Home > Articles

This chapter is from the book

This chapter is from the book

Lab 5: Firewalls, Proxies, and Ports

Orientation

In this lab you will learn you how to do the following:

  • Use a firewall to protect your PC or your network.

  • Create an IP proxy.

  • Configure ports to your best advantage.

  • Work with a third-party free firewall.

  • Identify VLANs, intranets, and extranets.

  • Prepare for the Network+ subdomains 3.5–3.9.

When services are running, you have a security hole. It’s that simple. If a service is started, the corresponding port is opened. Hackers have a point of entry to your system or network. Firewalls were developed to shield your network, so that your network’s ports are considered closed or shielded, and so that your network’s or computer’s IP can’t be seen by public users on the Internet. The problem is that you may want to run services, but not lose the firewall. This is where a DMZ comes in; firewalls can normally handle incorporating a DMZ. Your firewall will normally act as an IP proxy as well. This means that the device only displays one public IP address to the Internet, but it allows the entire private LAN to access the Internet though it. So it acts as a go-between or mediator or...proxy. In this lab, you are going to learn a little more about your Linksys firewall, and install a free firewall known as ZoneAlarm. Plus, you will learn how to configure your very own IP proxy and ICS device as well as how to best configure your ports.

Procedure

Revisit Your Linksys Firewall

You learned about port forwarding earlier. You can connect to the public IP address of the SOHO router with an application that uses a specific port—for example, PPTP, which uses 1723. The firewall forwards any packets sent on that port to whatever PC on your LAN you want. Take a look at Figure 3.36 for an example.

Figure 3.36

Figure 3.36 Forwarding applications via port number.

As you can see, you are running a POP3 mail server on 192.168.1.202, and a Quake III server on port 27960 as well as your VPN server on 1723. But for the client to access those servers, they must first get through the router, thus the need to forward those requests. The main thing here is to know which port is used by the application you want to serve. The big problem, though, is that you have just opened up those three ports to all of your computers! To combat this security breach, you can create a DMZ. When you do this on a SOHO router, however, all the ports become visible. You would then either have to get a second hardware firewall for those computers that you do not want visible from the Internet or load a software-based firewall on each of them. You also filter ports so that only certain ports are used, or so only certain ports are excluded. Most firewalls have this feature, normally referred to as port filtering.

If you are worried about specific applications not working because the outbound and inbound ports are different, you can use those outbound ports as a trigger to forward to the inbound ports for replies. For example, in Figure 3.37, we are using 6660–6670 as a trigger to forward to 113 for replies.

Figure 3.37

Figure 3.37 Port triggering.

Port triggering is mainly used for apps that send and receive on different ports. If you are using something like your Web browser, it is not an issue. But if you are using an IRC client or work with certain gaming servers, you may need to set this up on the SOHO router. In addition, port triggers work dynamically so that even if you have multiple PCs obtaining dynamic IPs through the router, port triggering will still work for them. Port triggering is not needed on software-based firewalls because the software interacts directly with the OS, therefore it knows what ports to keep open for applications that have varying inbound and outbound ports. Conversely, the hardware-based firewalls do not talk directly to your OS, so they don’t really know if there is going to be a difference in port numbers for the request and the reply.

You can set up Quality of Service (QoS) to allow certain devices to get higher priority (and therefore faster access) to the Internet. This is shown in Figure 3.38. You can also set the QoS by the physical port.

Figure 3.38

Figure 3.38 Quality of Service.

Try configuring on your router now for the following:

  • Port forwarding

  • DMZ

  • Port triggering

  • QOS

  1. Install and test ZoneAlarm.

    1. Access PC1.

    2. Go to http://www.zonelabs.com.

    3. Click Download and Buy on the left side of the screen.

    4. On the top of the screen, click ZoneAlarm.

    5. Click the Free download link.

    6. Click Download Free ZoneAlarm.

    7. Click Save in the pop-up window that appears and save the program in your Downloads folder. The program is about 6.5MB, so the download shouldn't take long.

    8. When the download is complete, click Run (or Open) to install it.

    9. Go through the installation process, entering your e-mail address when prompted. Note that you don't really need the updates.

    10. When the installation is finished, answer the user survey questions (see Figure 3.39). Then click Finish.

    11. Figure 3.39

      Figure 3.39 ZoneAlarm user survey.

    12. A pop-up window will tell you that the installation is complete. Click Yes to start ZoneAlarm.

    13. In the Zone Labs Security Options window, select the standard ZoneAlarm and click Next.

    14. In the next window, click Finish.

    15. Click Finish again in the next window unless you want to go through the tutorial.

    16. Click Done in the Completion window.

    17. Finally, Click OK to restart the computer.

    18. When the tutorial comes back up, just exit out. You can read that at a later time if you wish. You should now be in the ZoneAlarm Overview screen.

