F-Secure IS Firewall

Discussion in 'other firewalls' started by JerryM, Feb 12, 2007.

Thread Status:
Not open for further replies.
  1. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    In checking FSIS firewall at Gibson's RC it showed all ports stealthed. The leak test, however, indicated no protection as if I had no firewall.
    The default setting was Normal. I changed it to strict, and it passed the leak test.

    I am surprised that the normal setting failed the leak test.o_O o_O

    Jerry
     
  2. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    When I tested this program, on the normal setting, it failed that test on one port, number 139. On Strict, it passed.
     
  3. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Thanks, Tony. I hope we see what others have experienced, although FSIS is not a widely used AV I don't think.

    Best,
    Jerry
     
  4. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    I just retested the probe at grc.com in case it was a fluke, but alas, no, port 139 still shows as closed as opposed to stealthed in Normal mode. It is stealthed at Strict though. I should also point out I'm not behind a router so it does locate my actual IP address at that site. Whether this makes any difference I dunno.
     

    Attached Files:

  5. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Hi Tony,
    I am behind a router, and it seems that the ping test is always "fail." I don't worry about it.
    I have never been convinced that there is anything wrong with a closed port. If it is closed, how would anything get through?

    Best,
    Jerry
     
  6. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    normal is secure,

    strict is lockdown :)

    if you think of it like that, it sounds better than "1 closed port"
     
  7. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    Closed is fine, but all the hype is that it should be stealthed. I know it's only one port, but even so grc still classes it as a fail.
     
  8. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello TonyW,

    Have you got netBIOS active?
     
  9. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    It should be off even at the Normal setting. I guess one can tweak the settings, but by default it should automatically disallow such things IMO. Other firewalls manage it. I'll check it later.
     
  10. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello TonyW,

    I am just downloading now, so I will install to check.
     
  11. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I find this firewall strange. (apart from the 2 hardware resets it as given (no BSOD, just full reset/restarts))

    First of all, the firewall is passing the shieldsup scans, all stealth on this setup.

    I can see a problem, when the DNS service is disabled, all apllications need to make thier own DNS lookups, but the firewall insists that an application should have server status (allow inbound connections) for the returned DNS lookups.
    When I enable the DNS service, there is no alert for internet access for svchost, and the DNS rule within the "services" section of the firewall are currently "not in use".

    EDIT:
    I have just had another hardware reset as I was attempting to check the windows services, so unfortunately I am now having to remove F-Secure.
     
    Last edited: Feb 12, 2007
  12. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    I have to agree about it being strange in the way it handles some things. I did have another look, and I couldn't see where to make sure NetBIOS wasn't active. It's not very clear in either the rules or services section of the program.

    It doesn't matter to me as this isn't my IS program. I just wanted to test it out.
     
  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi TonyW,
    I have set up on a VM.

    I do think there will be some confusion with the settings for this firewall.
    There are rules included for netBIOS, but these are to allow inbound from the local network, and become active when the firewall policy is set to "Strict". This may not at first seem a problem, but for the many users who are on untrusted LANs this is a major problem. What makes it worse, is the fact that in the firewall rules, these allowed comms are not shown, there is a need to check the "Services" tab for all active rules.
     

    Attached Files:

    • IS.JPG
      IS.JPG
      File size:
      96.9 KB
      Views:
      314
Loading...
Thread Status:
Not open for further replies.