solution for Macintosh computers running

Mac OS X. It offers thorough protection against intrusions coming across the Internet or a

local network.

Intego NetBarrier X4 protects your computer from intrusions by constantly filtering all the

activity that enters and leaves through the Internet or a network. Intego NetBarrier X4

protects you from thieves, hackers and intruders, and warns you automatically if any

suspicious activity occurs.

Intego NetBarrier X4's Features

Intego NetBarrier X4 has four lines of defense, to protect your computer and your

data from intrusions and attacks.

Personal Firewall

Intego NetBarrier X4 contains a personal firewall that filters data as it enters and leaves

your computer. A full set of basic filtering rules is used by default, and its Customized

protection mode allows you to create your own rules, if you need to.

Antivandal

Intego NetBarrier X4's Antivandal is a powerful guardian for your computer. It watches

over your computer's network activity, looking for signs of intrusion, and, if it detects

anything, stops the intruder in their tracks and sends you an alert. The Antivandal has

another powerful function, the Stop List, that records the address of any intruder who



attempts to get into your computer, and ensures that they cannot come back. Several

options allow you to choose the type of protection you have on your computer.

Alerts

Intego NetBarrier X4 stops all incoming data that is considered hostile. It can

display an alert dialogue, showing why the data was stopped, and asking you to

allow or deny it. You can also select other alert options, such as having Intego

NetBarrier X4 play a sound, put the host automatically in the Stop List or send an e-

mail message to the address(es) of your choice in the case of an alert.

Stop List

When an intruder is detected trying to break in to your computer, Intego NetBarrier

X4 allows you to put them on the Stop List, where their network address will be

saved, and if a computer with the same address tries to enter your computer again it

will be automatically blocked.

Trusted Group

In some cases, computers you know—friends, not foes—will be blocked by Intego

NetBarrier X4. These may be computers on your local network, blocked because

they are sending pings to your computer, for example. Intego NetBarrier X4 allows

you to put them in the Trusted Group, where they will be considered friends for as

long as you want, ensuring that computers on your network have access to your

computer. It is important to note that the Trusted Group only applies to Intego

NetBarrier X4’s Antivandal functions, and Firewall rules are applied to computers

in the Trusted Group.



Anti-Spyware

Intego NetBarrier X4 lets you control Internet and network access by individual

applications. Whenever an untrusted application tries to connect to the network,

Intego NetBarrier X4 can display an alert, informing you which application is

making the connection. If you want to allow that application to access the

network—if it truly is an application you know should be using the network—then

you can do so. But if an application tries to connect surreptitiously, you can block it

permanently.

Privacy Protection

Intego NetBarrier X4 helps protect your privacy. It filters data to ensure that no sensitive

information leaves your computer, blocks ad banners and lets you manage cookies, deleting

them whenever you want. It can clean your browser's cache and history files. And it has a

unique feature that hides information about your computer: its platform, which browser you

are using, and the last web page you visited.

Monitoring

Intego NetBarrier X4 contains powerful tools for monitoring your network activity and

usage. Its activity gauges show your network traffic in real time, and its additional

monitoring functions give you essential information on your computer, its network, and the

services and connections that are active.

Intego NetBarrier X4 even offers a monitoring screen saver, so you can always keep an eye

on your network traffic.



Using this User’s Manual

You are a:

� Home user, connected to the Internet

If this is your situation, you should read chapter 2, Introduction to Computer

Security, and then go on to chapter 3, Installation, and chapter 4, Quick Start. If you

feel you have learned enough, you can stop there—Intego NetBarrier X4 is configured

to automatically protect your computer from intruders. If you want to know more, go on

and read chapter 5, The Four Lines of Defense.

� Business or Academic user, connected to a local network and the

Internet

If you are connected to a local network, you will want to read the above as well. Intego

NetBarrier X4's basic protection modes will probably be sufficient for you.

� Advanced user, using your computer as a server, or administering a

network

The entire manual concerns your situation, but you will especially want to read chapter

7, Customized Protection, to find out how to create your own rules.

There is a glossary at the end of the manual that defines the specific terms used.

Chapter 2 – Introduction to Computer Security


2—Introduction to Computer Security



Why You Need to be Protected

Whether you use your computer for work or just for surfing the Internet, whether you are

online all day long, or just occasionally, whether you are on a local network in a home

office, or part of a large corporation or educational institution, your computer contains

sensitive information. This may be anything from your credit card numbers to your bank

account information, contracts with customers or employees, confidential projects or e-mail

messages and passwords. No matter what you have on your computer that is for your eyes

only, there is somebody out there who would certainly find it interesting.

The more you use your computer for daily activities, whether personal or professional, the

more information it holds that should be protected.

Think of your computer as a house. You certainly lock your doors and windows when you

go out, but do you protect your computer in the same way? As long as you are connected to

a network, there is a way for wily hackers or computer criminals to get into it—unless you

protect it with Intego NetBarrier X4.

When your computer is connected to a network, whether it be a private, local network, or

the Internet, it is like a house on a street, with doors and windows. Intego NetBarrier X4

works like a lock, to protect those doors and windows. You never know who is watching

when you are connected to a web site. Maybe that gaming site, with the cheats you were

looking for, has a cracker behind it, who wants to snoop on your computer, to see if he can

find anything interesting. Or perhaps that stock market information site, where you went to

get company results, has a curious hacker watching who connects, and who enjoys messing

up people's computers just for fun.



Without Intego NetBarrier X4, you may never know if

anyone is trying to get into your computer.

A computer is only as secure as the people who have access to it. Intego NetBarrier X4

protects your computer by preventing unauthorized network access to your computer, and

by protecting against unauthorized export of private information.

How Can a Computer be Totally Safe?

It has been said that the only truly secure computer is one that is switched off and

unplugged, locked in a titanium-lined safe, buried in a concrete bunker, and surrounded by

nerve gas and very highly-paid armed guards. Obviously, this is not practical—if you have

a computer, you want to be able to use it.

But Intego NetBarrier X4 provides a level of protection that goes far beyond what most

users need, and its customizable rules make it a powerful tool for system and network

administrators, allowing them to adapt the protection to their specific needs.

What Is a Firewall?

A firewall is, as its name suggests, like a wall. It protects your computer or network by

separating users into two groups—those inside the wall, and those outside. It is configured

to determine what access outsiders have to computers inside the wall, and what access

insiders have to computers and networks on the other side of the wall.

A firewall is a kind of filter that acts between your computer, or network, and a wide area

network such as the Internet. It functions by filtering packets of data, and examining where

they come from and where they are going.



Intego NetBarrier X4 allows advanced users to configure specific rules to protect against

foes that wish to infiltrate your computer.

Friend or Foe?

Every wall has to have a gate so people can get in and out. Intego NetBarrier X4's

Antivandal acts as a filter, or a guard standing at the gate in the wall, checking all incoming

and outgoing data for signs of hackers, crackers, vandals, spies, intruders and thieves. This

can be done because there are many "standard" ways to enter an unprotected computer, and

Intego NetBarrier X4 knows these methods.



What You Risk

Why People Break into Computers

People break into computers for many reasons. Sometimes this is done just to get into more

systems; by hopping between many computers before breaking into a new one, crackers

hope to confuse any possible pursuers and put them off the scent. There is an advantage to

be gained in breaking into as many different sites as possible, in order to "launder" your

connections.

Another reason is that some people simply love to play with computers and stretch them to

the limits of their capabilities. This is a bit like people who write graffiti on walls—they

just want to do it because it’s there.

But the more serious invaders are real criminals. These may be competitors, looking for

information on your company's activities, projects or customers; thieves, looking for

passwords and credit card numbers; or simply spies. While most companies have computer

security policies, few of them think of protecting data on their employees' home

computers—but these computers often have sensitive documents that employees have

brought home from work.

Unfortunately, we live in a world where anything of value is a target for thieves. Since

today's economy is built around information, it is obvious that information has become the

latest target. Here's a simple example: last year, on Mother's Day, you sent your mother, or

maybe your wife, some flowers. You ordered by fax, because you don't trust sending your

credit card number over the web. But the document that you typed, containing your credit

card number, is still on your hard disk. If someone found it, they would have your credit

card number, and you might become a victim of fraud.



The Different Types of Attacks and Intrusions Possible

There are many reasons why people attempt to obtain entry into other people's computers,

and many ways to do so. Here are some of them:

� Stealing confidential documents or information.

� Executing commands on your computer that modify the system, erase your hard

disk, or disable your computer.

� Hacking web sites, by replacing pages with different text and graphics.

� Launching denial-of-service attacks that can render your computer temporarily

unusable.

� Getting information about your computer, that will allow someone to break into

your network, or your computer, at a later time.

Privacy Protection

One thing you don't notice when you surf the Internet is how much personal information

different web sites try to get from you. You can clearly see the ones that openly ask you to

register to use them; you enter a user name and a password, and sometimes your name,

address, and other information as well. This information is often used to trace your

behavior, to find what your interests are, and to market products and services to you.

More and more Internet users refuse to give web sites this kind of information. Sometimes

you learn the hard way: you register at a web site, and end up getting spam or e-mail about

things you never requested. By then, it's usually too late.

But web sites have other ways of getting information about you and your behavior. Did you

know that your browser sends information to web sites telling which operating system you

are using, which browser you are surfing with, and even the last web page you visited?



Then there are cookies. A cookie is a file on your hard disk, which contains information

sent by a web server to a web browser and then sent back by the browser each time it

accesses that server. Typically, this is used to authenticate or identify a registered user of a

web site without requiring them to sign in again every time they access that site. Other uses

are maintaining a "shopping basket" of goods you have selected to purchase during a

session at a site, site personalization (presenting different pages to different users), or

tracking a particular user's access to a site.

While cookies can have legitimate uses, as we have seen above, unscrupulous web sites use

them to collect data on your surfing habits. They sell this data to companies that will then

target you specifically for products and services that correspond to these habits, or even

ensure that when you surf on certain sites, you see ad banners that match these habits.

Intego NetBarrier X4's approach to privacy is simple: it provides you with the means to

prevent certain information from being recorded without your knowledge.

Chapter 4 – Quick Start


3—Installation



System Requirements

� Any officially-supported Mac OS X compatible computer

� Mac OS X 10.2.8 or higher, or Mac OS X Server 10.2.8 or higher

� 40 MB free hard disk space

� Minimum screen resolution 800 x 600

Installing Intego NetBarrier X4

If you downloaded the NetBarrier X4 installer from the Internet, locate the disk image file

that you downloaded. Double-click the folder corresponding to the language version that

you want to install. Then double-click the NetBarrier X4 Install file. A window will

display, offering you the options to Install or Uninstall: click Install.



If you bought a boxed version of NetBarrier X4, insert the Intego CD in your computer. A

window will now open. Double-click the folder corresponding to the language version that

you want to install. Then double-click the Intego Software Install icon. A window will open

advising you that you will need a serial number to install the software or that you can install

a demo version without a serial number. Click OK. Select Install in the NetBarrier X4

dropdown list. A green arrow will then display on the NetBarrier X4 icon, indicating that

you have chosen to install this software. Click the Launch Installation… button.



You will need to enter an administrator’s password to install Intego NetBarrier X4 on your

computer.

Click Continue to proceed with installation. The Intego software license displays. Click

Continue, then click Agree if you accept this license; if not, click Disagree, and the installer

will quit.

The next window shows all the available disks or volumes on your computer. Select the

disk or volume where you want to install Intego NetBarrier X4, then click Continue.



Click Upgrade to install Intego NetBarrier X4. This performs a basic installation. If you

wish to perform a custom installation, click Customize. The following window displays:

This window lets you choose which items will be installed. You have the choice of

installing Intego Common Services X4, Intego NetBarrier X4, NetUpdate X4 or all of these

items.

After installation, you will have to restart your computer.



Serializing Intego NetBarrier X4

When you restart your computer, open Intego NetBarrier X4—it is found in your

Applications folder. Intego NetBarrier X4 will display its serialization window:

You must enter your name, company, if any, and your serial number. If you purchased a

boxed version, the serial number is found on a sticker inside the DVD case. If you

purchased a downloadable version, your serial number was sent to you in your e-mail

confirmation. When you have entered your information, click OK. Intego NetBarrier X4

will open, and, if you are an administrator, you can configure the program.

Since Mac OS X is a multi-user operating system, not all users have the same privileges.

When starting up Intego NetBarrier X4 for the first time, any user can enter the serial

number, but only a user with administrator privileges can configure the program.



Using Intego NetBarrier X4 in Evaluation Mode

Intego NetBarrier X4 offers an evaluation mode, to allow you to discover how it works

before purchasing the program. To use Intego NetBarrier X4 in evaluation mode, click

Evaluation Mode when the registration screen displays.

When Intego NetBarrier X4 runs in evaluation mode, it functions for 30 days. At the end of

this period, you can either purchase a license for Intego NetBarrier X4 or delete the

program from your computer.



You can find out how much time is left in your evaluation session by choosing About

Intego NetBarrier X4 from the Intego NetBarrier X4 menu. The About screen tells you that

the program is in evaluation mode, and shows the time remaining in evaluation mode.



4—Quick Start



Using Intego NetBarrier X4

When you first open Intego NetBarrier X4, the Overview screen displays.

Using the Intego NetBarrier X4 Overview Screen

The overview screen gives you quick access to Intego NetBarrier X4's functions and a

summary of all its settings. The Overview screen lets you check on Intego NetBarrier X4 in

a glance. Each section of the Overview screen shows information corresponding to one of

the four lines of defense.



The Firewall section of the Overview screen gives you information

about Firewall, Log and Trojan settings.

The Antivandal section of the Overview screen gives you information

about your Policy of protection, the Stop List, the Trusted Group and

Anti-Spyware.

The Privacy section of the Overview screen gives you information

about Data, Banner, Cookie and Surf filters. It also tells you the last

time you cleaned out your cache files and history files, and lets you

clean them out if you want to.

The Monitoring section of the Overview screen gives you information

about Incoming and Outgoing traffic.



In addition, two other buttons give you access to other features of Intego NetBarrier X4:

The NetUpdate section of the Overview screen gives you information

about the version of Intego NetBarrier X4 you have installed, the last

time you checked for an update and the next scheduled update.

You can return to the Overview screen at any time, no matter which

screen is open, by clicking the Overview button.

The Overview screen also provides one-click access to all of Intego NetBarrier X4's

windows and tabs. As you move your cursor over the white text labels, you'll notice that

these labels become underlined. Just click one of these labels to go directly to its window or

tab.

Click any of the buttons on the left of the window to return to those windows, or click the

Overview button to return to the Overview screen.



Resizing the Intego NetBarrier X4 Window

With the exception of the Overview window, all of Intego NetBarrier X4's windows are

resizable. To change the size of a window, click the lower-right corner of the window and

drag it to the size you want.

You can decrease the size of any window by dragging to make it smaller.



