How to set optimum settings in ZA Pro?

Discussion in 'other firewalls' started by Escalader, Apr 23, 2007.

Thread Status:
Not open for further replies.
  1. 12fw

    12fw Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    111
    Location:
    Canada
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    This is the gateway log

    Remember the LAN is set to "Internet"

    First log, bootpc with ZA, Broadcasts not allowed.

    without.GIF

    Second log, bootpc with ZA, Broadcasts are allowed (no replies are allowed from gateway to netbios)

    with.GIF

    On both logs, ZA is installed on 192.168.0.83
     
  3. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Thanks for checking it up....

    UUUhhm, so....apart been the user manual wrong, in practical terms, does this means it is safe or not safe to allow brodcasting??

    Fax
     
    Last edited: Apr 30, 2007
  4. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    12fw, thanks for references and the reminder about what Stem told us to do!

    In all the cross talk I kind of forgot what the question was! I went in and checked it BUT guess what it was no longer checked, maybe I forgot to click apply! :oops:
     
  5. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Okay, here we are at post 120, here is my April 30 zones setting window.

    Stem, please look at this jpg and indulge me as the OP and "learner".

    Look at each line and tell me if the line is needed or not and if needed if I should alter the settings to from trusted/internet. At this point I don't need to know why you recommend what you recommend. If others here disagree with Stem I don't need to here about it at this point.

    I have heard about the loopback, but I don't have that in this list should it be there?
     

    Attached Files:

  6. 12fw

    12fw Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    111
    Location:
    Canada
    Escalader

    The loopback is Trusted, since it is an address that goes no where. It is a reserved address for the computer itself and is only used inside the computer. It never goes out or accepts anything in.

    Maybe the DNS server should be added, but I set miine as Internet. In the spirit of the thread.

    The router IP I dropped, but I did set the router/lan as Internet.

    It is okay to block sites or servers, but I do not think it is important to include the updater sites as Internet, since they should be internet to begin and not assumed to be trusted.

    12fw
     
  7. 12fw

    12fw Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    111
    Location:
    Canada
    Stem

    I am curious. If the "allow braodcast/multicast" is enabled and the PC has no UPnP or BIOS or file/printersharing or remote assistance or such used, is the multicast a real threat? Yes there are outgoing, but there is nothing to respond to any replies.

    12fw
     
  8. oldshep

    oldshep Registered Member

    Joined:
    Dec 19, 2006
    Posts:
    139
    12fw,

    I admit that I've become a little confused over the last couple of pages of comments. Would you mind taking a look at my setup ( post #78 ) and comment as to the differences between it and what you now have?

    If I get rid of the trusted router address and just leave the entire lan in the internet zone, I think I get a lot of warnings for service host in the logs - at least that's what happened a few months back when testing ZAPro.

    I still don't know what if any are the security risks for leaving the router as trusted.

    Thanks,

    Oldshep
     
  9. 12fw

    12fw Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    111
    Location:
    Canada
    oldshep

    For the spirit of the this special thread, I set the router/lan as internet, the dns server as internet and the loopback as trusted. Other than blocked UDP from the DNS, nothing unusual is happening. I had placed the router IP as trusted, but in the spirit of the thread, I removed it. Still all is okay.

    Having the router IP as trusted shouldn't be a real issue. The only possible threat is if the router got owned. The only way that could happen is if the default password and account haven't been changed.

    12fw
     
  10. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Thanks, the spirit was established in the first few posts. It is for Stem to provide me answers to simple questions. If you guy's persuade him to advise me something then and only then will I change/do anything. Otherwise I will be blown this way and that. Don't get me wrong here I'm not saying you aren't correct just that I have to do what a OP poster learner guy said on post 1!
     
  11. oldshep

    oldshep Registered Member

    Joined:
    Dec 19, 2006
    Posts:
    139
    12fw,

    Many thanks for the clarification. I think I understand what you all are saying. I may retest and move my router address back to internet to confirm what happens.

    I'll continue to read further posts with interest.

    Oldshep
     
  12. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Yep, lets wait for Stem..

    But, Stem already suggested to remove the 255.255.255.255 rule: https://www.wilderssecurity.com/showpost.php?p=993605&postcount=65

    and not to set the router as trusted: https://www.wilderssecurity.com/showpost.php?p=991180&postcount=17

    Well, for me adding the router to the trusted zone is perfectly fine :D but I think Stem approach is different i.e. (broadly speaking) whatever is outside your PC is not trusted by definition but only by specific rules (if needed)...

    Fax
     
    Last edited: May 1, 2007
  13. 12fw

    12fw Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    111
    Location:
    Canada
    Did a quick check and the ZA says this about the new network found when first installing:

    192.168.x.x


    Keep in Internet Zone:
    -For use at public or questionable access points (hotel,airport,coffeeshop,...)
    -AllowsOnternet access, blocks others from accessing your computer

    Allows into trusted Zone:

    -For trusted, secure locations only (home,office...)
    -Use only if you need to share files or printers with others on this network

    I think escalader should follow the advice from before and make sure that his SpySweeper and BitDefender are not causing any conflicts. They do have web scanning and web content filtering. The potential problems are possible.

