Kerio Predefined Network Settings

I am trying out the Kerio firewall. There is a section where you can predefine network security rules (see pic). Right now I have set all rules to their default settings. Please note that some of these the default Internet setting is "Permit". I have tried setting all of them to "Deny", and have not noticed any connectivity problems, but maybe I'm missing something.

My question is - does anyone see any reason to allow the ones currently set to "Allow"? Are there any practical security risks by keeping any of them set to "Allow"?

P.S. I speak above of "Internet" network settings. I am not concerned with keeping any of the "Trusted" network settings to "Allow"

 

You will need to leave the DHCP and DNS outbound allowed to the internet for proper functioning of things. ICMP out (ping) might also occasionally be needed too. There's no harm in allowing any of these. The other two at the bottom (Virtual Private Network and Broadcasts) I don't know about and don't use myself. If I were you, I'd just leave the defaults as is. If you want to tighten up your DNS rules so that DNS is only allowed out to your specific ISP's DNS servers, then you can create custom rules for that, specifying the DNS servers you want to premit. Alternately, and this is the nice thing about Kerio 4, you can disable the Predefined Rules altogether, and make your own in the Packet Filter section, as tight as you want them. You can even import BZ's Kerio 2 rules into it and revise as needed. Takes more work than the Predefined route, but then you get more control over things too.

 

Understood. Thanks, Kerodo. I'm going to do a search on BZ's Kerio rules and check them out...

 

Sorry, I should have posted a link for you. Here it is:

http://www.dslreports.com/forum/remark,8023708

Best to read thru the entire thread..

 

Kerodo hit it.... If you want to stay with the predefined settings and no rules you can always put the DNS servers into the trusted area and deny DNS to the Internet.

Other than that, I disabled VPN and Broadcast to Internet.

 

Thanks, Mem. I have since joined the BB that Kerodo suggested. Lots of good stuff there...

 

Could I inject a question about the terminology here?

I don't have Kerio 2 yet, but am considering it, so I'd like to know what is meant by broadcasts? Thanks.


-HandsOff

 

A broadcast, a normal part of network operation, is a data packet that is destined for multiple hosts - such as IP networks use broadcasts to resolve network addresses using Address Resolution Protocol (ARP). While the following link is in regards to broadcast flooding it does give a definition of broadcasts (and multicasts) in the first section.

http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs006.htm

I should add that my setup is used on a PC on a local LAN (behind a router).

 

Thanks, Mem, for the detailed information!

I'm probably still a bit short of understanding this. Firewalls, to me, are the most incomprehensible of all security programs. Probably because almost all my computing (until recently) has been on a computer, with me as the only user, and a direct connection to the internet.

I'm hung up by the term "hosts" in your definition, and don't understand if you said that you were behind a router...how that changes the situation as for as broadcasts are concerned. Does that mean the router is the "host", so it handles the broadcast, so that that the software firewall (Kerio) never deals with this issue?

I always thought a host, or a server was a computer that respondes to high volumes of requests for files...but looking at the definition it almost sounds like any computer that connects the to internet is a host / server.

I realize that it probably isn't necessary for me to get into this details, but who knows, maybe somewhere down the line it will all come together.

Anyways, thanks for the info!

- HandsOff