Setting up the Firewall

When you install Intego NetBarrier X4, and restart your Macintosh, it automatically begins

keeping your Mac safe. The Firewall is enabled in Client, local server mode and activity is

written to the Log. In this mode, Intego NetBarrier X4's Firewall protects your computer

when it is functioning as a client and local network server. Activity between your computer

and the Internet is available, as a client, and you can be both client and server on a local

network. For more information about NetBarrier X4’s Firewall Modes, see below.

Intego NetBarrier X4 includes a Setup Assistant to help you quickly and easily adjust

Intego NetBarrier X4's basic settings so they are adapted to your network usage. The first

time you open NetBarrier X4, the Setup Assistant will launch automatically. If you have

upgraded from a previous version of NetBarrier, you will need to launch the Setup

Assistant. To do this, select in the NetBarrier X4 menu NetBarrier X4 Preferences >

Advanced. Then click Show Assistant… at the bottom of the panel. You will need an

administrator’s password to run the Setup Assistant.



The Intego NetBarrier X4 Setup Assistant walks you through a brief guide of its different

functions, then helps you to configure the program:

� Firewall

� Antivandal

� Privacy

� Monitoring

� One more thing

� Configuration



Click the right arrow to begin configuring Intego NetBarrier X4. You can click the left

arrow at any time to return to previous screens.

Or click Cancel if you do not wish to use the Setup Assistant.

The first four screens after the Introduction will tell give you information about each of

Intego NetBarrier X4’s four lines of defense.



You can also learn about the additional tools included in NetBarrier X4 in the One more

thing… screen.

The Configuration screen allows you to choose which NetBarrier X4 configuration you

want to use.

Default

When you choose this level of protection, Intego NetBarrier X4's Firewall is in

Client, local server mode. It protects your computer when it is functioning as a

client and local network server. Activity between your computer and the Internet is

available, as a client, and you can be both client and server on a local network. All



Antivandal and Privacy filters are disabled. This configuration is appropriate for

users who need to allow network access to their computer.

Normal


Client only mode. It protects your computer when it is functioning only as a client

on a local network, or when you are connected to the Internet. The server functions

of your computer are blocked. All Antivandal and Privacy filters are disabled. This

configuration is adapted to the needs of most users who do not use their computer as

a network server.

Strong


Client only mode. It protects your computer when it is functioning only as a client

on a local network, or when you are connected to the Internet. The server functions

of your computer are blocked. All Antivandal and Privacy filters are enabled. This

configuration is recommended for users who want maximal protection. Be aware

that by choosing this configuration, you may block some traffic that you don’t

necessarily wish to block.

Click the Configure button to activate the configuration you have selected.



Using the NetBarrier X4 Menu

Intego software programs install a menu in your menu bar, offering you quick access to

many of the functions of the Intego software installed on your computer. (You can turn off

this menu in the Intego NetUpdate X4 preferences; see the NetUpdate X4 User Manual for

more information.) Click the Intego NetBarrier X4 icon in the menu bar to display the

menu.



You can set the active firewall mode from this menu by selecting one of the six

possibilities. When you do this, the menu bar icon changes to show which firewall mode is

active.

No Restrictions

No Network

Client, Local Server

Server Only

Client Only

Customized

You can also turn on or off certain functions of Intego NetBarrier X4 by selecting them

from the menu. A check mark in the menu shows that the function is on. For example, to

turn on the Banner Filter, select that item in the menu. It will display a check mark showing

it is active.

You can also select configurations from the Intego NetBarrier X4 menu. See Chapter 6,

Preferences and Configurations, for more on creating and using configurations.

And you can open NetBarrier X4 or the Monitor from this menu by selecting Open

NetBarrier X4 or Open NetBarrier Monitor...



Intego Widgets

Two Intego widgets are installed when you install NetBarrier X4. The first widget shows

the status of NetBarrier X4 and all other Intego software that might be running

concurrently, such as Intego Personal Backup X4 or VirusBarrier X4.

The second Intego widget is the NetUpdate widget. It lets you easily check if any updates

are currently available for your Intego software. It looks like this:



Intego NetBarrier X4 Password Protection

Intego NetBarrier X4 uses built-in Mac OS X password protection. In order to install and

configure the program, the user must have administrator’s rights, and log in with an

administrator’s name and password. Other users, who do not have administrator’s rights,

cannot change any of Intego NetBarrier X4’s settings or preferences. These users can view

such things as logs and traffic gauges, but this protection ensures that unauthorized users

cannot make changes to the program’s operation.

Getting Help

You can get help on some of Intego NetBarrier X4’s functions by holding your cursor over

certain texts and zones:

A Tool Tip displays explaining the various functions and features.

Links to the Intego Website

Two links are available from the NetBarrier X4 menu: Go to Intego Website and Register

NetBarrier. The first link takes you to the homepage of the Intego website, while the second

one takes you to the Registration page, where you can register your software and your serial

number.

Chapter 5 — The 4 Lines of Defense


5—The 4 Lines of Defense



Intego NetBarrier X4 is a powerful, easy-to-use program that protects your computer when

connected to a network. It offers four lines of defense to protect your computer from

intrusions and attacks.

Firewall

Intego NetBarrier X4 contains a personal firewall. This is a powerful program that filters all

the data packets that enter or leave your computer, to or from the Internet or a local TCP/IP

network, to allow or prevent data going to and coming from specific sources and

destinations. It also protects you from Trojan Horses by blocking the ports they use.

To view the Firewall screen, click the Firewall button on the left of the main interface. The

Firewall screen displays, with its three tabs: General, Log and Trojans.



Firewall settings

Intego NetBarrier X4's Firewall has 6 different settings that correspond to the way you use

your computer. The first five settings, which use preprogrammed rules, cover all the

situations that you will encounter in normal use. The last setting, Customized, allows you

to design your own rules, to precisely control access to and from your computer.

No restrictions

In this mode, there are no restrictions, and Intego NetBarrier X4's Firewall allows

all incoming and outgoing network data to be sent and received. If you select this

setting, it is as if the Firewall were turned off.

No network

In this mode, Intego NetBarrier X4's Firewall prevents all data from entering or

leaving your computer to or from the Internet or a local TCP/IP network. This is

useful if you are away from your computer and wish to protect it totally.

Client, local server

In this mode, Intego NetBarrier X4's Firewall protects your computer when it is

functioning as a client and local network server. Activity between your computer

and the Internet is available, as a client, and you can be both client and server on a

local network.



Server only


functioning only as a server. The client functions of your computer are blocked.

Client only


functioning only as a client on a local network, or when you are connected to the

Internet. The server functions of your computer are blocked.

Customized

This setting gives you access to Intego NetBarrier X4's most powerful features, by

allowing you to create your own custom Firewall rules. But, since this setting gives

access to powerful possibilities for creating rules and requires knowledge of

networks and protocols, it should only be used by computer users who understand

what the different parameters mean. For more on Customized mode, see chapter 7,

Customized Protection.



The Log

How the Log Works

The Log shows a record of all the activity where Intego NetBarrier X4 has acted. It lists

each time that there has been an incident, the address of the intruder, and the kind of

incident recorded.



Selecting What to Display in the Log

You can choose what type of information is displayed in the Log. Checking any of the

following check boxes will display related activity. If any of them are unchecked, their

activity will not be displayed.

General

This is general Intego NetBarrier X4 activity, such as Intego NetBarrier X4 startup

and alerts.

Firewall

Intego NetBarrier X4 logs all firewall activity, when rules are applied, if logging has

been activated in the rules.

Networking

Intego NetBarrier X4 logs all connections to networks or the Internet, and when IP

addresses in the Stop List attempt to connect to your computer.



Domain Name Resolution

Intego NetBarrier X4 helps you track down intruders by resolving domain names of your

connections. Internet addresses exist in two forms: numbers, such as 255.255.0.0, and

names, such as intego.com. The correspondence between the two is recorded in domain

name servers all across the Internet.

When Name Resolution is checked in the Log panel, Intego NetBarrier X4 will attempt to

find the names for each of the Internet addresses shown in the log. If found, these domains

will then be displayed in their name form, rather than as numbers.

Note: Intego NetBarrier X4 is not always able to resolve the names of some Internet

addresses, since not all such addresses have name equivalents.



Expert Mode

If you choose to display the log in Expert Mode, Intego NetBarrier X4 displays additional

columns in the log. These columns are Source, Protocol, Source Port, Destination Port,

Flags, Interface and Kind.

Pausing the Log

If you have many connections entering and leaving your computer, you may find it difficult

to follow the log as it displays. To help you view the log, click the Pause button. The log

display stops so that you can read the data, but the log keeps recording data and will display

it when the log is no longer paused. Click the Pause button again to resume real-time

display.



Changing the Log Display

You can sort the Log by any of its columns by clicking on the header just above the

column.

You can also sort it in ascending or descending order by either clicking on the column

header again or clicking the sort button, the small triangle in the selected sort column

header.

You can drag any of the columns to change their order. To do this, click and hold one of the

column headers and drag it where you want, then release your mouse button.

You can change the width of any of the Log's columns. To do this, move the cursor to the

line between two columns. The cursor will change, showing that you can move this



boundary. Click the cursor and drag in either direction to make a column wider or

narrower.

To expand the list display, click and hold the lower-right corner of the window and drag it

to the size you want.



Understanding the Log

Each Log entry contains 4 different items:

Icons

The Green icon indicates General activity.

The Yellow icon indicates Firewall activity.

The Red icon indicates Network activity.

Date & Time

This is the date and time of the incident.

Network Address

This is the originating IP address of the incident. If you have checked Name

resolution, you will see the domain names for those addresses that Intego NetBarrier

X4 was able to resolve.

Kind

This is the kind of incident reported.

When the Log displays its contents in Expert mode, more detailed information is shown:

Icons

The Green icon indicates General activity.

The Yellow icon indicates Firewall activity.

The Red icon indicates Network activity.



Date & Time

This is the date and time of the incident.

Source

This is the originating IP address of the incident

Destination

This is the IP address to which the data of the incident was sent. If you have

checked Name resolution, you will see the domain names for those addresses that

Intego NetBarrier X4 was able to resolve.

Protocol

This is TCP, UDP, ICMP or IGMP.

Src Port

The source port, or the port from which the data is sent.

Dest Port

The destination port, or the port to which the data is sent.

Flags

This displays the following TCP flags: A (acknowledge), S (synchronize sequence

number), F (end of data), or R (reset).

Interface

This is the network interface used to send the data. If you have more than one

network interface (such as an Ethernet card and an AirPort card) this specifies the



interface. If you only have one interface this column always displays the same

information.

Kind

This is the kind of incident reported.

Clearing the Log

To clear the Log, and erase all information stored in the Log, click Clear...; a dialog

displays asking if you really want to clear the Log. Click Clear to clear the Log, or click

Cancel to cancel the operation.



Selecting Log Data

You can select log data to copy, and paste into another program or to drag into another

window. You can make multiple selections in the Log window. To do this, select one item,

hold down the Shift key, and select another item a few lines away. All the lines between the

beginning and the end of your selection will be highlighted. To make a non-contiguous

selection, hold down the Command key and select several non-contiguous lines.

After you have selected log data, you can copy it, if you wish to paste it into another

application, or drag and drop it into another application's window, or on the desktop.



Log Window Contextual Menu

If you hold down the control key and click any Log entry a contextual menu displays.

This menu allows you to do the following:

Copy to Clipboard

If you select Copy to Clipboard from the contextual menu, the content of this line

will be copied to the clipboard. You can then paste it into any application or

document.

Add to Trusted Group

If you select Add to Trusted Group from the contextual menu, the IP address will be

added to the Trusted Group. For more on the Trusted Group, see the Trusted Group

section later in this chapter.



Add to Stop List

If you select Add to Stop List from the contextual menu, the IP address will be

added to the Stop List. For more on the Stop List, see the Stop List section later in

this chapter.

Find Domain Info

If you select Find Domain Info from the contextual menu, Intego NetBarrier X4 will

switch to the Whois tab and look up the domain name or IP address using its Whois

function. For more on Whois, see the Whois section later in this chapter.

Find Route

If you select Find Route from the contextual menu, Intego NetBarrier X4 will

switch to the Traceroute tab and look up the route between your computer and the

IP address in the log.



Exporting the Log

You can export log data in several formats. When doing a manual export, only the data

displayed is exported—if you have only checked, say, Firewall in the Log panel, only

Firewall data will be exported. (You can also have the Log data exported automatically. For

more on this, see chapter 6, Log Export Preferences.)

To export Log data, click the Export... button. A dialog will prompt you to save the file;

you may change its name if you wish. Choose where you wish to save it—by default, all

export files are saved to the current user’s Documents folder.

Logs can be exported in six formats. Click the Format popup menu to select the export

format.

You can choose from the following formats:

Expert HTML

This is the log in HTML format with additional columns. It shows that same

information as the log when in Expert mode.



Expert Text

This is the log in text format with additional columns. It shows that same

information as the log when in Expert mode, and has tabs separating the columns,

which can be easily imported into a spreadsheet.

HTML

This is the log in HTML, which is readable by any web browser, and is presented in

table form.

Analytic

This is similar to Expert Text format, without tab separators, but with labels in front

of some fields.

Text

This is the log in text format, which can be read by any word processor.

Who's there?

This format saves the log as a text file, with the following information:

DATE: The date of the connection.

TIME: The time of the connection.

RESULT: The result of the connection.

HOSTNAME: The host IP address.

SERVER_PORT: The server port used for the connection.

METHOD: The type of connection; TCP or UDP.

Click Save. You will now have a copy of your log that you can open with any word

processor (text), spreadsheet (text) or web browser (HTML).



Displaying the Log Window

The Log window can be displayed alone, without the rest of Intego NetBarrier X4’s

interface. To do this, select Show Log Window from the Window menu. This displays the

Log in a new window that you can resize, to make it easier to view long logs.

Provided that the NetBarrier X4 interface is launched, you can also display the Log window

at any time by pressing Command+Option+L.



Using the Log Window Toolbar

When you display the log window, Intego NetBarrier X3 offers you additional tools in the

log window toolbar. These tools let you filter log data, and print, export and clear the log.

To see this toolbar, select View > Show Toolbar.

To hide the toolbar, select View > Hide Toolbar.

Printing the Log

To print the entire log, click the Print button in the log window toolbar. This displays a

standard print dialog where you can choose printing options according to the type of printer

you have.



Exporting the Log

To export the entire log, click the Export button in the log window toolbar. This lets you

export the log in any of six formats. For more on these formats, see Exporting the Log

above.

Clearing the Log

To clear the Log, and erase all information stored in the Log, click the Clear button in the

log window toolbar. A dialog displays asking if you really want to clear the Log. Click

Clear to clear the Log, or click Cancel to cancel the operation.

Filtering Data in the Log Window

The log window toolbar contains a search field that lets you filter data in the log window

according to several criteria, displaying only those entries that contain the selected criteria.

You can search for log entries by any of the following criteria:

� Source address

� Destination address

� Source port

� Destination port

� Interface

� Protocol



To search for log data containing any of these criteria, click the disclosure triangle next to

the Search icon.

