Applications and internet filtering

I think the way rules are activated when an app connects to the net need altering. A rule that activates based on an application connection allows other programs to use that rule.

Surely when you set an application in a rule then the rule should not be able to be used by another program to access the net.

Any comments?

Cheers,
Tom

 

Hey Tom

Yea like Services capabilities this too been addressed quite some time ago, it’s not actually the method used being the problem its how its not coded that’s being the problem…

I believe it should be coded to prevent leaks to/from other Applications which isn’t specified in the list.

 

I can see that what Im asking for might be tough to implement, but still it would be a very worthwhile investment.

Cheers,
Tom

 

Hi Tom,

Initially this was implemented in 2.04 to automate the cases where the user had to manually activated/deactivate a rule when an application was started/stopped (typical case are NetMeeting and Irc Client). The purpose was not to restrict the use of a rule to a dedicated application.

For a TCP server port (Identd for an Irc Client for instance) you can only have one application opening/listening that port at a time. So for these cases, the activation of a rule based on the connection of an application should be still useful.

Now with the 2.05b1 if you want to restrict an application to use some ports only, you can do that directly in the Application Filtering.

Frederic

 

Hi Frederic,

This solution does work but I think it would be a nicer solution to use the filter rule to specify what access the application has to the internet instead of the way that 2.05b1 is implemented.

Are there any plans to take LnS in this direction?

Cheers,
Tom

 

The way I like to see this go are Application Filtering rules being handled within Look ‘n’ Stop Internet Filtering screen with basically same functionalities such as rule Export/Import; I think this would really benefit Look ‘n’ Stop a great deal, and draw many more users to Look ‘n’ Stop product. And with such style would be more efficient for myself to make Importable Application Filtering rules for the public and for the customers to easily import the Application Filtering rules…

 

I don't understand the difference. In the 2.05b1, you can consider the IP/Port dialog box as a rule for the application, and so you can specify what access the application has to internet.

Could you give some details of what you are thinking ?

Thanks,

Frederic

 

Yes perhaps we will add something like that in the future.
We need to stabilize the way it is implemented first.

For ports, Ok, I understand that some rules could be exported/imported, what about the IP address that are specific, and how to match the application between an imported rule and Look 'n' Stop internals, pathnames will be different between users.

Frederic

 

Hey Frederic

What about a comparison by filename only, excluding the file-path when dealing with Application Filtering rules?

 

Retrieving Application Filtering Layer informatics of Trusted Applications, Application Filtering rules does comparison by filename look-ups only, and if file-name founds turns up 0 or with Non-Trusted Application then the rule cannot be activated.

 

For Exporting I believe everything specified like ports and IP Informatics and so forth should also be exported along with.

Other goals we should set are;

- No limits on how many Application filtering rules can be set for a specific Application
- Tying IP to port
- Controls for both source IP/ports & destination IP/ports.
- Controls for Local Activities

 

My idea is the same as Phantom's.

I have moved from Kerio Personal Firewall, which had an excellent method of applying rules to applications. All rules were held in a single place. The only downfall with Kerio was the lack of functionallity, this is where LnS really sits ahead.

If you could tie all the rule setting together in a similar way to Kerio (and perhaps many other Personal Firewalls) LnS would truely be the best personal firewall going. You might want to look at making it a system service also, to make it a little more secure.

Cheers,
Tom

 

Having used Kerio firewall v2 for a couple of years now myself, I understand what your saying Tom & completely agree with what you and Phantom have said above. Now if only Frederic can put it all together (fingers crossed).

 

Crossing my fingers as I type

Cheers,
Tom

 

Thanks dukebluedevil

Much appreciated, as you may have noticed Frederic needs us to “stabilize the way it is implemented first”, meaning your Feedback and others Feedback is very crucial.

And for rest of you on here with Look ‘n’ Stop, if you have any interests in Application Filtering Layer enhancements you should come forth and post even if it’s to say I agree.

 

Hi,

I think there are two discussions there.

One is about ports and IP selection improvements in the Application Filtering.
Another one is about the two levels of filtering, and a way to have only one set of rules.

For the 1st one, Phant0m just answer with the previous post.

For the 2nd one, Look 'n' Stop has really two different levels of protection that are independant: TDI and NDIS.
The NDIS has no notion application, it has to be considered as a Packet Filter like an hardware firewall.

So having the two levels of protections and the flexibility of configuring each separatly is, for us, a plus.
However, if some configuration can become easier we will look at it.

Regards,

Frederic