Applications and internet filtering

Discussion in 'LnS English Forum' started by ToMMY2ooo, Dec 23, 2003.

Thread Status:
Not open for further replies.
  1. ToMMY2ooo

    ToMMY2ooo Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    21
    Location:
    UK
    I think the way rules are activated when an app connects to the net need altering. A rule that activates based on an application connection allows other programs to use that rule.

    Surely when you set an application in a rule then the rule should not be able to be used by another program to access the net.

    Any comments?

    Cheers,
    Tom
     
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey Tom

    Yea like Services capabilities this too been addressed quite some time ago, it’s not actually the method used being the problem its how its not coded that’s being the problem…

    I believe it should be coded to prevent leaks to/from other Applications which isn’t specified in the list. :mad:
     
  3. ToMMY2ooo

    ToMMY2ooo Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    21
    Location:
    UK
    I can see that what Im asking for might be tough to implement, but still it would be a very worthwhile investment.

    Cheers,
    Tom
     
  4. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi Tom,
    Initially this was implemented in 2.04 to automate the cases where the user had to manually activated/deactivate a rule when an application was started/stopped (typical case are NetMeeting and Irc Client). The purpose was not to restrict the use of a rule to a dedicated application.

    For a TCP server port (Identd for an Irc Client for instance) you can only have one application opening/listening that port at a time. So for these cases, the activation of a rule based on the connection of an application should be still useful.

    Now with the 2.05b1 if you want to restrict an application to use some ports only, you can do that directly in the Application Filtering.

    Frederic
     
  5. ToMMY2ooo

    ToMMY2ooo Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    21
    Location:
    UK
    Hi Frederic,

    This solution does work but I think it would be a nicer solution to use the filter rule to specify what access the application has to the internet instead of the way that 2.05b1 is implemented.

    Are there any plans to take LnS in this direction?

    Cheers,
    Tom
     
  6. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    The way I like to see this go are Application Filtering rules being handled within Look ‘n’ Stop Internet Filtering screen with basically same functionalities such as rule Export/Import; I think this would really benefit Look ‘n’ Stop a great deal, and draw many more users to Look ‘n’ Stop product. And with such style would be more efficient for myself to make Importable Application Filtering rules for the public and for the customers to easily import the Application Filtering rules…
     
  7. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    I don't understand the difference. In the 2.05b1, you can consider the IP/Port dialog box as a rule for the application, and so you can specify what access the application has to internet.

    Could you give some details of what you are thinking ?

    Thanks,

    Frederic
     
  8. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Yes perhaps we will add something like that in the future.
    We need to stabilize the way it is implemented first.

    For ports, Ok, I understand that some rules could be exported/imported, what about the IP address that are specific, and how to match the application between an imported rule and Look 'n' Stop internals, pathnames will be different between users.

    Frederic
     
  9. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey Frederic

    What about a comparison by filename only, excluding the file-path when dealing with Application Filtering rules?
     
  10. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Retrieving Application Filtering Layer informatics of Trusted Applications, Application Filtering rules does comparison by filename look-ups only, and if file-name founds turns up 0 or with Non-Trusted Application then the rule cannot be activated.
     
  11. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    For Exporting I believe everything specified like ports and IP Informatics and so forth should also be exported along with.

    Other goals we should set are;

    - No limits on how many Application filtering rules can be set for a specific Application
    - Tying IP to port
    - Controls for both source IP/ports & destination IP/ports.
    - Controls for Local Activities
     
  12. ToMMY2ooo

    ToMMY2ooo Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    21
    Location:
    UK
    My idea is the same as Phantom's.

    I have moved from Kerio Personal Firewall, which had an excellent method of applying rules to applications. All rules were held in a single place. The only downfall with Kerio was the lack of functionallity, this is where LnS really sits ahead.

    If you could tie all the rule setting together in a similar way to Kerio (and perhaps many other Personal Firewalls) LnS would truely be the best personal firewall going. You might want to look at making it a system service also, to make it a little more secure.

    Cheers,
    Tom
     
  13. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
  14. dukebluedevil

    dukebluedevil Registered Member

    Joined:
    Sep 14, 2002
    Posts:
    177

    Having used Kerio firewall v2 for a couple of years now myself, I understand what your saying Tom & completely agree with what you and Phantom have said above. Now if only Frederic can put it all together (fingers crossed). :)
     
  15. ToMMY2ooo

    ToMMY2ooo Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    21
    Location:
    UK
    Crossing my fingers as I type :)

    Cheers,
    Tom
     
  16. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Thanks dukebluedevil

    Much appreciated, as you may have noticed Frederic needs us to “stabilize the way it is implemented first”, meaning your Feedback and others Feedback is very crucial.

    And for rest of you on here with Look ‘n’ Stop, if you have any interests in Application Filtering Layer enhancements you should come forth and post even if it’s to say I agree. ;)
     
  17. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi,

    I think there are two discussions there.

    One is about ports and IP selection improvements in the Application Filtering.
    Another one is about the two levels of filtering, and a way to have only one set of rules.

    For the 1st one, Phant0m just answer with the previous post.

    For the 2nd one, Look 'n' Stop has really two different levels of protection that are independant: TDI and NDIS.
    The NDIS has no notion application, it has to be considered as a Packet Filter like an hardware firewall.

    So having the two levels of protections and the flexibility of configuring each separatly is, for us, a plus.
    However, if some configuration can become easier we will look at it.

    Regards,

    Frederic
     
Thread Status:
Not open for further replies.