Select the criteria you want to search for, then enter a search string in the Search field. You

don't need to enter the entire string; the display is dynamic, and automatically narrows

down the log data as you enter characters in the search field.



In the example below, entering 208 in the search field sorts the log data so only those lines

with 208 in the source address display.

This dynamic filtering only works from the beginning of an entry; entering 168

would not produce the display in the example above.

To clear the search field and begin a new search, click the Clear button in the

search field.



Trojan Horse Protection

Trojan Horses are applications that are surreptitiously installed on your computer, either by

virus-laden attachments you receive with e-mail messages, or by other programs, which

may be shareware or freeware programs. In some cases, programs install a specific type of

Trojan Horse, known as spyware, which sends personal information to a server. Since the

connection is made from your computer, it is generally trusted; but Intego NetBarrier X4

knows how to spot the actions of the most common Trojan Horses and block them in their

tracks. There have been cases where such programs have sent information on users’

browsing habits to a central server; other Trojan Horses open backdoors in your computer

that allow hackers to take control of it or delete files.



To turn on Trojan horse protection, click the On button, then click the check boxes of the

Trojans to select them.

You can also enable Trojan blocking for an individual Trojan horse, or for all Trojan

horses, by holding down the Control key on your keyboard and clicking on the name of a

Trojan. A contextual menu displays.

Select Enable to enable protection for the selected Trojan horse, or select Enable All to

enable protection for all Trojan horses.

You can disable individual Trojan horses or all Trojan horses in the same manner.



Antivandal

Intego NetBarrier X4's Antivandal watches over all the data entering your computer, and

filters it, looking for signs of intrusion. This filtering is transparent—the only time Intego

NetBarrier X4 will show itself is if suspicious data is detected. If this occurs, an alert

displays. Otherwise, Antivandal silently monitors your computer's network activity at all

times.



Policy

The Antivandal panel has several Policy options that affect Intego NetBarrier X4's anti-

intrusion protection.

IIS Attacks

If this is checked, Intego NetBarrier X4 detects CodeRed and nimda requests sent to

your computer if it is configured as a web server, or if you have a server expecting

calls to HTTP ports. This protects you from denial of service attacks.

Intrusion Attempts

If this is checked, Intego NetBarrier X4 displays an alert if three incorrect password

requests are sent to your machine, in an attempt to connect to it, in a given period of

time. This applies to connection attempts to Web Sharing, File Sharing or FTP.



Ping Attacks

If this is checked, hostile pings are automatically blocked. Pings are accepted, but if

the number or frequency of pings exceeds Intego NetBarrier X4's limits, they are

blocked.

Ping Broadcasts

If this is checked, ping broadcasts will be blocked.

Protect against port scans

If this is checked, port scanning is automatically blocked. You may want to leave

this unchecked if your computer is functioning as a server.

SYN Flooding

If this is checked, the number of incoming connections to your computer is

automatically limited to prevent denial of service attacks

Options

Additional filtering options are available within the Options panel of the Policy tab.

Stealth mode (prohibit ping replies)

If this is checked, your computer will be invisible to other computers on the Internet

or on a local network. You will not, however, be anonymous—any requests you

send to other hosts will include your computer's IP address.

Stop unknown protocols

If this is checked, any unknown protocols are automatically blocked.



Deny Apple Remote Desktop Control

If this is checked, NetBarrier X4 blocks all requests to use Apple Remote Desktop

software.

Allow PORT mode FTP transfers

If this is checked, you will be able to make FTP transfers when functioning in Client

only Firewall mode.

E-mail

You must configure your e-mail settings if you wish to receive any alert notifications by e-

mail. Click the Configure… button and enter the correct information for your mail settings.

The e-mail address for the Sender and Recipient must be entered, as well as the Outgoing

Mail Server. E-mail messages can be sent to multiple recipients. To add a recipient, click

the + button. To remove a recipient, click the – button.

The lower half of the pane should be filled out if your mail server requires authentication to

send e-mail messages. Check with your system administrator if you are unsure whether

your mail server requires authentication.

Policy

If you want to use the same Policy settings for all the different types of protection that

NetBarrier X4 provides, simply check the box next to Use same policy for all protections.

Uncheck the box to set individual, customized Policy settings for each type of protection.



Setting Ping Flood Sensitivity

You can adjust the sensitivity of NetBarrier X4’s ping attack protection. If your computer is

on a network, it is normal that your network administrator ping your computer from time to

time. However, if your computer is isolated, it is rare that it be pinged. One exception is if

you have a DSL or cable connection; your ISP might ping your computer to check if it is

on-line.

To adjust the ping flooding sensitivity, select Ping Attacks and click the Advanced tab.

Slide the blue marker to the left to lower sensitivity or to the right to raise it. If you are on a

network and get too many alerts, you should lower the ping flooding sensitivity.



Setting Port Scan Sensitivity

You can adjust the sensitivity of Net Barrier X’s port scan protection.

To adjust the port scan sensitivity, select Port Scans Attacks and click the Advanced tab.

Slide the blue marker to the left to lower sensitivity or to the right to raise it. If you are on a

network and get too many alerts, you should lower the port scan sensitivity.



Setting SYN Flooding Sensitivity

You can adjust the sensitivity of Net Barrier X4’s SYN flooding protection.

To adjust the SYN Flooding sensitivity, select SYN Flooding Attacks and click the

Advanced tab. Slide the blue marker to the left to lower sensitivity or to the right to raise it.

If your computer functions as a server, and you get too many alerts, you should lower the

SYN flooding sensitivity.



Alerts

Understanding Alerts

Intego NetBarrier X4 constantly monitors all of your computer's network activity, whether

it is to the Internet or a local network. It is pre-configured to look out for specific types of

data that indicate an intrusion or attack. If any suspicious data is found, Intego NetBarrier

X4 displays an alert, asking you whether you wish to allow the data to be sent or deny it.

The following is an example of an alert. The top line shows the reason for the alert. Here,

an Intrusion Attempt was detected. The host, 10.0.1.90, shown by its IP address, tried to

attack this computer with a ping flood. Two buttons on the lower right allow you to decide

what action to take for this alert.

If you click the More Info… arrow at the bottom left, an information field is displayed,

showing the cause of the alert.



By clicking on the DNS lookup button (the ? ), you can toggle from the numerical IP

address to the actual domain name of the offender, if there is one.

There are two ways you can respond to alerts:

Stop List

The default response to all alerts is Stop List. If you click this button, or press the

Enter or Return key, the data being received will be refused and the intrusion will be

blocked. When this happens, the packet is dropped, and it is as if the data was never

received. If the suspicious packet is part of a file, this means that the file will not

reach its destination. If it is a command, the command will not have a chance to be

carried out, since it will not reach its target.

If you click Stop List, the IP address that caused this alert to be displayed will be

automatically added to the Stop List, and kept there for the default time that has

been set. (See Stop List, chapter 5.) This time can be changed in the pop-up menu.

Ignore

If you click this button, you will allow the data to be received. Data transmission

will continue as usual, unless Intego NetBarrier X4 detects another attempted

intrusion. In this case, another alert displays.



Attack Counter

Intego NetBarrier X4 records the number of attacks it has protected you from and displays

this number in a counter at the bottom of the Policy window in the Antivandal tab. It also

shows the type of attack it blocked last, and the date and time of the last attack.

To reset this counter, click the Reset button next to the counter.



Alerts

Intego NetBarrier X4 can alert you when an attack occurs. Each type of attack has several

options as to how Intego NetBarrier X4 acts when an alert is triggered, allowing you to

choose the configuration that meets your needs.

Put in Stop List for:

If this is checked, the connection is automatically dropped when there is an alert,

and the offending IP address is immediately placed in the Stop List. (See Stop List,

chapter 5.) A field to the right of this button allows you to specify the default time

period that the offending IP address will remain in the Stop List. You can choose

any number of seconds, minutes, hours or days, or choose to have the intruder

remain in the Stop List permanently.



Ask

If this is checked, Intego NetBarrier X4 presents an Alert dialog asking what to do.

It is up to you to decide how the Alert is then to be handled. This Alert dialog shows

the Stop List time period selected in the Alert options by default, but this time can

be changed in the Alerts screen.

Bring dialog to the front

If this is checked, the Intego NetBarrier X4 alert comes to the front

automatically whenever there is an alert. If not, it remains in the background.

If no action is taken within 90 seconds, the alert automatically closes, and

the connection is denied.

Speak the Alert Text

If this is checked, Intego NetBarrier X4 uses Mac OS X Text-to-Speech to

speak the text of the alert.

Don't Ask when the Current User is not an Administrator

If this is checked, Intego NetBarrier X4 does not ask if the current user is not

an administrator, and automatically puts the offending host in the Stop List.

Play sound to notify

If this is checked, Intego NetBarrier X4 plays the sound of your choice whenever

there is an alert. You can select the sound you wish to have played from the pop-up

menu to the right of the button.



Send e-mail

If this is checked, Intego NetBarrier X4 automatically sends an e-mail message to

the address configured in the Options panel (see above), within 30 seconds. (Intego

NetBarrier X4 waits to see if there are other intrusion attempts, rather than send an

e-mail message each time.)



The Stop List

The Stop List is a powerful feature of Intego NetBarrier X4 that ensures that once an

attempted attack or intrusion has been foiled, the originating machine is not allowed to send

any data to your computer, and your computer is not allowed to connect to them either. The

offender can be put on the Stop List for a limited time, or indefinitely. The default time that

the offender remains on the Stop List can be set in the Alerts screen (see above).



Stop List information

The Stop List panel displays information on the various IP addresses that are currently in

the Stop List, if any.

Intruder

This is the IP address of the offender.

Remaining time

This is the time that the offending IP address is scheduled to remain in the Stop List.

If a host has been entered permanently in the Stop List, a check box displays to the left of

their IP address. You can uncheck this check box if you wish to temporarily allow the host

to access your computer while still retaining them in the Stop List. To block the host again,

check the check box.



Other Stop List information

If you click once on an address in the Stop List, some additional information displays on

the right side of the panel.

Host

At the top of this section is the IP address of the offender. By clicking the DNS

lookup button (the ? ), you can toggle from the numerical IP address to the actual

domain name of the offender, if there is one. You can display this address in large

type by moving your cursor over the Host label until the label highlights, clicking,

and selecting Large Type from the contextual menu.

Reason

A line of text tells you how the IP address was added to the Stop List (here, it was

added because of a Ping Flood attack).

Total Time

The Total Time is the amount of time the host is to remain in the Stop List. If you

click Total Time, you can see the Remaining Time that the offender will remain in



the Stop List. If you click Remaining Time, the Elapsed Time will display,

indicating how long the offender has been in the Stop List. Clicking Elapsed Time

will display the Total Time once again.

Arrival

The Arrival section tells you when the address was added to the Stop List

Departure

The Departure section tells you when the address will leave the Stop List. You can

change the Departure by moving your cursor over the Departure label until the label

highlights, clicking, selecting Add or Remove from the contextual menu, then

selecting an amount of time to add or subtract to the current total time.

Note

The text field in the lower half of this section contains any comments you have

entered in the Stop List for this IP address, or any comments added by Intego

NetBarrier X4. See below to find out how to enter or add comments to a Stop List

entry.



Changing the List Display

You can sort the Stop List by any of its columns by clicking on the header just above the

column.

You can also sort it in ascending or descending direction by clicking on the sort button, the

small triangle in the selected sort column header.

You can drag any of the columns to change their order. To do this, click one of the column

headers and drag it where you want, then release your mouse button.



Adding addresses to the Stop List

There are three ways to add addresses to the Stop List. The first is by responding to an

Alert. (See above, Alerts.) If an Alert displays, and you reply Stop List, the offending IP

address is automatically added to the Stop List.

The second is by selecting an IP address in the Log window and choosing Add to Stop List

from the contextual menu. For more on this, see above, Log Window Contextual Menu.

You can also manually add addresses to the Stop List. To do this, click Add... The Stop List

Editor displays.

Enter a host address in the Host field, and select the time this address is to remain in the

Stop List by entering a number in the Duration field; select a time unit from the pop-up

menu. If you do not know the numerical IP address of the host you wish to add, enter its

name and click the ? button. Intego NetBarrier X4 queries your Internet provider’s DNS

server, and enters the correct number in the field. You can also add comments, such as the



reason for adding the address to the Stop List, in the Comments field. If you decide you do

not wish to add this address to the Stop List, click Cancel.

Using Wildcards in the Stop List

You can use wildcards to block ranges of IP addresses in the Stop List. To do this, enter the

first part of the IP address you wish to block, followed by asterisks, in the following form:

192.*.*.* or 192.192.*.* or 192.192.192.* This will block all addresses containing the

numbers you have entered, whatever their endings are.



Removing Addresses from the Stop List

To remove an address from the Stop List, click the address you would like to remove, then

click Remove. A dialog asks if you really want to remove the address; click Remove. The

address is removed. If you decide you do not want to delete this address, click Cancel. You

can select multiple contiguous addresses, by shift-clicking, or non-contiguous addresses, by

command-clicking, and delete them all together.

You can also remove an address from the Stop List by clicking the address while holding

down the control key on your keyboard, then selecting Remove… from the contextual

menu that is displayed. A dialog asks if you really want to remove the address; click OK.

The address is removed. If you decide you do not want to delete this address, click Cancel.



Moving Addresses from the Stop List to the Trusted Group

You may decide that you want to move an address from the Stop List to the Trusted Group

To do this, hold down the control key on your keyboard, then select Switch to Trusted

Group from the contextual menu that is displayed.

This moves the address to the Trusted Group. For more on using the Trusted Group, see

below, The Trusted Group.



Editing an Address in the Stop List

To edit an address in the Stop List, click the address you would like to edit, then click the

pencil button at the bottom left side of the pane. (You can also double-click the address, or

click the address while holding down the control key on your keyboard, then select Edit…)

The Stop List Editor displays, showing you the address, and you can change the address,

add or change comments, or change the time you want it to remain on the Stop List. To

confirm your changes, click OK, or to leave the address and other information as they were,

click Cancel.



You can also change the amount of time a host is in the Stop List using a contextual menu.

Move the cursor over the Departure label in the Stop List; this label highlights. Click this

label, and select Add or Remove, then select a time value from the popup menu.

Select the amount of time you want to extend or shorten the host's presence in the Stop List.

This time is added or subtracted immediately.



Copying Addresses from the Stop List

You can select addresses in the Stop List and copy them, to paste them into another

application. To do this, click a line of the Stop List, then copy the address by pressing

Command+C. You can select multiple contiguous addresses, by shift-clicking, or non-

contiguous addresses, by command-clicking, and copy them all together.

You can drag selected addresses into another application window. To do this, select one or

several addresses, as above, click one of the selected lines, and drag them into another open

window.



The Stop List Contextual Menu

As you have seen above, you can click an address in the Stop List, while holding down the

control key on your keyboard, and a contextual menu displays. This menu contains several

functions.

Copy to Clipboard

If you select Copy to Clipboard from the contextual menu, the address is copied to

the clipboard. You can then paste it into any application or document.

Edit...

