Web Browsing Rules

Discussion in 'LnS English Forum' started by securityquest, Nov 15, 2005.

Thread Status:
Not open for further replies.
  1. I have questions regarding configuration of the web browser for
    access to the internet. It appears that the ruleset with LnS uses
    in/out access on port 80 for web.

    1
    Does allowing an app in/out access cause security (inbound) concerns?

    2.
    Should the web browser be allowed in/out (both) access to port 80 for
    surfing the internet, or is outbound access enough? It appears that
    allowing in/out access is like a server. Is this correct?
    Does LnS allow the requested connection to 'return' from it's
    destination, thereby not needing the inbound portion of the rule?
    My intent here is to understand whether or not I can use outbound only
    for port 80.

    3.
    Does the web browser require the DNS port/IP to be in 'Application
    Filtering', or can the browser function properly using the 'Internet
    Filtering' DNS rule?

    4. Is SVChost necessary for a more secure computer? If I block SVChost
    my PC appears to have no side effects, but i'm not certain that
    it's recommended block it. Does it provide more security for TCP/IP or
    anything else?
     
  2. manzz

    manzz Registered Member

    Joined:
    Oct 6, 2005
    Posts:
    55
    Hi
    I dont currently have LnS installed, but will try and answer your question as no one as jumped in yet.

    1/ Yes it can (You should not allow inbound connections unless absolutely necessary)

    2/ A browser for normal browsing does not require any inbound connections.
    (port 80 is the remote port it connects to)

    3/ The open DNS rule can be used.

    4/ Svchost requires net access (XP) or you will not gain internet access with your browser.
    (I know in a lot of firewalls it appears that you can block svchost, but if this was completely blocked you would be unable to connect (winXP)) Blocking this will not compromise your system. (I use W2K, Svchost has no access at all to the net, and have never had any problems)

    Hope this helps, and am sure others will jump in if anything is incorrect.

    Regards
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.