    19. Go to PC2.

    20. Open the command prompt.

    21. Type ping pc1. It shouldn't work. Instead of getting replies, you should get an "Unknown Host PC1" message.

    22. Try browsing to the system. Again, you won't be able to get in.

    23. Return to PC1.

    24. Notice the ZoneAlarm icon in the system tray. Right-click it and choose Shutdown ZoneAlarm, as shown in Figure 3.40.

    25. Figure 3.40

      Figure 3.40 Shutting down ZoneAlarm.

    26. Click Yes in the pop-up window that appears.

    27. Return to PC2 and try pinging PC1 again. You should get replies because the firewall is off. Leave ZoneAlarm off for now. If you need it in the future, you can click the Start button, choose Programs, select Zone Labs, and choose Zone Labs Security to turn it back on. There you have it. ZoneAlarm, free, and it works. It's not the most comprehensive firewall out there, but if you are on a strict budget, it'll do the job. It also may help out if you have a four-port firewall like our Linksys and want a little added security on the local computer, but don't want the added cost or the extra burden on resources like other firewalls may trigger.

  2. Configure ports to your best advantage. Whenever a computer starts a service, it opens a port on the network connection that corresponds to that particular service. The more services that are running, the more ports that are open—ergo more security risks! Your Windows 2000 Professional machine is probably pretty safe because it is not meant to serve data, but rather access other computers' data. Your Windows 2000 Server, however, is just that: a server. It runs lots of services. The first line of defense for a good network administrator is to shut down any unnecessary services.

    1. Go to PC1 (Windows 2000 Professional).

    2. Open the command prompt, type netstat –an, and press Enter. You should see a list of service ports that are open, but it will be pretty limited.

    3. Go to PC2 (Windows 2000 Server).

    4. Open the command prompt, type netstat –an, and press Enter. You should see a much larger list of service ports that are open; it should look something like Figure 3.41, although the list goes well beyond what's shown in the figure. Windows 2000 Server is chock full of open ports! Security is an issue.

    5. Figure 3.41

      Figure 3.41 Windows 2000 Server open ports.

    6. Notice that ports 25 (SMTP), 80 (HTTP), and 443 (HTTPS/SSL) are open. You are not using a mail server or a Web server so these services can be shut off. You may ask, "Why were they open in the first place?" This is because Microsoft sets IIS to run by default upon installation of Windows 2000 Server. When IIS runs, it starts the HTTP, SMTP, and HTTPS services. Although HTTPS is great for securing Web transmissions, it uses a port nonetheless, so it creates a separate security concern. Let's turn all three of those off now.

      1. Right-click My Computer and select Manage to open the Computer Management window.

      2. Click the Services and Applications entry in the left pane and then click the Services underneath.

      3. Select the Simple Mail Transport Protocol entry in the right pane.

      4. To stop the service, click the Stop button in the window's toolbar. This is circled in Figure 3.42. Alternatively, right-click the service and choose Stop from the menu that appears.

      5. Figure 3.42

        Figure 3.42 Shutting off the SMTP service.

      6. If you look at the service again, you will notice that its startup type is Automatic. That means when you restart the computer, the service will begin again! To change this to manual (thereby disabling it), double-click the SMTP service.

      7. In the SMTP Properties dialog box, change the Startup type setting to Manual, as shown in Figure 3.43. Now you don't have to worry about the service starting back up next time you restart the server.

      8. Figure 3.43

        Figure 3.43 Setting the SMTP service to manual.

      9. Repeat the process of stopping the service and setting it to manual for the following services:

        • World Wide Web Publishing service

        • IIS Admin service

    7. Run netstat –an again. Ports 25, 80, and 443 should not come up. Great work! That is how you turn off services. This is very important. You should not rely on a firewall only. That is linear thinking. You must think three-dimensionally. Inside the network, outside the network, remote connections, intranets, and extranets must all be properly secured.

  3. You learned how to check your local open service ports with netstat –an, and how to check your firewall's ports with http://www.grc.com's Shields Up. Now it's time to take it to the next level. What you need is a real port scanner. For this exercise you will use Advanced Administrative Tools to scan the server's ports.

    1. Go to PC1.

    2. Turn the ZoneAlarm firewall on. If you cannot access the Internet, restart the computer. If you still cannot, uninstall the ZoneAlarm program and restart the computer. If your computer reacts very slowly with ZoneAlarm running, uninstall it.

    3. Download and install an evaluation copy of WinZip if you have not already done so. You can get one from Download.com or from the following link: http://www.davidprowse.com/downloads/techtools/winzip70.exe.