    12fw
     
  14. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Good morning Stem:

    Because of the FUD factor to confirm for Stem I have removed 255.255..... and allowed Broadcast/multicast as he suggested.

    I also added the loopback adapter. Is that okay Stem?

    The only block I see at the moment is ZA's Updclient.exe trying to access the apple site which I have explictly blocked. What reason would ZA have for trying that when I have turned off all automatic updating?

    Another observation is ZA Pro keeps turning off All Alerts High, on every boot up!

    See latest and greatest jpg.
     

    Attached Files:

  15. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    OK,
    We are going around in circles, and losing track, certainly as to the original members posts/concerns.

    Let us go over what we have found/posted, and try to address this in a way understandable to all.

    First, it as been mentioned of placing the PC as a fixed IP, also a post of hardening the system by disabling some windows services, and yes, I have made posts onto forum to show some un-needed services that can be disabled. But, due to this thread, as I mentioned, I have reset the group-policy within XP (all services as default windows installation), as I believe it is the setting within ZA that are being asked for. I think some understanding of what is able to leave/enter the PC with default windows setting and default ZA settings needs to be known, so that changes (where possible) can be made within ZA to secure the system.


    Main point at this time, is the adding of the LAN/router into the trusted zone. OK, this is already within the popup from zonealarm when the new network is found "Use only if you need to share files or printers with others on this network". Adding the router as trusted,.. I do have to ask "Why" there should be no need for this. I put the router as a layer of defence and like to keep this isolated. If the router is placed within the trusted zone, with default trusted zone settings, then windows is able to connect to the router via SSDP(uPnP). Yes, again, I am going from default windows settings, and also default router settings (most routers now are uPnP, and most have the uPnP enabled), so I prefer the PC not to be able to control anything within the router(and so will not simply say "yes" to making this trusted). This leads to the connection problems shown, such entries as outbound DHCP/DNS blocked, as I have mentioned, this should not happen as long as svchost(XP) is allowed internet outbound and the Internet lock is off.
    From my checking of DHCP allowed with ZA, you will see a log (first pic post#127), this basically show the DHCP broadcast allowed out from ZA, with the reply broadcast allowed.(I know the return broadcast was allowed as ZA then made a DNS lookup for zonelabs). I have also checked, by only allowing DHCP on LAN after booting ZA, that unsolicited inbound DHCP broadcasts are allowed. Now I can understand if DNS replies may be blocked, these may be late replies and seen as unsolicited, if these servers are internet, then why would you want to place these as trusted, you are (from ZA default setting) basically allowed all out/in to these servers, even up to a point of sharing files on the PC.(remember: trusted zone:- "Use only if you need to share files or printers with others on this network")

    Adding loopback(127.0.0.1) as trusted, yes, I have no problem with this in ZA, as restrictions are made to the access of this)


    So, for now, I need to know where "Escalader" is with this, and what points need clarification.
    (As for the concerns of possible conflict with other software on the PC that may be causing the problems, yes, this will need to be checked)

    edit,
    Sorry Escalader, you posted as I was posting/reviewing thread
     
  16. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    edit: Sorry Stem, you posted as I was doing this one. We are of the same mind on ending the circle. I will post separately in reply to your last post.

    Viva La difference. For me, it is clear that Stem's, ideas are the more secure and optimum path. So let's drop that debate it is done with as far as this thread is concerned, it is the optimum setting for ZA Pro for me and I'm staying with it. Unless Stem comes to a different conclusion later which has a 1/100,000 of happening.

    To all (excluding Stem) posters in the thread! (12fw, Fax, oldshep, etc)

    Please post your ZA Pro Firewall zones settings as I have done multiple times, it would be educational for me for sure and all thread contributors. Some have done it earlier but changes have been made. If you don't want questions on your settings best not to post them though. My own view is that if I want to learn best to be open and clear and sometimes admit to being :doubt: , :oops: and lost at sea. If we see posters are actually using ZA right now then their post is more... how to put this .... can't get right word... but usefull comes to mind, no insult intended.... this is difficult stuff for me anyway but it is best to know where everybody is coming from!:D

    (Use Alt + PrintScreen paste to Paint save as jpg and upload as an attachment to your post, but I suspect every body knows this)

    There are the following sets of ZA software (this is not a commercial) so please indicate which product you are using for this learning thread


    ZoneAlarm security software is a family of security products that offers a wide range of features and benefits. This release supports the following versions of ZoneAlarm security software:

    ZoneAlarm
    Offers firewall protection, limited MailSafe protection and Program Control, and Anti-virus Monitoring.

    ZoneAlarm Anti-virus
    Includes the same features available in free ZoneAlarm, plus Kaspersky Anti-virus protection, Inbound and Outbound MailSafe protection, Program Control with SmartDefense Advisor, and OSFirewall protection.