If you select Edit... from the contextual menu, you can edit the Stop List entry. See

above, Editing an Address in the Stop List.

Remove...

If you select Remove... from the contextual menu, you can remove the Stop List

entry. See above, Removing Addresses from the Stop List.



Switch to Trusted Group

You may decide that you want to move an address from the Stop List to the Trusted Group

To do this, hold down the control key on your keyboard, then select Switch to Trusted

Group from the contextual menu that is displayed.

If you select Switch to Trusted Group from the contextual menu, you can move the

address from the Stop List to the Trusted Group. See above, Moving Addresses

from the Stop List to the Trusted Group.

Find Domain Info

If you select Find Domain Info from the contextual menu, Intego NetBarrier X4’s

Whois panel opens and looks up the domain name, giving you information on that

domain. For more about Whois, see the Whois section below.

Find Route

If you select Find Route from the contextual menu, Intego NetBarrier X4's

Traceroute panel opens and searches for the route between your computer and the

host. For more about Traceroute, see the Traceroute section below.



The Trusted Group

The Trusted Group feature allows you to select “friendly” computers that are not treated as

intruders if they perform certain actions, such as sending pings or other requests. It is a kind

of friendly Stop List. While the Stop List protects you from foes, the Trusted Group

contains your friends. You can add computers on your local network or other hosts on the

Internet that you are certain to be friendly. This ensures that Intego NetBarrier X4’s

Antivandal does not block their access nor set off alerts for any actions they carry out. They

are, however, be affected by all the active Firewall rules.



Trusted Group Information

The Trusted Group panel shows you information on the various IP addresses that are

currently in the Trusted Group, if any.

Host

This is the IP address of the friendly computer.

Remaining Time

This is the time that the friendly computer is scheduled to remain in the Trusted

Group.



Other Trusted Group information

If you click an address in the Trusted Group, some additional information displays on the

right side of the panel.

Host

At the top of this section is the IP address of the friendly computer. By clicking on

the DNS lookup button (the ? ), you can toggle from the numerical IP address to the

actual domain name of the friendly computer, if there is one. You can display this

address in large type by moving your cursor over the Host label until the label

highlights, clicking, and selecting Large Type from the contextual menu.

Total Time

The Total Time is the amount of time the host is to remain in the Trusted Group. If

you click Total Time, you can see the Remaining Time that the offender will remain

in the Stop List. If you click Remaining Time, the Elapsed Time will display,

indicating how long the offender has been in the Stop List. Clicking Elapsed Time

will display the Total Time once again.



Arrival

The Arrival section tells you when the address was added to the Trusted Group.

Departure

The Departure section tells you when the address will leave the Trusted Group.

You can change the Departure by moving your cursor over the Departure label until

the label highlights, clicking, selecting Add or Remove from the contextual menu,

then selecting an amount of time to add or subtract to the current total time.

Note

The text field in the lower half of this section contains any comments you have

entered in the Trusted Group for this IP address. See below to find out how to enter

or add comments to a Trusted Group entry.



Changing the List Display

You can sort the Trusted Group list by any of its columns by clicking on the header just

above the column.

You can also sort it in ascending or descending order by clicking the sort button, the small

triangle in the selected sort column header.

You can drag either of the columns to change their order. To do this, click one of the

column headers and drag it where you want, then release your mouse button.



Adding Addresses to the Trusted Group

There are three ways to add addresses to the Trusted Group. The first is by selecting an IP

address in the Log window, and choosing Add to Trusted Group from the contextual menu.

For more on this, see above, Log Window Contextual Menu.

The second is to move an address from the Stop List to the Trusted Group via the

contextual menu. For more on this, see above, Moving Addresses from the Stop List to

the Trusted Group.

You can also manually add addresses to the Trusted Group. To do this, click the + button in

the lower left-hand corner of the panel. The Trusted Group Editor displays.

Enter a host address in the Host field, and select the time this address is to remain in the

Trusted Group by entering a number in the Duration field; select a time unit from the pop-

up menu. If you do not know the numerical IP address of the host you wish to add, enter its

name and click the ? button. Intego NetBarrier X4 queries your Internet provider’s DNS

server, and enters the correct number in the field. You can also add comments, such as the



reason for adding the address to the Trusted Group, in the Comments field. If you decide

you do not wish to add this address to the Trusted Group, click Cancel.

Using Wild Cards in the Trusted Group

You can use wild cards to allow ranges of IP addresses in the Trusted Group. To do this,

enter the first part of the IP address you wish to add to the Trusted Group, followed by

asterisks, in the following form: 192.*.*.* or 192.192.*.* or 192.192.192.* This adds to the

Trusted Group all addresses containing the numbers you have entered, whatever their

endings.



Removing Addresses from the Trusted Group

To remove an address from the Trusted Group, click the address you would like to remove,

then click Remove. A dialog asks if you really want to remove the address; click Remove.

The address is removed. If you decide you do not want to delete this address, click Cancel.

You can select multiple contiguous addresses, by shift-clicking, or non-contiguous

addresses, by command-clicking, and delete them all together.

You can also remove an address from the Trusted Group by clicking the address while

holding down the control key on your keyboard, then selecting Remove… from the

contextual menu that is displayed. A dialog asks if you really want to remove the address;

click Remove. The address is removed. If you decide you do not want to delete this

address, click Cancel.



Editing an Address in the Trusted Group

To edit an address in the Trusted Group, click once on the address you would like to edit,

then click the pencil button at the pencil button at the bottom left side of the pane.. (You

can also double-click the address, or click the address while holding down the control key

on your keyboard, then select Edit…)

The Trusted Group Editor displays, showing you the address, and you can change the

address, add or change comments, or change the time you want it to remain on the Trusted

Group. To confirm your changes, click OK, or to leave the address and other information as

they were, click Cancel.



You can also change the amount of time a host is in the Trusted Group using a contextual

menu. Move the cursor over the Duration label in the Trusted Group; this label highlights.

Click this label, and select Add or Remove, then select a time value from the popup menu.

Select the amount of time you want to extend or shorten the host's presence in the Trusted

Group. This time is added or subtracted immediately.



Copying Addresses from the Trusted Group

You can select addresses in the Trusted Group and copy them, to paste them into another

application. To do this, click a line of the Trusted Group, then copy the address. You can

select multiple contiguous addresses, by shift-clicking, or non-contiguous addresses, by

command-clicking, and copy them all together.

You can drag selected addresses into another application window. To do this, select one or

several addresses, as above, click your cursor on one of the selected lines, and drag them

into another open window.



The Trusted Group Contextual Menu

As you have seen above, you can click an address in the Trusted Group, while holding

down the control key on your keyboard, and a contextual menu displays. This menu

contains several functions.

Copy to Clipboard

If you select Copy to Clipboard from the contextual menu, the address is copied to

the clipboard. You can then paste it into any application or document.

Edit...

If you select Edit... from the contextual menu, you can edit the Trusted Group entry.

See above, Editing an Address in the Trusted Group.

Remove...

If you select Remove... from the contextual menu, you can remove the Trusted

Group entry. See above, Removing Addresses from the Trusted Group.



Switch to Stop List

If you select Switch to Stop List from the contextual menu, you can immediately

move the entry form the Trusted Group to the Stop List.

Find Domain Info

If you select Find Domain Info from the contextual menu, Intego NetBarrier X4’s

Whois panel opens and looks up the domain name, giving you information on that

domain. For more about Whois, see the Whois section below.

Find Route

If you select Find Route from the contextual menu, Intego NetBarrier X4's

Traceroute panel opens and searches for the route between your computer and the

host. For more about Traceroute, see the Traceroute section below.



Anti-Spyware

Intego NetBarrier X4 lets you control Internet and network access for individual

applications. While your firewall settings may allow general network access, the Anti-

Spyware tab lets you choose how Intego NetBarrier X4 reacts when specific applications

try to access the network. This helps you in two ways:

� If you wish to prevent users from accessing the network with specific applications,

you can choose to block them in the Applications tab.

� If an application attempts to connect to the network without your awareness, Intego

NetBarrier X4 stops it in its tracks, alerts you, and waits for you to decide whether

to allow it to do so or to deny access.

Your computer has many applications that may access the Internet or other networks: web

browsers, e-mail programs, FTP (file transfer) programs, instant messaging applications,

and more. While all of these applications are designed to access the Internet, and you are

aware of that, others may do so without your awareness. In some cases, these may be

programs designed to automatically check for software updates, such as Intego NetUpdate.

You may have set these programs to check at specific intervals, but may be surprised when

you see network activity occurring in the background. But in other cases, programs may

connect to the network without telling you, in order to verify the serial numbers of software

installed on your computer, collect and send personal information without your awareness,

or open a backdoor on your computer to provide access to hackers or vandals.



Using the Anti-Spyware Tab

The Intego NetBarrier X4 Anti-Spyware screen lets you choose how the program reacts

when a new application attempts to connect to the Internet or any other network.

To turn on Application Blocking, click the On button.



Then select one of the four behavior options for undefined applications:

Allow outgoing connections

If you check this, Intego NetBarrier X4 allows all applications to access the Internet

or any other network. However, any firewall rules you may have defined concerning

access to and from specific ports still function. For example, if an FTP program

attempts to connect to a web page, Intego NetBarrier X4 does not block the

application, but if you have set up a firewall rule blocking port 20, the standard FTP

port, the data does not go through. If the FTP program attempts to make a

connection to a different port, it is not blocked.

Deny outgoing connections

If you check this, Intego NetBarrier X4 blocks all access to the Internet or other

network. This supercedes all firewall rules you have defined.

Ask (Allow on time-out)

If you check this, Intego NetBarrier X4 asks you for each application that attempts

to connect to the Internet or other network. If you do not respond before the 90-

second time-out, the application will be allowed to access the Internet this time

only.



Ask (Deny on time-out)

If or you check this, Intego NetBarrier X4 asks you for each application that

attempts to connect to the Internet other network. If you do not respond before the

90-second time-out, the application will be denied access to the Internet, this time

only.

Options

The Options button in the lower left-hand corner of the Anti-Spyware pane allows you to

configure some general Anti-Spyware settings.

Filtering

Trust System Processes

Many parts of Mac OS X request Internet or network access. This ranges from

printing services and domain name resolution processes to services and processes

that check for software updates or synchronize your clock. To trust these processes,

and not be asked when they attempt to connect to the Internet or network, check the

Trust System Processes check box.



Alert

If you have chosen to have Intego NetBarrier X4 ask you when an application

attempts to access the Internet or another network, an alert displays.

This alert tells you that an application has requested a connection to a specific IP

address. A group of buttons allows you to choose how Intego NetBarrier X4 reacts.

Deny

If you check this, Intego NetBarrier X4 blocks network access for this

application. By pressing the Option key, the Deny button changes to Deny

Once, letting you Deny access for this one time. You will receive a new alert

the next time the application tries to access the network.

Allow

If you check this, Intego NetBarrier X4 allows network access for this

application this time and in the future, provided that the application uses the

port that you are currently allowing. If the application uses a different port in

the future, NetBarrier X4 will display a new alert asking you to Deny or Allow

network access.



If you press the Option key, the Allow button changes to Allow Once, letting

you Allow access for this one time. You will receive a new alert the next time

the application tries to access the network.

If you are not sure what the application is that is requesting Internet or network access, you

can move your cursor over the application name until the label highlights, opening a Finder

window that shows you where the application is located on your computer.

You may want to know the name of the domain that appears in the Alert window. By

clicking on the DNS lookup button (the ? ), you can toggle from the numerical IP address

to the actual domain name of the computer, if there is one.

In addition to or instead of displaying an alert window, you also have the options of having

the Alert text spoken and/or having a sound played. Check the box corresponding to the

alert option that you want to activate.

The Denied Connections Feedback option allows you to be informed when a connection

that you have chosen to Deny tries to access a network. You can be alerted by either a

Bezel Window, shown below and/or a sound.



Changing Application Settings

After you have chosen to allow or deny network access to any applications, you can change

these application settings if you wish. This shows a list of applications that Intego

NetBarrier X4 has asked you to allow or block, and which you have chosen to Allow, Deny

or Ask. (If you choose to allow a specific application just once, it will not be added to this

list.)

When you click on a specific application, the screen displays the ports that you have

allowed or denied

This list of ports contains three columns:

The first column, containing check boxes, indicates the port behavior that is

currently activated for the application. If the box next to a port is checked, the

behavior you have specified is active. If you want to deactivate this behavior, then

uncheck the box. You can reactivate it later by checking the box.



The second column, Ports, provides information on the ports that the application

uses to access the network. It tells you the port number, and, in some cases, the

protocol used and a brief description. You can add a port number, or a range of port

numbers, for example 110-123.

The third column contains one of two icons: a green, GO icon, indicates that

network access is allowed; a red, STOP icon, indicates that network access is

denied.

If you want to change an Allow setting to Deny, you can just click the green, GO

button, and it will turn to the red, STOP icon. You can also toggle from STOP to

GO in the same manner.

Adding Applications to the Anti-Spyware Application List

Intego NetBarrier X4 allows you to manually add applications to its application list, and

choose whether you wish to allow or deny network access to them.

To add an application, click the + button in the lower left-hand corner of the screen. A

standard Mac OS X Open dialog displays. Navigate until you find the application you want

to add, then click Add. When you add an application in this manner it is given allow status,

and all network access from this application is permitted. To change this setting, click one

of the options in the Undefined port behavior list (see above, Changing Application

Settings).

You can also add applications to the application list by dragging their icons into the

Applications tab. Locate an application and drag its icon into the Applications list.



Removing Applications from the Anti-Spyware Applications List

If you wish to remove an application from the Applications list, click one of the

applications to select it, then click the – button in the lower left-hand corner of the panel. A

window displays asking if you really want to remove this application from the list. Click

Remove to delete it, or click Cancel to leave it in the list.

Revealing Applications in the Finder

If you want to see where an application that is in the Applications list is on your computer,

hold down the Control key on your keyboard and click on the name of an application. A

contextual menu displays. Select Show in Finder, and a Finder window opens showing the

location of the application.



Privacy Filters

Intego NetBarrier X4's privacy filters examine both incoming and outgoing packets,

looking for specific types of data. There are several filters, each of which is designed to

protect your data or privacy, or help you surf the web faster.



Data Filter

The Data Filter ensures that any sensitive information you choose to protect cannot leave

your computer and go onto a network. You decide what to protect—your credit card

number, passwords, or key words that appear in sensitive documents—and Intego

NetBarrier X4's Filter checks each outgoing packet to make sure that no documents

containing this information are sent. Not only does this protect you from sending

documents containing this information, but it protects against anyone who has network

access to your computer from taking copies of them.

Remember that, if your computer is accessible across a network and other users have file

sharing privileges, it is possible for anyone with access to your computer to copy your files.



How the Filter Works

The Filter works in a very simple manner. Each unit of data you protect is called Protected

data. When data packets are sent from your computer to a network, whether it be a local

network or the Internet, they are all examined. If any of the Filter's protected data is found,

the packet is blocked.

