Does it mean I don’t need SvcHost Table ?

Discussion in 'other firewalls' started by Mido, Oct 18, 2007.

Thread Status:
Not open for further replies.
  1. Mido

    Mido Registered Member

    Joined:
    Oct 17, 2007
    Posts:
    46
    Group,

    After checked many post, I build this System application Table.

    Does it mean I don’t need to create a SvcHost Table?

    About System.exe, the only time I saw service in Ask User Table on 68, 67 Port, it was when in property of Network cable connexion, the NetBios TCP/IP was active.
    Is it preferable to let this NetBios active?

    I will show you the application, system applications and System Internet Zone Tables.

    If somebody could comment these 3 Tables, and let me know if I need to change something.

    In the same time explain the role of each 3 Table.

    By the way, the log of Jetico is not really visible, is there something to do for fix it.

    Windows xp Sp2 Home edition, Cable Connexion, no router.


    SYSTEM APPLICATIONS >>>>>>> in SvcHost Local port is 1024:4999 <<<<<<<<<
    System application 1-2.JPG
    System application 2-2.JPG

    APPLICATION TABLE
    Application Tab.JPG

    SYSTEM INTERNET ZONE
    System Internet Zone 3g.GIF

    Thank.
     
    Last edited: Oct 18, 2007
  2. wat0114

    wat0114 Guest

    It looks like you have similar/same rules for svchost spread out over several areas. You don't need to do that. You really should only have one set of svchost rules set up in a table under Network applications only. This is probably easiest because then you just point svchost to that table using the "Use template" option. To enable logging for your rules you have to select your choice when editing rules under "log level", usually: info, warning or alert. There are other choices too.
     
  3. Mido

    Mido Registered Member

    Joined:
    Oct 17, 2007
    Posts:
    46
    Thank wat0114,

    When you say
    "You really should only have one set of svchost rules set up in a table under Network applications only."

    My English is so so.

    Is it mean, I should create a Table under "Ask User Table" for SvcHost.
    Then remove/drag they rules I created/add for SvcHost in System Applications.

    What do mean by (using the "Use template" option)?

    I have already tried "log level" on info and the Log file was not more usable, I will try to play again with these option.

    Thank.
     
  4. wat0114

    wat0114 Guest

    Youre english is fine, Mido :) What is tough is that you are using version 1 while I'm using 2. Still, if we can bounce ideas off one-another, we can both maybe head in the right direction with our firewalls. My 3 screenshots simply illustrate what I have done to organize my "Web Browser" applications. it is not necessarily the best way to do things, since I am still in learning mode with Jetico.

    1. The "Group" of applications is created.

    2. That group is placed in "Network Activity" and directed to my "Web Browser" table (template) ruleset.

    3. the third ss shows all the rules in that Web Browser ruleset that will apply to that group. Notice also the "DNS Client" table which has become a sub-table of the Web Browser table because I have its template rule created within the Web Browser table.

    I still have lots of work to do to figure things out and get everything organized as efficiently as possible, but I hope to have the right idea ;)

    *EDIT* sorry, please view the screenshots from bottom to top to middle.
     

    Attached Files:

  5. Mido

    Mido Registered Member

    Joined:
    Oct 17, 2007
    Posts:
    46
    wat0114,

    A Web walk is certainly more secure like that.
    And I suppose it could use with Mail client and other outside
    communication.

    I will try the Jetico v2.
    Perhaps better then the v1 and more documents.



    Thank for this!
     
  6. wat0114

    wat0114 Guest

    Hi Mido,

    I don't know how secure my rules are. I figure they're decent, at least, but I'm always open to suggestions from others. I'm also constantly fine-tuning them. My mail client uses a different rules table with the rules in it specifically setup for only the mail servers' POP3/SMTP ip addresses and ports (110/25).

    Please do keep in mind that Jetico 2 is trialware. Version 1 is free and is actually an excellent firewall in its own right, as long as it is set up properly.

    Jetico really does make the user think hard about what they need to do to get it set up properly.
     
  7. Mido

    Mido Registered Member

    Joined:
    Oct 17, 2007
    Posts:
    46
    Hi wat0114,

    I tried Jetico 2 but it was very unstable.

    I have reinstalled ver1.

    I have remark something stange?

    The Block Port and System applications Tables are not suppose to be before Ask User.

    Into the "Application Table" I have : (in order)
    1) Application Blocked zone
    2) Application Trusted zone
    few rules...
    3) Block Ports ----> I put all they block port 135, 137-139, 445, 500...
    4) System applications
    5) Ask User
    6) continue

    But in the fact, in the left column, "Ask User" happen before "Block Ports" and System application.

    Why?