    4. Download the AAtools program to your Downloads folder. You can get it from here: http://mirror1.glocksoft.com/aatools.zip.

    5. When the download is finished, click Open (or Run, depending on your OS). This will launch WinZip. Agree to the license for WinZip so that you can see the AAtools files.

    6. Double-click aatools_setup.exe. The installation will begin; it is extremely simple. Just click Next until you get to the last screen. Then click the check box to launch the program and click Finish. Click Close for the Live Update. The application should come up on your screen and look like Figure 3.44.

    7. Click the Port Scanner option button and click Start. The AAtools Port Scanner opens.

    8. In the Hosts to scan field, type 192.168.1.200.

    9. In the Port set field, click the drop-down menu and select Everything.

    10. Figure 3.44

      Figure 3.44 The main Advanced Administrative Tools screen.

    11. Click the Start button (it’s the green arrow toward the top of the window) to start the scan. (See Figure 3.45.) If you get a message from ZoneAlarm, just click Allow to let the Port Scanner program do its scan.

    12. Figure 3.45

      Figure 3.45 The Port Scanner window.

    13. The first thing the application will do is ping the server. It sends ICMP echoes to verify that the IP address is valid. If it gets replies, it then scans all 65,536 ports. This may take a while, but after you get some results, you can click the red stop sign to abort the scan and view your results.

    14. Notice that the program finds all open ports, but also gives you a description of them, as well as descriptions of possible attacks to those ports. This is the proper type of scanning program to use and you are using it in the proper way. When checking security vulnerabilities on a server, you want to scan it from another computer on the same LAN, and on the same IP network.

    15. Notice that ports 1701 and 1723 are open. These are for L2TP and PPTP respectively. That is because you ran a VPN server previously. It secured your remote network connection by encrypting the data, either with PPTP or with IPSec (in the case of L2TP). Although this is an excellent way to protect your session to a VPN server, it does open up your VPN server to attack. Do you need that VPN server anymore? Not right now, so let's close those ports as well.

      1. Go to PC2.

      2. Access your RRAS console.

      3. Right-click the server name PC2 and choose Disable Routing and Remote Access. When you do this, you should see a downward-pointing red arrow, indicating that the service is off.

      4. Return to PC1.

      5. Scan PC2 once again. Let the port scanner run for a while. (If you are wondering how to remove the data from the previous scan, just click one of the entries, press Ctrl+A to select all the entries, and press Del.

      6. Let the scan run until you see that it has scanned past port 2000. You can watch this in real time at the very bottom of the window. Then stop the scan.

      7. Look for 1701 and 1723. They should not be there since you stopped the service.

      8. Close all windows. Great work.

  4. Create an IP proxy. The type of IP proxy you will create will be based on Internet Connection Sharing (ICS). The whole idea of ICS is that you can use your computer to share the Internet connection instead of a four-port SOHO router like the Linksys you are using. You need two network connections on the computer, though. Luckily you have them! You have the LAN card and the Wireless LAN card. The basic premise here is to share the card that connects directly to the Internet. Then, connect the second card to a simple hub that offers connectivity for the rest of your systems. Sharing a card is a lot like sharing a folder or printer. It's just another resource.

    1. Go to PC1.

    2. Right-click My Network Places and select Properties.

    3. Enable your wireless card (if it isn't already) by right-clicking it and selecting Enable. Tell ZoneAlarm to allow this setting.

    4. Right-click the LAN card and select Properties.

    5. In the Properties dialog box, you should notice a Sharing tab. This is not normally there, because most computers only have one NIC. Click the Sharing tab; it should look like Figure 3.46.

    6. Figure 3.46

      Figure 3.46 The Sharing tab of your NIC Properties dialog box.

    7. Click the Enable Internet Connection Sharing check box to select it.

    8. Click OK. A pop-up window tells you that your IP will now be changed to 192.168.0.1. Click Yes. Other computers on the network will now look to this system for their dynamic IP addresses, which, through ICS, your computer is now ready to offer.

    9. Open the command prompt and run an ipconfig/all command. Note that it is actually the wireless card that was changed to 192.168.0.1. That is because your LAN card would now connect directly to the Internet, and because of that would need to get a public IP address. The other card (wireless) is automatically changed over because it will be on your private network. All other machines will be given numbers like 192.168.0.2, 192.168.0.3, and so on. Those IPs will come directly from your little old Windows 2000 Professional! This is the power of ICS. It is illustrated in Figure 3.47.

Figure 3.47

Figure 3.47 An illustration of ICS.