Note: the Filter only works on data that corresponds exactly to the Protected data that you

set. For example, if you set Protected data for your credit card number (see below), Intego

NetBarrier X4 prevents its being sent out from your computer. But if you enter the same

number in a secure web page, your browser encrypts this number, and the data no longer

corresponds to the Protected data, and is therefore sent. The same is true for data that is

encoded or compressed.

Turning the Filter on

First, for the Filter to check for protected data, you need to turn it on. To do this, click On.

You can turn it off at any time, if you temporarily want to allow any of your protected data

to be sent, by clicking Off.



What to protect

The Filter is designed to protect sensitive information. You may want to protect different

types of information, depending on your needs and the type of data on your computer. Here

are some examples:

Credit card numbers

Even if you don't want to send your credit card number across the Internet, via web

servers or e-mail, you may have already sent faxes containing this number. If so, the

files you sent as faxes contain this number, and anyone could open the files and

copy it. Add your credit card numbers to the Filter list and they will not be able to

leave your computer and go onto a network.

Passwords

If you use the Internet or any other network, you probably have some passwords.

The more sites you use, the more passwords you have. Some users even have files

on their computers containing lists of their passwords. Add your passwords to the

Filter, and none of them will be able to leave your computer and go onto a network.

Note: if you store your passwords in the Mac OS X Keychain, they are encrypted,

and you do not need to protect them in the Filter.

Other sensitive information

You may have confidential files concerning projects or customers, contracts,

specifications or other sensitive information. You can easily choose to protect the

name of a project or customer, or add a key word to any of these files to make sure

that they cannot be copied across a network. You may also want to protect e-mail

addresses, social security numbers, phone numbers or other personal information.



Adding Protected Data to the Filter

To add Protected data to the Filter, click the + button in the lower left-hand corner of the

pane. A new pane with untitled data displays.

Enter a name for your Protected data in the Label field. You can select some of the most

common names from the popup menu next to this field. Then enter the actual text you wish

to protect in the second text field. This text is hidden by bullets. You must enter the actual

text a second time, in the Verify field. If the Protected Data and Verify fields do not match,

a window will display to inform you of this, giving you the choice of either resetting the

protected data, in which case you will have to retype both data fields, or clicking OK. If

you click OK, you will have to retype the verified protected data.

Note: You must enter your text exactly as it will be found in your documents for the Filter

to protect it. For example, a credit card number may be found as ####-####-####-#### or

as #### #### #### ####. If you protect only the first example, the Filter does not look for

the second one. Also, this data is case sensitive. If you need to protect a key word, such as a



project name, you must enter it in all possible cases: i.e., Marketing Study, marketing

study, MARKETING STUDY.

The section labeled Trusted Services allows you to choose to block data for all but the

selected services. To do this, click the + button. Then, enter the port number of the service.

You can add a port number, or a range of port numbers, for example 110-123. This data

will not be blocked for this service, and this service only. To add another service, repeat the

above operation. You can add as many services as you wish.

You can also drag and drop services from the Services Library. This is particularly helpful

if you do not know the specific port numbers you wish to add to the list. To open the

Services Library, go to the Firewall section, click the General tab, then click the Services

Library button in the lower right-hand corner. Select the desired service then drag it onto

the Trusted Services list.

Once you have finished entering this information, your data is protected.



Activating or Deactivating Protected Data Items

Each item of protected data appears on a line in the Data window. A check box at the left of

each line allows you to activate or deactivate the filter for each data item. When you add a

new data item, the box is checked, indicating that the filter is active for this item. If you

wish to send any protected data over the Internet or a local network, you must uncheck the

check box for the item in question.

You can also enable data filters for individual protected data items, or for all protected data

items, by holding down the Control key on your keyboard and clicking on the name of a

data item. A contextual menu displays.



Select Enable to enable protection for the selected data item, or select Enable All to enable

protection for all data items.

You can disable individual data items or all data items in the same manner.

Deleting Protected Data from the Filter

To delete Protected data from the filter, click the Protected data item you wish to delete,

and click the – button. A dialog asks if you really want to remove the Protected data; click

OK. The Protected data is removed. If you decide you do not want to delete this Protected

data, click Cancel.

Editing Protected Data in the Filter

You can edit Protected data in the Filter, either to make changes, or to change the services

for which it is allowed.

To edit Protected data in the Filter, click the Protected data you would like to edit. The

Protected data will display in the right-hand pane, and you can make any changes you want.



Filter Alerts

If the Filter detects that Protected data is leaving your computer, an alert displays.



This alert is similar to other Intego NetBarrier X4 alerts. You have the possibility of

ignoring the alert, or putting the host on the Stop List. If you click Ignore, Intego

NetBarrier X4 allows the data to be sent for 10 seconds, which is long enough for the file in

question to be sent. If you click Stop List, the host is added to the Stop List.



Banner Filter

If you click the Banner tab, the Banner filter screen displays. This is a list of rules that

Intego NetBarrier X4 uses to filter ad banners, helping you surf much faster. Ad banners

are graphic ads that are usually displayed at the tops of web pages. Intego NetBarrier X4

blocks these ads, and replaces them with transparent graphics. By filtering them, web pages

load much faster, and you are spared from seeing annoying advertisements.



Turning the Filter On

First, for the Filter to block ad banners, you need to turn it on. To do this, click On. You

can turn it off at any time, if you temporarily want to allow all hosts to be accepted by your

computer, by clicking Off.

Adding Rules to the Banner Filter

The filter already contains a set of rules, which is kept up-to-date when you update your

NetBarrier X4 Filters using NetUpdate X4, but you can easily add your own. To do this,

click the + button in the lower left-hand corner of the pane. A new line is added to the

banner list for you to edit.



The list contains four columns: a check box, URL Component, Comparator and Pattern. To

create an ad banner filter rule, select from the URL Component popup menu URL Host

Name or URL Path, then, select from the Comparator popup menu is or contains. Fill in

the URL text string that you want to block in the Pattern field. For example, if you want to

block ad banners from the host doubleclick.net, select URL Host Name contains, and

enter doubleclick.net in the Pattern field



Activating or Deactivating Banner Rules

Each banner rule appears on a line in the Banner window. A check box at the left of each

line allows you to activate or deactivate the filter for each banner rule. When you add a new

banner rule, the box is checked, indicating that the filter is active for this rule. If you wish

to stop blocking certain banners, you must uncheck the check boxes for the banners in

question.

You can also enable ad banner for an individual ad banner rule, or for all ad banner rules,

by holding down the Control key on your keyboard and clicking on the name of an ad

banner rule. A contextual menu displays.



Select Enable to enable protection for the selected ad banner rule, or select Enable All to

enable protection for all ad banner rules.

You can disable individual ad banner rules or all ad banner rules in the same manner.

A banner can be removed by choosing the Remove option in the contextual menu or by

clicking the – button in the lower left-hand corner of the Banner filter pane.

Note: when using the banner filter, you may find that you cannot access some web pages

correctly. If this is the case, try turning off the Banner filter; their URLs may contain texts

that are in one of the banner rules.



Cookie Manager

A cookie is a small file on your computer used by some web sites to record information

about you. Cookies can contain your user name and password for some sites, information

identifying you for e-commerce sites, as well as other information on your surfing habits

that you don't even know about. While cookies are not always bad (you cannot make

purchases from most web sites without them), some sites use them to track your behavior.

Intego NetBarrier X4 gives you detailed control over the cookies on your computer. You

can view, edit and delete each cookie on your computer, and delete all the cookie files if

you wish.



Intego NetBarrier X4 manages cookies for the following programs: Camino, Firefox, iCab,

Internet Explorer, OmniWeb, Opera, Safari, Sherlock BumperCar, wDesk, wKids and

wKiosk.

Deleting Cookies for a Specific Program

When you display the Intego NetBarrier X4 Cookies tab you can see a list of the programs

that have stored cookie files on your computer. If you click one of these names, the right-

hand section of the window gives you information on the program, the number of cookies

and domains, and the last time you deleted all the program's cookies.

To delete all the cookies for this program, click Delete All Cookies... A dialogue asks you

to confirm this deletion or cancel it. Note that if you delete all the cookies for a program

you will need to log in again to certain sites that store your user name and password in

cookie files.



Editing Individual Cookies

With Intego NetBarrier X4's Cookie Manager you can view and edit some aspects of

individual cookies. To do this, click the disclosure triangle next to one of the programs in

the cookie list to view the cookies in its file.

Then click one of the domains in the list that displays. This shows the contents of the

individual cookie.



As you can see in the above example, the cookie's contents are confusing, and this is often

the case. While you cannot edit the cookie value, you can change its expiration date and

time. To do this, move the cursor over the Expires label, which highlights.

Click this label, and select Extend or Shorten, then select a time value from the popup

menu.



Finally, click Apply to apply this change to the cookie.

Deleting Individual Cookies

In addition to deleting all cookies for a specific program, you can delete any cookie

individually. To do this, click the cookie to select it, then click Delete...

A dialogue asks you to confirm this deletion or cancel it.



Note: to delete a cookie, the program that uses this cookie must not be active. Quit the

program before deleting any cookies. If you try to delete a cookie while the program that

uses it is open, a message will appear telling you that you need to quit the program in order

to delete any cookies.



Cleaning Browser Files

Web browsers keep many files on your computer, even after you have stopped using them.

These files include temporary files in the browser's cache, and history files, which record

the web sites you have visited. These files can take up a lot of disk space. Intego NetBarrier

X4 lets you easily clean these files for each program that stores them on your computer.

When you click the Cleaning tab, Intego NetBarrier X4 displays a list of the programs on

your computer that have cache files and history files.

Intego NetBarrier X4 manages cache files for the following programs: Camino, Firefox,

iCab, Internet Explorer, Opera, Safari, Sherlock, Watson, BumperCar, wDesk, wKids,



wKiosk, Shiira, KidsBrowser and Internet Kiosk. Intego NetBarrier X4 manages history

files for the following programs: Firefox, Internet Explorer, Opera, Safari, iCab,

BumperCar, Shiira, wKids, wKiosk and wDesk.

To clean a program's cache files or history file, click the program's name in the program

list.

The right-hand section of the window shows the program's name and icon, the amount of

disk spaced used by the cache or history files, and the last time you cleaned these files. To

delete the selected files, click the Clean... button. A dialogue asks you to confirm this

operation or cancel it.



Surf Filter

Intego NetBarrier X4 has several features to help maintain your privacy when surfing the

Internet. The Surf tab displays a screen where you can choose specific options concerning

cookies and information about your computer.



Cookie Filter

In addition to the detailed cookie management features available from the Cookies tab (see

above), Intego NetBarrier X4 lets you only send cookies to specific domains that you

choose. If you check Only send cookies to the following servers, and other web sites send

cookies, your computer will not send back any information. Note: if this is checked, you

may have trouble accessing some sites that require user identification, and most e-

commerce sites.

To add a server to the Cookie filter list, click the + button. A dummy server address

(www.editme.com) displays.



Erase the dummy server address and enter the name of the server you want to allow cookies

to be sent to.

If you check this check box and leave the server address field blank, Intego NetBarrier X4

blocks all cookie requests to your computer.

Cookie Counter

Intego NetBarrier X4 can also count the number of cookies for all users on your computer,

if you check the Count the number of cookies received check box. This displays a

cumulative total of the number of cookies since the first NetBarrier X launch, or since the

last time you reset the counter.



You can reset this counter by clicking the reset button to the right of the number of cookies.

This resets the cookie counter for all users on your computer.

A dialogue asks you to confirm this operation or cancel it.

Information Hiding

All web browsers are set to reply to requests from web sites, telling which platform you are

using (Mac, Windows, Linux, etc.) and which type and browser version you are using.

Again, this can be useful (such as for sites with different versions for different browsers),

but you may find some sites that will not let you access them if you are on a Mac. Intego

NetBarrier X4 can "spoof" some information concerning your computer, that is, send false

information.



Intego NetBarrier X4 can reply to these requests, and send only generic information—it

replies that you are using Netscape, but with no version number or platform. If you wish

Intego NetBarrier X4 to do this, check the Hide information about my computer and

Internet Browser check box.

Some sites also request the last site you visited. Again, this can be useful (some sites want

to know where their users have come from), but unscrupulous sites might use this to follow

your browsing habits. By checking the Hide information on the last Web site visited

check box, Intego NetBarrier X4 prevents a reply from being sent to this type of request.



Monitoring

Intego NetBarrier X4’s Monitoring panel gives you detailed information on your

computer’s network activity.

Traffic

The Traffic tab of the Monitoring panel contains a set of activity gauges that inform you of

the type of network activity that is coming into and going out of your computer.



There are two rows of gauges—the IN gauges, shown in orange, show the amount of data

coming into your computer, and the OUT gauges, shown in green, show the amount of data

leaving your computer. The top number is the current throughput per second, and the

bottom is the total amount.

Selecting Activity Data Types

You can choose which type of data will be recorded for the first four pairs of gauges. To do

this, click the header over one of the gauges.



A popup menu displays showing several choices.

The following types of data can be recorded:

4D Server: 4D Server data.

Apple Rem. Desktop: Apple Remote Desktop data.

AppleShare IP: AppleShare IP data.

DNS: DNS data.

FileMaker: FileMaker Pro data.

FTP: FTP data.



Hotline: Hotline server data.

iChat/AIM/ICQ: Instant messaging data using iChat, AIM or ICQ.

iTunes Music Sharing: iTunes Music Sharing data.

Mail: E-mail data.

NetUpdate: Data for Intego's NetUpdate program.

News: Newsgroup data.

Retrospect: Retrospect data.

Telnet: Telnet data.

Timbuktu: Timbuktu data.

Web: Web access (HTTP) data.

WebSTAR 4 Adm: WebSTAR administration data.

WebSTAR V Adm: WebSTAR administration data.

Modify: Allows you to modify, add or delete data types (see

below).

The last two pairs of gauges are fixed, and show the following information:

Other: the amount of data for other protocols.

IP: the total amount of Internet Protocol data—the sum of

the first three gauges.



Adding Services to the Activity Gauges

You can add your own services to this list by selecting Modify... from the Activity Data

Type list. A Service List displays.

This list shows all the services available for the Activity Gauges. You can select a service

from the Name section and click OK to add it to the Activity Data Type menu.



You can also create your own services and add them to the Service List. Click the + button

below the Name section to add a new service. A new service line is added to the list.

Enter a name for the service then press Enter.



For this service to record data in the Activity Gauges, you must specify which port(s) it

uses. Click the + button under the Ports section to add ports to the service.

A new line displays at the top of the Ports section. Enter the port number or a range of port

numbers (for example, 110-123) for your new service, then press Enter. You can add more

ports by following the same procedure, and you can remove ports by clicking a port to

select it then clicking the – button.

You can also drag and drop services from the Services Library. This is particularly helpful

if you do not know the specific port numbers you wish to add to the list. To open the

Services Library, go to the Firewall section, click the General tab, then click the Services

Library button in the lower right-hand corner. Select the desired service then drag it onto

the Ports list.



Click OK to save the new service in the list.