    Thank.
     
    Last edited: Oct 19, 2007
  8. wat0114

    wat0114 Guest

    Hi Mido,

    it could be the placement of one or more of your block rules or you have not included an important process in your Indirect access group - maybe explorer.exe. I have the majority of my block rules in the Network/IP table. See screenshots. Jetico is very unforgiving if even one critical rule is wrong or situated incorrectly. Do keep in mind that if you inadvertantly block even one required process/application in the Indirect access group, you will effectively block all Internet access.

    Maybe try starting out with the default "Optimal protection" policy and work from there. BTW, what exactly was the stability issue? For some issues with J2, see: To resolve slow shutdown_startup issues on how to pin-point the problem. Usually something is blocked that should not be.

    Also, it is easier to see what is wrong if you can include screenshots of your rules.
     

    Attached Files:

    Last edited by a moderator: Oct 19, 2007
  9. Mido

    Mido Registered Member

    Joined:
    Oct 17, 2007
    Posts:
    46
    I'll put some Table.

    As far I remember. I Almost sure, It always be like that, even if I Reload or Reinstall Jetico.
    The Ask User Table will happen before System Application.

    OK, In Application Table the first blue arrow in bottom is the Block Port Table I created with all Block Port from "Attachment 194316" of my first post.

    In System application, I take all they SvcHost rules from "access network" till bottom and put it in WindowsUpdate Table (can see these original rules in first post)

    I had Explorer.exe in "Ask User" and "System application" I clean off explorer.exe from Ask user.


    Application Table
    Application Table.jpg

    System application
    System application.jpg

    System IP Table
    System IP TAble.JPG

    System Internet
    System Internet.JPG

    Thank.
     
    Last edited: Oct 20, 2007
  10. wat0114

    wat0114 Guest

    Mido,

    something is wrong with your "name server" rules. The red exclamation mark [!] means there is an error with the rule. In some cases, the error is not a problem just as is the case with my Trusted zone and Blocked zone rules because I did not bother setting those up. But with your DNS connections, it is important you fix those up, otherwise you will get a loss of Internet connection. Check the name server ip addresses under the "Group" tab and make sure they are right. I will be busy until late this afternoon. Good luck!
     
  11. Mido

    Mido Registered Member

    Joined:
    Oct 17, 2007
    Posts:
    46
    Wat114,

    Is it a good think to put all of these address into Trust Zone for optimize the WindowsUpdate.


    72.246.0.0/15 Akamai technologie
    209.170.113.0 - 209.170.113.255 "
    209.170.64.0 - 209.170.127.255 "
    209.170.64.0 - 209.170.67.255 "

    207.46.0.0/16 Microsoft
    65.52.0.0/14 "
    64.4.0.0/18 MS Hotmail

    204.160.0.0/14 Level 3 com
    8.0.0.0/8 " "
    199.92.0.0/14 " "
    192.221.0.0/16 " "
    206.32.0.0/14 " "

    80.0.0.0/8 RIPE
    195.0.0.0/8 RIPE
    212.0.0.0/8 "
    82.0.0.0/8 "
    85.0.0.0/8 "
    89.0.0.0/8 "
    193.0.0.0/8 "

    208.174.0.0/16 SAVVIS
    208.175.0.0/17 "
    208.175.160.0/19 "
    208.175.192.0/19 "

    207.138.0.0/16 Global Crossing (GBLX)

    124.0.0.0/8 APNIC

    240.0.0.0 IANA

    And other ones as IANA... are still reject by Jetico during this text writing.

    Should I autorize all of them anytime?


    Thank.
     
  12. wat0114

    wat0114 Guest

    I would probably create a M$ update server "group" of ip addresses. However, it is infuriating attempting this with their update server ips because there are so many of them for both ports 80 & 443. Still, it is better than simply allowing svchost unrestrricted access to those ports.

    Before anything else, I would advise you fix the name server rules. Also check out the Jetico driving me crazy thread from a while back. In particular, check out the posts from Moderator/Security expert Stem. He knows Jetico 1 inside-out :)
     
  13. Mido

    Mido Registered Member

    Joined:
    Oct 17, 2007
    Posts:
    46
    Wat0114,

    OK for conclude.

    I have fixed name server by they IP of my internet provider.

    Is it good to let access internet svchost port 80-443 always, even if it's not for Windows update?


    Thank.
     
  14. wat0114

    wat0114 Guest

    Good news :)

    Generally speaking, no. Still, it is tough with MS update servers because of all thos ip addresses. You could probably create that rule to those ports with unrestricted remote addresses and simply keep it disabled, only enabling it when you need to check for/download updates.
     
Loading...
Thread Status:
Not open for further replies.