What you created is known as an IP proxy. A proxy is a go-between, a mediator of sorts. It allows all the computers on the LAN to access another network, usually the Internet. This way, many computers with many private IP addresses can access the Internet with just one WAN public IP address being displayed. To do this, the IP proxy must translate between the two NICs on the two different networks. It does this with Network Address Translation (NAT). Your SOHO router is an IP proxy because it displays only one address to the Internet, yet you can have many computers connected through that pipe.

VLANs

VLANs are the way of the present and the future. Short for virtual local area networks, VLANs can limit broadcasts and collisions, increase security, organize your network, and bring up performance. It is an alternative way of connecting or segmenting your network without the need for routers.

A scenario that could use VLANs would be the following: A school with three computer classrooms (20 computers each) and 10 computers for the office staff scattered around the building plus a library. You really wouldn’t want the students from each classroom to be able to see each other, nor would you want any of the students to have access to the office network. The library should be kept separate as well. You could do this by creating VLANs.

The foundation of the VLAN rests on one device. It might be a switch, a Cisco PIX, a multi-homed server, or other device. Regardless of what you use, this device must have multiple network connections—in this scenario, five. What you could do is install a VLAN-ready switch and assign a different network number to each port. For example, port 1 would be 192.168.1.0, port 2 would be 192.168.2.0, and so on.

Then you connect a separate hub (or switch) to each of those ports. This will create a hierarchical star topology. Cables must be connected to their corresponding hub and room. For instance, the cable connections coming from classroom 1 will connect to the classroom 1 hub, which will then be connected to the 192.168.1.0 port on the VLAN switch. You get the idea.

In this way you can have total separation of your network without the use of a router! The ultimate beauty of this is that there may be staff connections all over the building that all lead to the same section of the VLAN. For example, admins have connections in a technical room, instructors need connections from every classroom, and other staff may be scattered around the office. The cables that come into the server room for each of these staff connections can be connected to the staff hub, which in turn connects to the staff port on the VLAN switch. This is known as a port-based VLAN and is illustrated further in Figure 3.48. Keep in mind that you can assign a VLAN to any port on the VLAN switch, but you should plan it first and make it organized!

Figure 3.48

Figure 3.48 A port-based VLAN.

There are three main types of VLANs:

  • Protocol-based VLANs. In this case, you would have a different protocol running on the various computers and/or ports that you wanted to separate. It could be that you have a server with two NICs, each of which runs a different protocol.

  • Port-based VLANs. These are as explained previously, and are the most common. If a computer needs to be moved to another area of the office, then you would have to re-patch that system in the server room to keep it on the same VLAN. This is not that time consuming and is the default option for most administrators.

  • MAC address–based VLANs. In this case, a switch will keep track of all the MAC addresses on the entire network and you would have to specify which belonged to each portion of the VLAN. This is time consuming but a benefit is that a computer can be moved anywhere in the office without requiring anything to be reconfigured and the system will still be on the same VLAN.

Intranets and Extranets

Intranets are networks that are privately owned by an organization or corporation. They use all the inherent technologies and offer all the inherent capabilities of the Internet, but are restricted to employee use. For example, you may have a set of Web servers in your company’s office that are accessed by the URL http://myintranet.mycompany.com or perhaps just http://myintranet, but only employees will be allowed to get in. Usually there will be a firewall used to deny access to unwanted visitors. However, the website will look the same, mail functions will work the same as normal, and so on. As I mentioned, it looks like the Internet but it is private. The intranet is normally kept "behind" the firewall, meaning that it is not really an external presence on the Web, but rather an internal presence for your company.

Extranets are also networks that are privately owned and use all of the inherent technologies of the Internet. Unlike intranets, however, extranets are opened up to some extent to outsiders. These outsiders could be members of the company, worldwide employees, or sometimes even other companies that you do business with. Extranets go beyond the firewall in your company. Because of this, you will most likely need a user name and password to get into these websites and extranet resources. In some respects, your login to your bank or credit union could be considered an entryway to that company’s extranet, but normally an extranet is associated with employees of a company or sister company.

One of the big ideas behind intranets and extranets is that they enable users to connect using technologies they know and love—primarily, the Web browser. Everything is going Web browser–based because everyone has one, and almost everyone knows how to use one. You don’t even need to be on your regular computer. This, of course, opens security concerns, but the pros have so far outweighed the cons.

What Did I Just Learn?

In this power-packed lab you learned how to install a free firewall, how to work with some advanced functions of a SOHO firewall, how to scan ports, and how to create an IP proxy. In particular, you learned how to do the following:

  • Install the ZoneAlarm firewall.

  • Create an ICS device.

  • Scan with netstat –an and Advanced Administrative Tools.

  • Shut down services, including IIS, VPN, SMTP, and HTTP://WWW.

  • Configure application forwarding and port triggering.

  • Prepare for the Network+ subdomains 3.5–3.9.

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020