Comodo Firewall - Can this setup work?

Discussion in 'other firewalls' started by dja2k, Oct 10, 2006.

Thread Status:
Not open for further replies.
  1. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    I am running a security setup for a friend whom is on a tight budget.
    I figured this setup out for him with only the minimum spending using Comodo Firewall:

    FREE

    Antivir Personal Classic
    Comodo Firewall
    Prevx1 "R"
    System Safety Monitor
    Spyware Terminator
    Hostsman (MVPS)
    CCleaner

    FREE ON DEMAND\PASSIVE

    Spyware Blaster (Immunized)
    Spybot S & D (Immunized)
    Harden-It

    PAID

    Raxco FD-ISR

    What do you think, good enough setup? Haven't been familiar with Comodo Firewall, but everyone seems to be using it around here and its free. Don't know how to configure Comodo though, any advice?

    dja2k
     
  2. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
  3. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Well that is the point of me listing them so that others can post if they have found incompatibility to be forewarned. ;)

    By the way, that link shows the basics, I need advanced like the other options that are in Comodo's advanced options. Its okay, I have asked over at the Comodo forum already.

    dja2k
     
    Last edited: Oct 10, 2006
  4. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    I am sure that you have prior experience with software to know that pitfall. ;) But there are oft too many times when something goes bump in the night and all of a sudden things stop working.

    There are many users of Comodo (I am not one of them) on this forum. I am sure they will be able to provide more information on the other options and settings regarding the firewall. Sorry that my post was superfluous.
     
  5. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    iirc, prevx1 "r" isnt available for download anymore, and two HIPS isnt necessary either. other than that, setup looks good.
     
  6. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Like others have said, prevx1 is considered CIPS not HIPS, but besides the point.

    Okay then drop Prevx1 and SSM, he has Ghost Security Suite (licensed AD and RD) already, and that should be enough. I would encourage him to buy Online Armor in the future when he has more money though. For now, I am setting it up and making a snapshot with FD-ISR so he won't screw up his system without having an immediate restore point I just hope he follows safe surfing since he doesn't have a web scanner.

    I will setup Comodo firewall the best that I can since I am not truly familiar with its advanced options. Hey WSFuser, I remember you turned off some options in Comodo when you used it, which ones were they and why?

    dja2k
     
    Last edited: Oct 10, 2006
  7. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Hold it. I see ghost Security Suite there. I'm not familiar with it, and if the suite has no firewall in it, never mind. But if it does, don't install another one as well. Two firewalls on the same pc won't live together. OThat aside, I installed Comodo and it runs automatic with only a few adjustments I made in the first half hour. It's the best. Don't repeat this, but I'd pay for it.:D
     
  8. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    i turned of the "HIPS" part of Comodo, aka Application Behavior Analysis. my reason being i only like having one HIPS/CIPS.

    also i left Component Monitor in learning mode. i enabled it once, but i didnt feel like answering pop-ups.
     
  9. Seishin

    Seishin Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    204

    Let me add to the list:

    Open a Limited Account to access the Internet
    Install a NAT router
     
  10. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041
    FREE
    Antivir Personal Classic
    Comodo Firewall
    CCleaner & Cleanup!
    Geswall or dropmyrights for internet apps
    Cyberhawk


    FREE ON DEMAND\PASSIVE
    Spybot S & D (Immunized)
    Ewido or A^2

    PAID
    Acronis True Image 7.0 now free:
    http://www.acronis.com/mag/vnu-ati7

    How experienced is this user?

    I would look at Geswall or Cyberhawk and a anti malware scanner - on demand scanner is often free. Running with limited priv is a good suggestion GeSwall makes this fairly painless or dropmyrights - I prefer Defensewall but that is not free.

    TI 8 and Paragon Drive Backup have been on magazine cover disks in the uk - TI7 and look in the newsagent
     
  11. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Not to sure about adding Geswall nor Cyberhawk. I personally don't like them and they sometimes crash, cause slowdowns, and\or cause BSOD errors with what I have read. I am not to familiar with Cyberhawk nor is he. Don't want that for him because I will not hear the last of it. Maybe add Geswall next built, bur for now let me add sandboxie. Also the rest of your opinions are great. I will think it further.