Editing Services

You can edit the ports used for different services by the Activity Gauges by clicking a

service, then adding, removing or changing ports in the Ports section of the Service Editor.

Click OK to save your changes, or click Cancel to discard them.

Total Traffic graph

A bar graph showing total traffic is available in this window. When no network activity

occurs, this graph is empty, but when there is network activity, either over a local network

or the Internet, this graph will show the total activity.

The orange parts of the bars represent incoming traffic, and the green represent outgoing

traffic.



In addition, the scale of this graph is dynamic; it changes according to the amount of traffic.

In the above example, a network connection is active, and throughput ranges from 0 to

about 98 kilobytes per second. In the second example, below, the majority of the activity is

polling over a local network; the maximum traffic here does not exceed 1.5 kilobytes per

second.



If you place your cursor over this graph, a text displays showing the current actual data

throughput, which is updated every second.



To view individual graphs for incoming and outgoing data, double-click anywhere in the

graph. The graph window changes to show three graphs: one for incoming data, one for

outgoing data, and one for total traffic.

To return to the normal view, with a single graph and activity gauges, double-click again

anywhere in one of the graphs.



You can also change the type of data any of these graphs display by clicking All just above

the graph, and selecting a data type from the popup menu.



When the window displays three graphs, you can choose the scale for the In and Out

graphs. If you hold down the Control key on your keyboard and click anywhere in the In or

Out graph, a popup menu offers several options.

This lets you choose your maximal throughput and display graphs that are correctly scaled

for that throughput. Choose Dynamic Scale if you want the graph to change its scale

according to the data throughput.



Resetting the Activity Gauges

If you click the Reset button, the totals beneath the gauges are all reset to zero.

When you reset the activity gauges, an alert displays asking you to confirm clearing the

gauges. This ensures that you do not accidentally reset the activity gauges. If you wish to

reset the activity gauges, click Reset. If not, click Cancel.



Viewing the gauges as a palette

If you click the window's resize button

the Intego NetBarrier X4 window collapses and the activity gauges display as a horizontal

palette.



If you click the resize button while holding down the shift key, the palette displays

vertically. This can be useful if you want to keep an eye on your network activity, and wish

to leave these gauges visible. To return to the main Intego NetBarrier X4 window, click the

resize button on the palette.



Using the NetBarrier Monitor Application

When you install Intego NetBarrier X4, the program also installs an application called

NetBarrier Monitor. You can find this program in your Applications folder.

The NetBarrier Monitor application provides a small, floating window that lets you keep an

eye on network activity at all times, without needing to display the entire Intego NetBarrier

X4 activity gauge palette.

When you open NetBarrier Monitor, it displays its activity gauge window in the bottom-

right corner of your screen.



By default, NetBarrier Monitor displays the total network traffic for all services. You can

change this display by clicking All at the bottom of the NetBarrier Monitor window, and

selecting a service from the popup menu.

If you hold down the Control key on your keyboard and click anywhere in the NetBarrier

Monitor window, a popup menu offers two options.

You can quit NetBarrier Monitor by selecting Quit.

You can also choose to have NetBarrier Monitor display its activity gauges in the Dock by

selecting Show in Dock. If you do this, the NetBarrier Monitor window closes, and the

program's Dock icon changes to show its activity gauges that are updated in real time.

To return NetBarrier Monitor to its window, hold down the Control key, click on the

NetBarrier Monitor Dock icon, and select Show in Window.



When NetBarrier Monitor displays in the Dock, you can change its display by holding

down the Control key, clicking on its Dock icon, and selecting a different service from its

Dock menu.

And to have easy access to NetBarrier Monitor, you can select Keep in Dock from this

menu; this keeps the NetBarrier Monitor icon in the Dock, even when the program is not

running, so you can open it just by clicking its Dock icon.



NetBarrier Monitor Preferences

Two Preferences are available for NetBarrier Monitor. To set them, go to NetBarrier

Monitor > Preferences.

� Show on top of other windows

If checked, the NetBarrier Monitor gauges will always be displayed in the

foreground, on top of all other windows.

� Make transparent to mouse clicks

If checked, the NetBarrier Monitor gauges will be transparent, or invisible,

to mouse clicks. You will not be able to move the gauge window or change

the services you are monitoring.



The NetBarrier Monitor Widget

Intego NetBarrier X4 installs the NetBarrier Monitor widget that loads into the Mac OS X

dashboard (Mac OS X 10.4 Tiger and higher only) to shows you network activity at all

times.

To display the NetBarrier Monitor widget, open Mac OS X’s Dashboard. Click the + button

to display all the widgets available on your computer. Select NetBarrier Monitor from the

list. Its icon looks like this:

Once you click it, and it is added to your active widgets, you will see the following pair of

gauges. You can change the type of activity displayed using the list available at the below

the gauges. For more information, see Chapter 5, Using the NetBarrier Monitor

Application.



The Intego NetBarrier X4 Monitor Screen Saver

Intego NetBarrier X4 installs a screen saver on your Macintosh. This screen saver gives

you an overview of network activity. Even when you're not working, you can keep an eye

on what's entering and leaving your Mac. In addition, if your Macintosh is running as a

server, this screen saver gives you an overview of its network activity.

To use the Intego NetBarrier X4 screen saver, open the System Preferences from the Apple

menu, click on Desktop & Screen Saver, and click the Screen Saver Tab. Select

NetBarrierSaver in the screen saver list.



To configure the screen saver, click Options. You can choose the order in which services

are displayed.

Drag them in the order you want.



The number of services displayed depends on your screen resolution and the number of

screens you have.

For more on screen saver settings, see the Mac OS X help.



Services

This section lists any services currently running on your computer that are accessible to

other users via the Internet Protocol, such as a web server, mail server, etc. For each port

being used, the following information is shown: the protocol (TCP or UDP), the local port

number, the remote port, according to the protocol it represents, if it is a standard protocol

(for example, port 21 is FTP), the remote address, that is the IP address of the connection,

and the status of the connection. To obtain the names of the ports, in addition to their

numbers, click the Display Port Names check box in the lower right-hand corner.

Since the list of ports used by all services can be long, NetBarrier X4 provides filters to

allow you to view ports used by specific services. You can choose from File Sharing,

iPhoto Sharing, iTunes Sharing and Web Sharing, or you can create your own filters.



To create a filter, click the + button in the lower left-hand side of the panel. The Smart

Filter window displays. First specify if you want the new filter to match any or all of the

conditions you will be specifying.

Next, choose on from the popup menu the type of information that you want the filter to act

on, then supply the corresponding information.

To add more conditions to the filter, click the + button at the right of the window.

Inversely, you can remove conditions by clicking the – button next to the condition to be

deleted. You can also modify filter conditions by simply changing the popup menu option

or typing the new data into the data fields.



When you finish creating your filter, click OK to save it. You will need to type a name for

the filter in the Services list. If the untitled filter is not already selected, double-click on it

to type its new name.

Network

This panel provides useful information about your computer and its network configuration.

It shows the name of the computer, its IP address, if Bluetooth hardware is available and if

it is turned on. You can click on the column headings to change the list’s sort order. If you

click Computer Name, you have the possibility to modify the name of your computer.

Clicking Modify… opens up the Sharing pane in the System Preferences where you can

change your computer name.



The Computer Network Addresses section shows you all the IP addresses that are active on

your computer—if you have several network adapters with different addresses, or are

running several servers. It also tells you their Subnet Mask, Ethernet ID and Interface.

If you click Computer Network Addresses, the text becomes highlighted and three options

appear in a popup menu:



Show outside IP

This option shows the outside IP address that your computer uses when it connects

to the Internet or other networks in large type. This address is different from what

Intego NetBarrier X4 displays on this pane if you have a router, or cable or DSL

modem.

Show History

This shows the history of your computer's IP addresses. This displays a list showing

the different IP addresses attributed to your computer by your ISP, if you have

dynamic IP addressing. However, if you have a router, or a cable modem, this only

shows the IP address your computer uses internally.



Modify

When you click Modify… the System Preferences Network pane opens. You can

change your computer’s network addresses in this pane. For more on Network

settings, see the Mac OS X help.

If you click the IP address label, the popup menu that displays offers additional options.

If you select Copy IP Address to Clipboard, this copies your IP address to the clipboard and

you can paste it to other applications.

If you select Large Type from the label popup menu for IP address, Subnet Mask, Ethernet

ID or Interface, Intego NetBarrier X4 displays this information in large type in front of the

Intego NetBarrier X4 application. To remove this display, click anywhere.

AirPort

The lower part of the Network pane provides an overview of the AirPort and wireless

networks that are available within the vicinity of your computer, if your computer has an

AirPort card and if AirPort is turned on. If this is not the case, you will not be able to see

any of these networks.



The list contains five columns. You can click on the column headings to change the list’s

sort order

The first column of this section contains either a padlock or nothing. If there is a padlock,

then access to this AirPort network is protected, and you need a password to connect to it.

If there is no padlock, the network does not have password protection. It may however have

other means of controlling access to its network.

The Name column contains the name of the AirPort or wireless network. If you are

connected to one of these networks, it will be displayed in bold type.

The Channel column tells you which network channel the wireless network is using.

The Ethernet ID column provides the ethernet address of the AirPort or wireless base

station.

The Signal column indicates the signal strength of the network. The greater the number of

bars displayed, the stronger the signal your computer receives.



Whois

Intego NetBarrier X4 allows you to look up domain names and Internet IP addresses using

its built-in Whois tool. To do this, enter a domain name or IP address in the Domain field,

then click the Whois button. The text field below gives you information about the domain.

Intego NetBarrier X4 has five default Whois servers, but you can change these or add

others. To find out how to add Whois servers, see chapter 6, Preferences and

Configurations.



Traceroute

When you send or receive data over the Internet, or other networks, your data is sent in

packets from host to host until it reaches its destination. Data can make dozens of hops

along its route, and Intego NetBarrier X4's Traceroute function can help you see exactly

how your data gets to its destination. This is especially useful when you are having

problems accessing a specific host, to see where the data is blocked—when this happens, it

usually means a key host or router is not functioning.

To run a traceroute, enter an IP address or a domain name in the Network address field,

then click Trace. If you enter a domain name, Intego NetBarrier X4 resolves this and

displays the actual IP address.



The traceroute window then shows all the hops between your computer and the final host.

For each hop, Intego NetBarrier X4 displays the hop number, the IP address, the host name,

the response time, and the number of pings that succeed or fail. Successful pings are

displayed by green circles, and failed pings are displayed by red Xs. For each hop, Intego

NetBarrier X4 sends three pings. Note that if you have a router on your network, it may not

respond to the traceroute request, and may display as failed requests. This won't prevent the

rest of the traceroute from being executed.

After your traceroute has completed, you can see a visual display of the route your data

takes by clicking Show on Map. This shows a world map with lines connecting each hop,

and numbers showing their position on the path.

When you have finished, click Close to close the map.



NetUpdate

NetUpdate is an application that Intego's programs can use to check if the program has been

updated. This application is installed at the same time as Intego NetBarrier X4 or other

Intego programs. It checks updates for all of these programs at the same time, and

downloads and installs those for the programs installed on your computer.

The NetUpdate pane gives you information on your installed version, the last time

NetUpdate checked Intego's server for updates, and your subscription limit. To check for

updates, click Check now... NetUpdate will open and check for updates.

For more on using NetUpdate, see the NetUpdate User's Manual.

Chapter 6 — Preferences and Configurations


6—Preferences and Configurations



Intego NetBarrier X4 Preferences

Preferences for several of Intego NetBarrier X4’s functions are available from the

NetBarrier Preferences screen. To view this screen, select Preferences from the Intego

NetBarrier X4 menu.

Modem

You can provide total security for your modem with this option. To do this, click the

Modem button on the Preferences screen. It may prevent your modem from answering any

calls. To secure your modem, click the Secure now button. To reset your modem, if you

have secured it, click the Reset button.

Intego NetBarrier X4 secures your modem, blocking incoming calls, so it is fully protected.



Log Export Preferences

You can set Intego NetBarrier X4 to export the Log at regular intervals. To do this, click

the Log button on the Preferences screen.



Export Log Data

If you wish to have your log exported at regular intervals, you can select from 5 options. By

default, this is set to Never.

Never

The log data is never exported.

Every week

The log data is exported once a week, at 00:00 on Monday. If the computer is not on

at this time, it is exported at the next restart.

Every day

The log data is exported once a day, at 00:00. If the computer is not on at this time,

it is exported at the next restart.

Every hour

The log data is exported once an hour, on the hour.

Customized

If you check this option, you can choose a custom interval to have your log data

exported. You can enter the number of units you want, and select Months, Days,

Hours or Minutes from the popup menu.



Log Export Format

Logs can be exported in six formats. Click the Format popup menu to select the export

format.

You can choose from the following formats:

Expert HTML

This is the log in HTML format with additional columns. It shows the same

information as the log when in Expert mode.

Expert Text

This is the log in text format with additional columns. It shows the same

information as the log when in Expert mode, and has tabs separating the columns,

so it can be easily imported into a spreadsheet.

HTML

This is the log in HTML, which is readable by any web browser, and is presented in

table form.

Analytic

This is similar to Expert Text format, without tab separators, but with labels in front

of some fields.



Text

This is the log in text format, which can be read by any word processor.

Who's there?

This format saves the log as a text file, with the following information:

DATE: The date of the connection.

TIME: The time of the connection.

RESULT: The result of the connection.

HOSTNAME: The host IP address.

SERVER_PORT: The server port used for the connection.

METHOD: The type of connection; TCP or UDP.

Destination

You can select the folder where log export files are saved. By default, they are saved in the

/Library/Logs/NetBarrier folder. If you wish to have these files saved in another folder,

click the Other... button and navigate until you get to the folder you wish to use. Then click

Select to use this folder. You can also create a new folder by clicking New Folder in the

dialog box. Name this folder as you wish, and click Create.

Note: If you are using Web Sharing, you can export the log into a shared folder, providing

access to this file from a remote computer.



Log Recording Options

Intego NetBarrier X4's log offers the possibility of displaying several types of information.

You control the display on the Log pane. To control which types of information are

recorded in logs that you export, choose from three options here:

FrontEnd Startup and Quit

This records general Intego NetBarrier X4 activity, such as Intego NetBarrier X4

startup and quit.

Denied connections

This records all connections that are denied.

Incoming data blocked by the Stop List

This records all incoming data, attacks or intrusion attempts that are blocked by the

Stop List.



Traffic Export Preferences

You can set Intego NetBarrier X4 to export traffic data at regular intervals. To do this, click

the Traffic button on the Preferences screen. This screen also gives you several options for

managing traffic data.



Export

If you wish to have your traffic data exported at regular intervals, you can select among 5

options. By default, this is set to Never.

Never

The traffic data is exported.

Every week

The traffic data is exported once a week, at 00:00 on Monday. If the computer is not

on at this time, it is exported at the next restart.

Every day

The traffic data is exported once a day, at 00:00. If the computer is not on at this

time, it is exported at the next restart.

