=)nortion fire wall settings perty pleas

Discussion in 'other firewalls' started by Mr.Blaze, Oct 24, 2002.

Thread Status:
Not open for further replies.
  1. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :Dlol im on a windows xp i got nortion personal fire wall
    what are the settings on dial up recomendations pleas im new to xp and nortion personal fire wall
     
  2. FanJ

    FanJ Guest

    Hi Blaze,

    I hope someone will come by to help you here.
    In the meanwhile, could you post the version,
    like NPF 2000 or 2001 or 2002 or 2003
     
  3. FanJ

    FanJ Guest

    Some really nice, very useful and free utilities for AtGuard/NIS/NPF (but NOT for the versions 2003 of NIS/NPF).
    Everyone that will try to help you, might probably ask you for some info from these utilities!

    From Albert:

    http://www.capimonitor.nl/index.htm

    Go to AtGuard & NIS.

    Download and install "Rules Viewer" and "AtGuard NIS Settings".


    From Sven:

    http://home.debitel.net/user/svenschaef/logview/

    Download and install "NIS LogViewer".
     
  4. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    norton personal firewall 2002 :D
     
  5. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hopefully you followed FanJ's advise and got the utilities mentioned. They will work with 2002 and make life with NIS/NPF alot easier.

    The default rules will usually be enough to get you going, but can be improved upon. Is there anything in particular you were wanting clarification on?

    CrazyM
     
  6. FanJ

    FanJ Guest

    Hi Blaze,

    You might have a look at AGNIS:

    http://www.staff.uiuc.edu/~ehowes/resource.htm#AGNIS

    It's a free add-on for AtGuard/NIS/NPF from Eric Howes (the man who also makes IE-SPYAD).

    I suppose in Brenda's NPF2002 the ad-blocking feature is enabled.......

    Well, Agnis contains a longer list of sites than the one which you get by default from Symantec for NPF.
    Every time Eric Howes comes with a new version of IE-SPYAD, he gives also a new version of Agnis.
    While IE-SPYAD places all those sites in the list in the Restricted Zone of Internet Explorer (and then all those sites have to follow the policy that you have set up for the Restricted Zone), Agnis will simply block connections to all those sites in case an advertisement would like to phone home.

    Have a look at that site and read the Read-me.
     
  7. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    will i was thinking of the act as a sever part like zapro has does notion have simmilar case all i see is permit all and automatic?

    i want aol to have acess but i dont want it to act as a sever how does this work in nortion or is zap the only one with that option
     
  8. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    With ZAPro you have two options for act as a server, Local and Internet.
    Some programs may require act as a server for Local (localhost 127.0.0.1 - your system) for which you would you use the local zone/trusted sites in ZA. Unless you are running an actual server (Web, Mail, etc.) none should require acting as a server for the Internet.

    With NIS/NPF programs requiring Local server rights (localhost) are covered off by the default loopback rule which allows your system/programs to do this. You do not need to make any rules for this. NIS/NPF/NAV make extensive use of the default loopback rule. To allow a program to act as a server for the Internet would require a specific rule allowing that type of inbound traffic.

    If you have created a rule(s) (automatic or custom) for AOL allowing only outbound connections you are fine.

    Example of my Trillian rule for AIM:

    Rule XX Tillian Instant Messaging - AIM
    Category: General
    Rule in use: YES
    Logging: NO
    Protocol: TCP
    Action: Permit
    Direction: Outbound
    Application: (trillian.exe)
    ..........Path: c:\program files\trillian\trillian.exe
    ..........SHA1: ad 67 80 f0 ae 76 14 bf f6 2c 27 fc 5e cf 5f ad 50 f0 1a 4a
    ........Access: Custom
    Local service: (1024 - 5000)
    ..Range Begin: 1024
    .....Range End: 5000
    Local Address: Any Address
    Remote Service:
    ..........Port: 5190
    Remote Address: Any Address

    This allows outbound for IM chat only. If you let NIS/NPF automatically create rules for AIM, you will likey have several in your rule set. You can always review/customize these rules and delete those you will not require.

    I would recommend disabling automatic rule creation (found under Personal Firewall > Internet Access Control > Configure).

    If you leave this enabled NIS/NPF will automatically create rules for applications without your knowing if it has auto config files for the application.

    You are better off to disable it, then when the rules assistant/wizard pops up for a new application, you can still allow NIS/NPF to automatically create a rule(s) for you, just select NO when it prompts you to allow automatic rule creation again. You can always go into Internet Access Control and customize the automatic rules afterwards to suit your specific needs. One of the nice things about a rule based firewall is the ability to customize your rule set to meet your specific requirements/needs.

    Hope this helps. Be sure to let us know if you have any further questions about customizing your rule set.

    CrazyM
     
  9. FanJ

    FanJ Guest

    Hi Blaze,

    I saw that CrazyM posted some better answer, so I deleted some of mine.

    Utilities that could help you here, are Rules Viewer and Log Viewer (I mentioned them earlier in this thread).

    With Log Viewer you can get a good overview over the connections that an application has made:
    From which ports at your PC,
    To which url (remote address),
    And at which remote port at that remote address.

    Have a look at this screenshot for an example:
    http://home.debitel.net/user/svenschaef/logview/images/lvmain.gif


    With Rules Viewer you can see all the rules.
    Rules are processed by NPF from top to bottom.
    As soon as a rule could be followed by NPF for a certain connection, no other rules beneath it will be looked at by NPF. That’s why it is important to have the right order (sequence) for the rules.

    Install Rule Viewer and read it’s read-me.
    Rules Viewer gives you the possibility to make a text file with all your rules.
    If you like, you could copy them and post them here.
    But it might be a much and much too big list!
    So we have to think about that.

    Here is a very short example of how such a list of rules might look like:


    Example Rules:
    ------------------------------------------------------
    Rule 2 Default Inbound ICMP
    Rule in use: YES
    Logging: NO
    Protocol: ICMP
    Action: Permit
    Direction: Inbound
    Application: -
    Local Service:
    ..........Type: 3
    ..........Type: 0
    ..........Type: 11
    Local Address: Any Address
    Remote service: Any Service
    Remote Address: Any Address
    ------------------------------------------------------
    Rule 4 Default Inbound DNS
    Rule in use: YES
    Logging: NO
    Protocol: UDP
    Action: Permit
    Direction: Inbound
    Application: Any Application
    Local service: Any Service
    Local Address: Any Address
    Remote Service: (domain)
    ..........Port: 53
    Remote Address: Any Address
     
  10. FanJ

    FanJ Guest

    Blaze,

    See these 4 great threads by CrazyM for general guidelines for rules:

    http://www.wilderssecurity.com/showthread.php?t=4413

    http://www.wilderssecurity.com/showthread.php?t=4419

    http://www.wilderssecurity.com/showthread.php?t=4423

    http://www.wilderssecurity.com/showthread.php?t=4426
     
  11. Graystoke

    Graystoke Guest

    Hi. Thought I would ask this since it is a thread about rules in NPF. I'm trying out NPF 2003. I use Ad-Subtract Pro. Win98SE.

    I ran a Port 4444 scan for Ad-Subtract Pro at PC Flank to see if it was stealth. It was Open. How do I get Port 4444 stealth using NPF 2003?

    I am a novice when it comes to rules based firewalls. NPF is set at default settings.
     
  12. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    No harm in starting your own thread for your particular issue to keep things from getting confusing.

    You could start your own post and include the details for you existing rule in NIS for Ad-Substract Pro as we will need that info to help determine what is going on.

    Regards

    CrazyM
     
Loading...
Thread Status:
Not open for further replies.