    Gesc why did you remove harden-it and a host file. Those won't mess around with anything, but further give an extra layer of protection.

    dja2k
     
    Last edited: Oct 11, 2006
  12. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    FREE
    Antivir Personal Classic
    Comodo Firewall
    CCleaner & Cleanup!
    Ghost Security Suite (AD & RD)
    Spyware Terminator (No HIPS)

    FREE ON DEMAND\PASSIVE
    Spybot S & D (Immunized)
    Spyware Blaster (Immunized)
    Ewido Micro Scanner
    A-Squared
    Harden-it
    MVPS Host File (Hostsman)
    Acronis True Image 7.0
    Sandboxie
    *ALL OTHER HARDENING

    PAID
    Nat Router

    dja2k
     
  13. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    It just came to my understanding by surfing around for answers that Comodo Firewall is not safe for p2p. Can anyone confirm this?

    dja2k
     
  14. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    I use Azureus (bittorent) without problems. I think, that my Aplication & Network rules are safe.
     
  15. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    Can you post links to what you read?

    Loads of info and you can ask questions directly here...

    http://forums.comodo.com/index.php?board=50.0
     
  16. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Dammit can't find the link though it was around here. It was someone saying something that Comodo isn't for p2p something about server rules or something. Can't comment more as I don't want to post false information.

    dja2k
     
  17. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Forgive me for asking, but where did you learn how to do those rules for your network monitor? Isn't your rule #4 and #7 duplicating ports since some of those in rule #4 are allowed in rule #7 with 1024-65535?

    dja2k
     
    Last edited: Oct 12, 2006
  18. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    I set Alert Frequency to High and then I have altered created rules.
    Comodo's FAQ helped me to find out, how to set up Network Monitor.
     
  19. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Shouldn't your UDP and TCP in for p2p on your network tab be set to your IP address under destination?

    dja2k
     
    Last edited: Oct 12, 2006
  20. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Anyways this is what I got so far for utorrent though I don't know how to setup the network rules.
     

    Attached Files:

  21. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    I think, that you need to Allow in Network Monitor: TCP/UDP In Where the Destination Port is 52634.

    Destination is meant to be the internet (look at the Activity - Connections) and the Source is the PC.
    When I set up DNS servers as the Source IP and the Destination IP was set to Any, DNS was blocked:
    Code:
    Date/Time: 2006-10-12 10:26:53
    Severity: Medium
    Reporter: Network Monitor
    Description: Outbound Policy Violation (Access Denied, IP = DNS Server IP, Port = dns(53))
    Protocol: UDP Outgoing
    Source: my IP:2495 (note, that the local port is not 53)
    Destination: DNS Server IP:dns(53)
    Reason: Network Control Rule ID = 8
    To be honest, this destination vs source was confusing to me too when I switched from Outpost Pro.
     
    Last edited: Oct 12, 2006
  22. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Yeah I have that so far in the network rules letting my specific port inbound for TCP and UDP, but what I am confused about is how you got the rest of the rules on the top. I think what they mean by destination and source is your actual IP, which in my case is the static IP i have setup in windows because I am behind a router.

    How did you go by replacing the default allow TCP\UDP OUT with the ones shown here? What is the difference between #1 and #2?



    dja2k
     

    Attached Files:

    Last edited: Oct 12, 2006
  23. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    You are right, when you have a router, you have to set up trusted zone.
    TCP/UDP Out is fine, I added ports 1024 and up, just to make it a little tighter.
    So I could set up eg. DNS rules (IP and port 53), which is bellow the port 1024.
    There are some people, who use ports like 0 or 80 on p2p, I prefer to ban them.

    #0 is for my first internet, which has different DNS Servers than my second net #1 & #2.
    I did not show it, because I use the first internet and I do not want some hacker to block it.
     
  24. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    So let me get this straight.

    First rule is this,

    UDP OUT - SOURCE ANY - DESTINATION IP+SUBNET IP - PORT 53

    Second rule is this,

    UDP OUT - SOURCE ANY - DESTINATION DNS (ROUTER IP) - PORT 53

    Third rule is this,

    UDP OUT - SOURCE ANY - DESTINATION SUBNET IP - PORT 67

    Forth rule is this,

    TCP OUT - SOURCE ANY - DESTINATION ANY - PORTS (Custom Defined)


    I have internet access with this setup, can't be sure if thats what you have since I can't see the whole thing in the picture, but maybe you can correct me if I am wrong. Also, can you share all your TCP out ports, I can't see them all or better yet, how did you come upon those? By the way, thanks for keeping up with me, I appreciate all your help and when you feel that you have helped enough, just let me know.

    dja2k
     
  25. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Netbios in Comodo?

    What direction does netbios use, inbound or outbound and also is it tcp or udp for ports 137-139? I need to block this in the network rules because it seems system is listening on this ports by default.

    dja2k
     
Loading...
Thread Status:
Not open for further replies.