Every hour

The traffic data is exported once an hour, on the hour.

Customized



If you check this option, you can choose a custom interval to have your traffic data

exported. You can enter the number of units you want, and select Months, Days,

Hours or Minutes from the popup menu.

Traffic Data Export Format

Traffic data can be exported in two formats: text and HTML. If you select Text, they will

be saved in a file that can be read by any word processor. If you select HTML, files are

readable by any web browser, and are presented in table form.

Traffic Data Export Location

You can select the folder where traffic export files are saved. By default, they are saved in

the /Library/Logs/NetBarrier folder. If you wish to have these files saved in another folder,

click the Select... button and navigate until you get to the folder you wish to use. Then click

Select to use this folder. You can also create a new folder by clicking New Folder in the

dialog box. Name this folder as you wish, and click Create.

Note: If you are using Web Sharing, you can export the traffic data into a shared folder,

providing access to this file from a remote computer.



Resetting the Gauges after Export

If you check this button, your activity gauges will be reset to zero after each export.

IP Traffic Alert

Intego NetBarrier X4 has a setting that allows you to monitor the amount of data entering

or leaving your computer. This can be very useful if you have an Internet access account

with uploading or downloading restrictions.

If you check this option, Intego NetBarrier X4 displays a warning when your traffic

exceeds the amount you have selected. You can choose to have a warning for Incoming,

Outgoing or Total traffic, and you can choose the amount of the threshold, in kilobytes,

megabytes or gigabytes.



Whois

Intego NetBarrier X4’s Whois function allows you to search for information on domain

names and IP addresses. Four Whois servers are preset in this pane, and they are queried in

the order shown in this panel.



If you wish to change their order, you can do so by selecting one of the servers and

dragging it to a new location.

You can activate or deactivate the Whois servers in this panel. To deactivate a server,

uncheck its check box. To activate a deactivated server, check its check box.

You can also add new Whois servers. To do this, click the + button. A new line is added to

the list with a dummy server address highlighted. Type in the name of the new Whois

server you wish to add.

To remove a Whois server, select it by clicking it, and click the – button. A dialogue box

asks you to confirm this removal or cancel it.



Advanced Options

Three options are available in the Advanced panel of NetBarrier Preferences.

Configuration

Clicking the Revert to Default… button allows you to set NetBarrier X4 to its default

configuration: Client, local server mode for the Firewall, with Antivandal and Privacy

functions disabled. You will need an administrator’s password to activate this

configuration. It is recommended to export your current NetBarrier X4 settings (File >

Export settings…) before reverting to Default settings in case you want to recover these

settings at a later date.



Protection

Clicking the Disable NetBarrier... button will completely disable NetBarrier X4, including

the Log feature. You will need an administrator’s password to do this. Once NetBarrier X4

is disabled, the button changes to Enable NetBarrier… Click it and enter an administrator’s

password to Enable NetBarrier once again. If you restart your computer, NetBarrier X4 will

automatically be enabled.

Setup Assistant

Clicking the Show Assistant… button will launch NetBarrier X4’s Setup Assistant. See

chapter 4, Quick Start for more information.

About Intego NetBarrier X4

If you select About NetBarrier… from the NetBarrier menu, a window displays showing

some information about Intego NetBarrier X4, such as the version number, and your

support number (a number you will need for technical support),

If you click the Support # link, you can write an e-mail message to Intego Technical

Support.



Configuration Manager

Intego NetBarrier X4 gives you the possibility of saving as many configuration sets as you

want. Each configuration set contains all the settings and preferences you have applied to

Intego NetBarrier X4. You can make sets for different locations, if you have a laptop—one

set for office use, another for home use. You may want to have one set that includes

additional protection for the times your computer is used as a server, and another for when

it is a client. You may also want a specific set for less protection when you are connected to

a local network, and additional protection when you are surfing the web. You may want to

have a set that sends you e-mail messages when any intrusions occur, for when you are not

at your computer.

Selecting the Active Configuration

To select a configuration set, select Configurations... from the File menu. A dialog box

displays.



Select the set you wish to activate, and click Select. If you decide you do not want to

activate this set, click Done, or select a different set.

Adding Configuration Sets

To add a configuration set, select Configurations... from the File menu. A dialog box

displays.

To create a new configuration set, you first need to copy an existing set, and rename it. To

do this, click one of the sets in the list, and then click Duplicate. A new configuration

appears in the list:



Enter the name for your new set. If you want to change the icon, click the Edit… button and

locate the image you want to use for the set’s icon. You can add information about this

configuration in the Notes section.

Now that you have a new configuration set, activate it by clicking Select. The

Configuration Manager will close.

You can now make any changes to the NetBarrier X4 configuration that you want, and they

are saved under the current set. To return to another set, open the Configuration Manager

and select it from the list of configuration sets. You can also select another configuration

set from the Configurations list in the Intego menu in the menu bar.

Deleting Configuration Sets

To delete a configuration set, select Configurations... from the File menu. A dialog box

displays. Select a set by clicking on one of the sets in the list, and then click the – button in

the lower left-hand corner.

A dialog box asks if you really want to remove this set. Click Remove. If you decide you

do not want to remove this set, click Cancel.



Renaming Configuration Sets

To rename a configuration set, select Configurations... from the File menu. A dialog box

displays. Select a set by clicking on one of the sets in the list, and then enter the new name

in the Name field on the right side of the page.

Type the new name for your set, then hit the Enter key. If you are finished with your

changes, click Done to exit the Configuration Manager.



Exporting Settings

You can save all your Intego NetBarrier X4 settings in a special file that you can then use

to import these settings into another copy of Intego NetBarrier X4. This is especially useful

if you manage many computers and want to use the same settings for all of them.

To export your settings, select File > Export Settings... A dialog box asks you to name the

settings file and choose a location to save it. Click Export when you have finished.

Importing Settings

If you have exported settings from one copy of Intego NetBarrier X4 (see above) you can

import them into another copy of the program.

To import settings, select File > Import Settings... A file dialog asks you to locate the

settings file. Once you have located the file, click Import and these settings are immediately

applied to Intego NetBarrier X4.

Chapter 7 – Customized Protection


7—Customized Protection



Using Intego NetBarrier X4’s Customized Mode

Additional options concerning Intego NetBarrier X4's Firewall feature are available in

Customized mode. All the other features function in the same manner as presented above.

Customized protection gives access to Intego NetBarrier X4's most powerful functions, by

allowing you to configure its Firewall rules as precisely as you wish.

Important: Intego NetBarrier X4's Customized protection should only be used by

experienced network administrators. Incorrectly setting its options may disrupt your

network activity.



User-configurable Firewall Options

Intego NetBarrier X4's Firewall allows you to create rules that examine incoming and

outgoing data for specific sources, destinations and services, and act according to your

choices. Your rules can be wide, such as preventing any incoming traffic from connecting

to your computer, or precise, such as preventing incoming traffic from a specific host from

connecting to a specific service on your computer.

Rule Order

Rules added to the Firewall function from the first to the last. This means that you need to

make sure that your rules are in the correct order to function correctly.

In this example, the first rule blocks data coming from the Internet (which includes all

networks, even a local network). Rule 3, however, allows traffic from a local network, but

since it is in 3rd position, it is not applied; the 1st rule takes precedence. For rule 3 to be

applied, it needs to be moved to the top of the rule list. To do this, select the rule, and slide

it above the rule you want to place it in front of.



Creating Rules with the Assistant

Intego NetBarrier X4 contains an assistant to help you create your own custom firewall

rules. With this assistant, you can create your own rules with just a few mouse-clicks.

While not all of Intego NetBarrier X4's rule features are available when you create rules

with the assistant, it can cover most of your needs for firewall rules. If you need more

customization, you can create rules using the assistant then edit them manually.

The Intego NetBarrier X4 Assistant walks you through a series of steps to create your rule:

� Name and Behavior

� Direction

� Service

� Duration

� Options

� Conclusion

To create a new rule using the assistant, click the Assistant button.



The first assistant screen displays.

Click the right arrow to begin creating a new rule. You can click the left arrow at any time

to return to previous screens.

Or click Close to exit the Assistant.



Name and Behavior

This screen lets you choose a name for your rule and its behavior.

Enter a name for your rule in the name field, then select the behavior for the rule: Allow

data or Deny data. If you select Allow data, the rule will allow data matching its direction

and service to pass. If you select Deny data, the rule will block data matching its direction

and service.

Click the right arrow to go to the next screen.



Communication Direction

This screen lets you choose the communication direction and which host initiates the

communication.

First, in the This rule will affect connections with: section, select a remote host. You have

four choices for the remote host:

Any other computer

This is any computer other than your Macintosh.



Computers on my local network

This is any computer on the same local network as your Macintosh.

Computers on the default AirPort network

This is any computer on your default AirPort network, if you have one.

Computers on this custom network

If you have created any custom networks using the standard rule editor, you can

select one of them here.

Next, select the computer that initiates the connection:

My Macintosh

This is your Macintosh, the computer using this rule.

The other computer

This is the remote host defined in the first part of this screen.

When you have finished, click the right arrow to go to the next screen.



Service

This screen lets you choose the service that the rule affects.

You can choose from three types of services:

All services

This is all network services.



TCP services (connected services)

These are services that require a connection open and maintained between two

computers, such as HTTP, FTP, TELNET, SSH, POP3, AppleShare, etc. This

covers all TCP connections.

This service

You can choose from a list of services that correspond to popular applications and

protocols. Select the service you want to use by clicking its name in the list.




Options

This screen lets you choose additional options for your rule.

Two options are available on this screen:

Log rule usage

If you check this option, the firewall records each time this rule is used in its log.

Disable the rule

If you check this option, Intego NetBarrier X4 creates the rule but disables it. You

can enable it manually later.




Conclusion

This screen creates the rule according to the settings you have selected in the assistant.

This screen offers one final option: if you check Create a rule in the opposite direction,

the assistant creates a matching rule with the source and destination switched.

Click Create to create your rule and exit the assistant.



When you have finished, you will see that your rule (or rules, if you checked Create a rule

in the opposite direction) displays in the Intego NetBarrier X4 list of firewall rules.

If you wish to further customize the rule, or edit it, see below, Editing Rules.



Creating Rules

You can also create individual rules using the Rule Editor. Click the + button and the Rule

Editor displays.

Intego NetBarrier X4's Rule Editor allows network administrators to quickly and easily

define and implement a comprehensive security policy. It is extremely flexible, and allows

you to define an unlimited number of rules.



The Rule Editor is a simple interface for creating rules. You can also use it to modify

existing rules. You can create a new rule in seconds. To create a rule, you need to specify

five things:

� The Source

� The Destination

� The Service

� The Interface

� The Action

At the top of the Rule Editor box is a field where you can name this rule. Just below it is

the Log check box. If this is checked, any time this rule acts, an entry is added to the log. If

it is not checked, this rule is not logged.

Also, if the Log check box is checked, the Stop Evaluating Rules check box will be active.

If you check this box, and the rule is activated, the rules following this one are not

evaluated. See below, Using the Stop Evaluating Rules function, for more on this

function.



Click the Edit… button to edit the Schedule. The Schedule window displays.

The Default rule state is set to Enabled, which means that your rule is activated. If you set it

to Disabled, Intego NetBarrier X4 does not use this rule. You may want to have certain

rules active in one configuration, and not another. For more on using configuration sets, see

chapter 6, Preferences and Configurations.

If your Default rule state is enabled, it is possible to set specific times for the rule to be

disabled. If your Default rule state is disabled, it is possible to set specific times for the rule

to be enabled. By default, this is set to Never, meaning that your Default rule state will

never change. If you wish to have the rule enabled or disabled at certain times, click the

popup menu for either Enable rule or Disable rule, depending on which Default rule state

you have chosen, and select one of the time intervals in the list.

Three options are available in addition to Never. Every Week and Every Day allow you to

specify to disable or enable the rule on a recurring basis at fixed times every week or every

day, or on specific days of the week only.



You can also choose to disable or enable it for a specific period of time by choosing From

in the popup menu. In this case you must set the date and time that you want the rule to

start to be active in the From field. Set the date that you want the rule to expire in the to

field.

You can schedule additional times for rules to be enabled or disabled using the + button.

For example, if you need a rule to be disabled only on Mondays and Tuesdays, you can set

these two days in the Schedule window. To remove a scheduled time from the list, click the

– button next to the time that you no longer want to use to disable the rule.

Scheduled rules are displayed with a calendar icon in the rule list.



Sources

The Source, for a rule, is the entity that sends data. You can choose from four sources for

any rule. You may notice that Intego NetBarrier X4 will not allow you to choose the same

source and destination in a rule.

There are four sources available by default:

My Macintosh

This is your computer.

Local Network

This is a local network that your computer is connected to.

AirPort Network

This is a wireless AirPort network that your computer is connected to.

Internet

This is the Internet, in addition to any local network you may be connected to.

Selecting Internet actually means all networks.



Creating new sources

You can create new sources to use in your rules. This allows you to specify exactly which

computers you wish to have your computer communicate with.

To create a new source, click the + button to the right of the Source popup menu

The New Network editor displays.



To create a new source, enter the following information.

Source name

You may give the source any name you wish, by entering a name in the Name text field.

Source part

Sources can have several parts. You can, for example, select several specific IP addresses

and include them in a given source. See below, Address for more on addresses.

Adding parts

To add a part, click the plus icon in the part section of the Network Editor.

Moving from one part to another

You can move from one part to another by clicking either of the arrow icons, to

move either forward or backward.

Deleting parts

To delete a part, it must be displayed. Click one of the arrow icons until the part you

wish to delete is displayed. Click the - button. A dialog box displays, asking if you

really want to remove this part. Click Remove to remove the part, if not, click

Cancel.



Type of network

A pop-up menu lets you select from six types of network.

Anywhere

This is any network.

My Macintosh


My local network

This is the local network your computer is connected to.

Machine

This is a specific IP address.

Network

This is a specific network, identified by its IP address and Subnet mask.

Address Range

This is a group of IP addresses, delimited by beginning and ending addresses.



Type

Depending on the type of network you select, the address section of the Network Editor

will be different.

Anywhere

If you select this type of network, there is nothing to enter in the Address section,

since this source covers all networks.

My Macintosh

If you select this type of network, the IP address of your computer displays in the

Address field.

My local network

If you select this type of network, the beginning and ending addresses of your local

network display in the Address field.

Machine

If you select this type of network, you must enter the IP address of a specific

computer in this field.

Network

If you select this type of network, you must enter the Subnet IP address and Subnet

mask of the network you wish to use.

Address Range

If you have selected this type of network, you must enter the beginning and ending

IP addresses of the networks you wish to use.



Deleting Sources

You can delete any sources that you have created. To do so, select the source, and then

click the – button.

A dialog box displays, asking if you really want to remove that network. Click Remove to

delete the source network, if not, click Cancel.



Destinations

The destination, for a rule, is the entity that data is being sent to. You can choose among

four destinations for any rule. You may notice that Intego NetBarrier X4 will not allow you

to choose the same source and destination in a rule.