    ZoneAlarm Anti-Spyware
    Includes the same features available in free ZoneAlarm, plus Anti-spyware protection, Inbound and Outbound MailSafe Protection, Program Control with SmartDefense Advisor, and OSFirewall protection.

    ZoneAlarm Pro
    Includes expert firewall protection, Inbound and Outbound MailSafe protection, Program Control with SmartDefense Advisor, Privacy control, Identity Protection, Anti-spyware protection, and OSFirewall protection.

    ZoneAlarm Security Suite
    Includes the features available in ZoneAlarm Pro, plus IM Security, Parental Control, Identity Protection, Kaspersky Anti-virus protection, Junk E-mail Filtering, and offers protection for mobile laptop users and wireless home networks.
     
  17. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    Okay, Stem here where I am at, lets move to detail on MY settings only,

    (1) Please review my zones entries line by line (as of may 1 was posted earlier)

    (2) Just say remove/change and add any item I need. Is my family LAN a range or a single ip with the subnet as a qualifier?

    (3) I have my cable isp listed as a trusted ip is that wise or needed?

    Then very briefly remind me of the custom settings I should have in both Trusted and internet zones. NO NEED TO REPEAT WHY AT THIS POINT!:D

    I do have a 2nd non sharing gaming computer PC on the LAN only sharing the Cable DSL router.

    My ISP assigned by DHCP as 198.168.1.100
    Subnet mask is 255.255.255.0 (now removed)
    Default Gateway 192.168.1.1

    AFTER I MAKE FINAL CORRECTIONS ON ZONES AND CUSTOM SETTINGS I WANT TO MOVE ON TO PROGRAM CONTROL.

    If others poster want to pursue other points of view with you/me maybe they can start a specific thread for that or PM you/me directly.:thumb:
     
  18. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    To All postesr:

    I am :'( or :mad: I don't know which.

    Please follow the latest and greatest requests to drop the trusted router subject
    For me it is done! It may be unclear to some but not to me anyway.:thumb:

    To my fellow posters here, my router is not your router, my xp settings are not your xp settings, I refuse to use messenger, my questions and view of what is wise is not equal to yours! So this thread is about specific optimum settings for ZA Pro. An endless circular debate is not helping with learning or achieving the goals of the OP. I ask everyone to respect the very special theme of this thread.

    It would be easy for me to take it all off line via PM's with Stem or even use poster blocking but I have responded in good faith to Stem's idea of me as a "learner" in plain view and these negative steps would end the thread and lose any benefits for those who read only the thread fearing to enter or post where wise men fear to thread!

    If there are honest disagreements, make the point once with rationale/proof from actual testing and move on with me to the next subject. Please no FUD, speculations or red herrings.

    Posters can act not act on their own systems as they see fit.

    Let's all get back to the last posts twixt Stem and me and move on!:cool:
     
  19. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Peace in our time? :doubt:

    Apology accepted.

    I had a boss once who said we can accept all these mistakes you make but it is these errors you make that worry us!:D
     
  20. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    You do not need to add IPs(from the internet) as Internet. The only entries you should place here are for "Blocked" or "Trusted". The only exception to this is if you are placing the LAN as internet.

    You would need to check the router as to what range of IP`s are issued. ZA does pick up this LAN (from the DHCP) so the range should show within that network entry.

    Again, I do not see why you should place this as trusted.
    I do think we need to find why you are having problem with DHCP, as without some resolution to this, your problems will be ongoing.

    Please confirm the other (all) security applications you have installed, I will install these on my base setup to see if I can recreate the problem.
     
  21. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Okay, Stem my replies are within your answers in RED



    Okay, but why don't you wait untill we find out if the problem is solved now, that would save you some effort (maybe)

    Here is my active / realtime security software list

    ZA Pro 7.0.337.000, all autoupdates off, all email, asw, spysite blocking off
    SpySweeper 5.3 with active AV turned off
    BitDefender 10 with AV real time enabled, Behavioral ASW enabled
    SpyWareBlaster
    FF 2.0.0.3, DOM inspector, RefControl, Script control
    PC Tools, Spam Monitor


    Here is my passive / on demand 1/ month security software list

    Adware SE (free), never finds anything
    SpyBot S& Destroy never finds anything
     
  22. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Stem / Fax:
    This is a solution I like. Please snip/move the non OP posts including mine if any and take your discussion to another thread, I will not give up this learning opportunity.

    Fax, human nature is hard to contain as has been shown but if the OT posts can move and occur in another place we all can get on with the original thread. 160 posts and still on page 2! It's a bit much!
     
  23. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    As you wish.

    Noted, for future possible installation to check on possible confilcts.


    I made some changes to setup earlier, and attached ZA(PC) directly to Internet DHCP/DNS (my setup, well, can be confusing to explain). I see in the ZA logs that replies from my DNS (Internet)servers have been blocked. This shows what as been mentioned earlier, and this does give me concern. I know, from my logs, these replies where well within any timeout.
     
  24. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hi Stem: as before mine are in RED

     
  25. gre87y

    gre87y Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    164
    I would like to see Fax continue his posting. Good to see both sides of an issue:)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.