There are four destinations available by default:

My Macintosh


Local Network

This is a local network that your computer is connected to.

AirPort Network

This is a wireless AirPort network that your computer is connected to.

Internet

This is the Internet, in addition to any local network you may be connected to.

Selecting Internet actually means all networks.



Creating new destinations

You can also create new destinations to use for your rules. This allows you to specify

exactly which computers you wish to have your computer communicate with. This is done

in the same manner as creating sources.

To create a new destination, click the + button to the right of the Destination popup menu.

The New Network editor displays.



To create a new destination, enter the following information.

Destination name

You may give the destination any name you wish, by entering a name in the text field.

Destination part

Destinations can have several parts. You can, for example, select several specific IP

addresses and include them in a given destination. See below, Address for more on

addresses.

Adding parts

To add a part, click the + button in the part section of the New Network editor.




Deleting parts


wish to delete is displayed. Click the – button. A dialog box displays, asking if you


Cancel.



Type of network

A pop-up menu lets you select from six types of network.

Anywhere

This is any network.

My Macintosh


My local network

This is the local network your computer is connected to.

Machine

This is a specific IP address.

Network

This is a specific network, identified by its IP address and Subnet mask.

Address Range

This is a group of IP addresses, delimited by beginning and ending addresses.



Address

Depending on the type of network you select, the address section of the New Network

editor will be different.

Anywhere

If you select this type of network, there is nothing to enter in the Address section,

since this source covers all networks.

My Macintosh

If you select this type of network, the IP address of your computer displays in the

Address field.

My local network

If you select this type of network, the beginning and ending addresses of your local

network display in the Address field.

Machine

If you select this type of network, you must enter the IP address of a specific

computer in this field.

Network

If you select this type of network, you must enter the Subnet IP address and Subnet

mask of the network you wish to use.

Address Range

If you have selected this type of network, you must enter the beginning and ending

IP addresses of the networks you wish to use.



Deleting Destinations

You can delete any destinations that you have created. To do so, select the destination, and

then click the – button.

A dialog box displays, asking if you really want to remove that destination. Click Remove

to delete the destination, if not, click Cancel.



Services

There are many services available by default:



All

If this is selected, the rule is active for all types of service.

Mail

If this is selected, the rule is active for e-mail only.

FTP

If this is selected, the rule is active for ftp only.

Web

If this is selected, the rule is active for HTTP, or web access, only.

Connected services

If this is selected, the rule is active for TCP services only.

Well Known Ports

If this is selected, the rule is active for well-known ports, which are ports used by

common applications.

The remaining services are for specific programs or protocols.



Creating New Services

You can also create new services to use for your rules. This allows you to specify exactly

which services you wish to have your computer accept or use. This is done in the same

manner as creating sources.

To create a new service, click the + button to the right of the Service popup menu. The

New Service editor displays.



To create a new service, enter the following information.

Service name

You may give the Service any name you wish, by entering a name in the Name text field.

Service part

Services can have several parts. You can, for example, select several specific services and

include them in a given rule.

Adding parts

To add a part, click the plus icon in the part section of the Service Editor.




Deleting parts




Cancel.



Protocol

Four different protocol suites can be selected from the pop-up menu: TCP, UDP, ICMP and

IGMP. You can also select Any, which covers all protocols.

When you select one of these protocol suites, additional options display in the bottom

section of the panel, with a list of services that you can select from. The options depend on

the protocol you have selected. For more information on these protocols and services, see

chapter 9, Glossary.

Port or Type

There are two possibilities when selecting the Port, for TCP or UDP services, or

Type, for ICMP or IGMP services.

Any port or Any type

If this is selected, the rule is active for all ports, or types.

Specific port or Specific type

You can also specify the port number, or type. Selecting different services

automatically inserts their standard port numbers in this field. If you need to use a

different port number, you can enter it manually.



Range of ports

For TCP and UDP services, you can also enter a range of ports. If you select Range

of pots, you must enter the lowest and highest port numbers you wish to use in the

From Port and to Port fields.

Allow Broadcast packets

If this is checked, broadcast packets, which are packets sent to all computers on a local

network, are included in this service.

Destination Port

This option is available for the UDP protocol. If it is checked, packets are filtered in

function of the Destination Port. If left unchecked, packets are filtered in function of the

Source Port.

Deleting Services

You can delete any services that you have created. To do so, select the service, and then

click the trashcan icon.

A dialog box displays, asking if you really want to remove that service. If so, click OK. If

not, click Cancel.



Interfaces

The interface, for a rule, is the network adapter that the data passes through. This can be an

Ethernet card, a wireless AirPort card, a PPP connection or any other type of network

interface. You can choose from the interfaces that exist on your computer, or you can create

your own interfaces.

Type of Interface

A pop-up menu lets you select from your available network interfaces. This menu may

include any or all of the following.

Any

This is any type of interface on your computer.

Built-in Ethernet

This is your built-in Ethernet card, if you have one.

AirPort

This is your AirPort card, if you have one.



Creating New Interfaces

You can create new interfaces to use in your rules. To create a new interface, click the +

button to the right of the Interface popup menu.

The New Interface editor displays.

To create a new interface, enter the following information.

Interface name

You may give the interface any name you wish, by entering a name in the Name text field.

Interface part

Interfaces can have several parts. You can, for example, include several interfaces in your

custom interface, ensuring that a given rule acts on more than one interface at a time.



Adding parts

To add a part, click the plus icon in the part section of the Network Editor.




Deleting parts




Cancel.



Type of Interface

A popup menu lets you select either Any or Custom. If you want to create a custom

interface, select Custom.

Select the name of your interface and enter its number, then click OK to save this interface.

Deleting Interfaces

You can delete any interfaces that you have created. To do so, select the interface, and then

click the – button.

A dialog box displays, asking if you really want to remove that interface. Click Remove to

delete the interface, if not, click Cancel.



Actions

Two actions are possible for any rule: Allow or Deny. Select the action you wish to use for

your rule by checking the appropriate radio button, at the bottom of the Rule editor

window. Click OK to add this rule to your NetBarrier X4 firewall rules.

Services Library

Rules can also be created using the Services Library. You can display the Services Library

by clicking its icon in the lower right-hand corner of the Firewall section.

The Services Library window opens and displays a list of various services that can be used

by your computer. You can use the dropdown menu to view the complete list of services or

a particular set of services.

To create a new rule, select the desired service and drag it to the rule list. You can edit the

rule’s settings by selecting the rule, then clicking the button with the pencil icon located

below the rule list. The various settings are explained earlier in this section.



Deleting Rules

If you wish to delete a rule, select the rule in the list of rules by clicking it, then click the –

button. A dialog box displays, asking if you really want to remove this rule. Click OK. If

you decide you do not want to remove this rule, click Cancel.

Editing Rules

If you wish to edit a rule, select the rule by clicking it, then click the button with the pencil

icon. The Rule editor will open, and you can make any changes you wish to this rule. When

you have finished making changes, click OK to save your changes. If you decide you do

not want to save the changes, click Cancel.



Using the Stop Evaluating Rules Function

When you create a rule, and check the Log check box, the Stop Evaluating Rules check box

is also activated. It is checked by default. If you leave it checked, the rules following the

current rule are not verified.

However, if you uncheck this check box, you can create a rule that logs incoming or

outgoing traffic, but does not take any other action on the traffic. If the traffic's IP address

or service corresponds to that selected in the rule, and the Stop processing check box is not

checked, the traffic is logged, but nothing else is done to it.

Note: you should be careful when creating rules for specific services. When you select a

service for a specific program, it is possible that this program uses the same port as another

program or service. Blocking or authorizing a specific service may conflict with other,

more general rules. For example, if you wish to block ICQ traffic, selecting ICQ as a

service will also block AOL Instant Messenger traffic since both programs use the same

port. Other programs may also use the same ports. If you find that you cannot connect to a

given service, or send or receive traffic, try deactivating your rules one by one to see if

there is a conflict.



Using the Rule Contextual Menu

Intego NetBarrier X4 offers a contextual menu to work with firewall rules, which gives you

quick access to many rule functions, and lets you make changes to rules with just a click.

You can use this contextual menu to add new rules, to edit existing rules, or to change rule

characteristics on the fly.

To see this contextual menu, hold down the Control key and click on a rule. (If you have a

two-button mouse, you can just click the right button of your mouse.)



This contextual menu offers several options:

Copy to Clipboard

This lets you copy the contents of a rule to the clipboard.

Insert Standard Set / Add Standard Set

This lets you insert or add a standard set of rules. You can choose from five sets, in

the Insert Standard Set submenu: No restrictions, No network, Client, local server,

Server only, or Client only.

Status

You can toggle the state of a rule, turning it On or Off. If the rule is scheduled to run

at certain times, a check mark is displayed next to Scheduled.

Behavior

You can toggle the behavior of a rule, setting it to Allow or Deny traffic.

Log

You can toggle whether or not the rule records traffic information in the log.

Switch Source & Destination

This switches the source and destination of the rule.

Duplicate

This makes a copy of the rule.

Edit…

This lets you edit the rule using the Rule editor window.



Remove…

This lets you delete the rule.

Chapter 8 – Technical Support


8—Technical Support



Technical support is available for registered purchasers of Intego NetBarrier X4.

By e-mail

[email protected] : North and South America

[email protected] : Europe, Middle East, Africa

[email protected] : France

[email protected] : Japan

From the Intego web site

www.intego.com



Acknowledgement

Portions of this Intego Software may utilize the following copyrighted material, the use of which is hereby acknowledged.

EDCommon and EDInternet frameworks written by Erik Dörnenburg.

Omni Development (OAGradientTableView)

Copyright 2003-2004 Omni Development, Inc. All rights reserved.

Chapter 9—Glossary


9—Glossary



Address mask: A bit mask used to identify which bits in an IP address correspond to the

network address and subnet portions of the address.

Address mask reply: A reply sent to an address mask request.

Address mask request: A command that requests an address mask.

Bootp: The Bootstrap Protocol. A protocol used for booting diskless workstations.

Bootp client: A computer operating as a Bootp client.

Bootp server: A computer operating as a Bootp server.

Broadcast packet: On an Ethernet network, a broadcast packet is a special type of

multicast packet which all nodes on the network are always willing to receive.

Chat: A system that allows two or more logged-in users to set up a typed, real-time, on-line

conversation across a network.

Client: A computer system or process that requests a service of another computer system or

process (a "server"). For example, a workstation requesting the contents of a file from a file

server is a client of the file server.

Connection flood: An attack on a computer, where the sending system sprays a massive

flood of packets at a receiving system, in an attempt to connect to it, more than it can

handle, disabling the receiving computer.

Cookie: file on your hard disk, which contains information sent by a web server to a web

browser and then sent back by the browser each time it accesses that server. Typically, this

is used to authenticate or identify a registered user of a web site without requiring them to

sign in again every time they access that site. Other uses are, e.g. maintaining a "shopping

basket" of goods you have selected to purchase during a session at a site, site

personalization (presenting different pages to different users), tracking a particular user's

access to a site.

Datagram: A self-contained package of data that carries enough information to be routed

from source to destination independently of any previous and subsequent exchanges.

Datagram conversion error: An error in datagram conversion.



DNS: Domain Name System. Used by routers on the Internet to translate addresses from

their named forms, such as www.intego.com, to their IP numbers.

Echo: The request sent during a ping.

Echo reply: The reply sent to an echo request.

Finger: A program that displays information about a particular user on the Internet, or on a

network.

FTP: File Transfer Protocol. A protocol used for transferring files from one server to

another. Files are transferred using a special program designed for this protocol, or a web

browser.

Gopher: A distributed document retrieval system, which was a precursor to the World

Wide Web.

Host: A computer connected to a network.

HTTP: HyperText Transfer Protocol, the protocol used to send and receive information

across the World Wide Web.

ICMP: Internet Control Message Protocol. This protocol handles error and control

messages sent between computers during the transfer process.

IGMP: Internet Group Management Protocol.

IMAP4: Internet Message Access Protocol. A protocol allowing a client to access and

manipulate electronic mail messages on a server. It permits manipulation of remote

message folders (mailboxes), in a way that is functionally equivalent to local mailboxes.

Intranet routing: The process, performed by a router, of selecting the correct interface and

next hop for a packet being forwarded on an Intranet.

IP: The network layer for the TCP/IP protocol suite widely used on Ethernet networks and

on the Internet.

IP address: An address for a computer using the Internet Protocol.

Irc: Internet Relay Chat. A medium for worldwide "party line" networks that allowing one

to converse with others in real time.



Local network: A network of computers linked together in a local area. This may be a

single building, site or campus.

NETBIOS: Network Basic Input/Output System. A layer of software originally developed

to link a network operating system with specific hardware. It can also open

communications between workstations on a network at the transport layer.

Network: A group of interconnected computers that can all access each other, or certain

computers. This may be a local network, or a very large network, such as the Internet.

NNTP: Network News Transfer Protocol. A protocol for the distribution, inquiry, retrieval

and posting of Usenet news articles over the Internet.

Ntp: Network Time Protocol. A protocol that assures accurate local timekeeping with

reference to radio, atomic or other clocks located on the Internet. This protocol is capable

of synchronizing distributed clocks within milliseconds over long periods.

Packet: The basic unit of data sent by one computer to another across most networks. A

packet contains the sender's address, the receiver's address, the data being sent, and other

information.

Ping: A program used to test reachability of computers on a network by sending them an

echo request and waiting for a reply.

Ping broadcast: An attack similar to a ping flood. See below.

Ping flood: A ping attack on a computer, where the sending system sends a massive flood

of pings at a receiving system, more than it can handle, disabling the receiving computer.

Ping of death: An especially dangerous ping attack that can cause your computer to crash.

POP3: Post Office Protocol, version 3. POP3 allows a client computer to retrieve electronic

mail from a POP3 server.

Port scan: A procedure where an intruder scans the ports of a remote computer to find

which services are available for access.

Protocol: The set of rules that govern exchanges between computers over a network. There

are many protocols, such as IP, HTTP, FTP, NNTP, etc.



Router: A device that forwards packets between networks, reading the addressing

information included in the packets.

Server: A computer connected to a network that is serving, or providing data or files to

other computers called clients.

Service: A network function available on a server, i.e. http, ftp, e-mail etc.

SMTP: Simple Mail Transfer Protocol A protocol used to transfer electronic mail between

computers.

Spam: Unwanted e-mail messages, usually sent to thousands, even millions of people at a

time, with a goal of selling products or services.

TCP: Transmission Control Protocol. The most common data transfer protocol used on

Ethernet and the Internet

TCP/IP: The Internet version of TCP -TCP over IP.

Telnet: The standard Internet protocol used for logging into remote computers.

Tftp: Trivial File Transfer Protocol. A simple file transfer protocol used for downloading

boot code to diskless workstations.

Traceroute: A utility used to determine the route packets are taking to a particular host.

UDP: User Datagram Protocol. An Internet protocol that provides simple but unreliable

datagram services.

Whois: An Internet directory service for looking up information on domain names and IP

addresses.