FireWall Functions, Pros and Cons

Hello there

You will use logs for that. When you start an application it willl get blocked (or allowed, depending on your answer to the prompt) and registered in the logs with the IP and port values. You can then easily revert the log entry to create appropriate rule. The best way to gain some knowledge on the occuring traffic is to set fw to log all rules. Port Explorer was a nice learning tool to inspect the traffic and the current connections. I don't know what happened to DiamondCS, Port Explorer was not a freeware, but I can still see the demo download link. Not sure about the purchase, though...

Cheers...

 

Hi BuzzStone:

Just a clarification. The thread I started doesn't ask for pro's and con's of specific FW's!!!! This is a different thread than many which pit one tool versus another.

It does ask for pro's and con's and rationale for FUNCTIONS of FW's!!!

Raises the discussion to another level, and has for me become a learning thread!

 

Hello,

I believe the firewalls are meant to filter traffic. Nothing more. Anything else is perks. I prefer a firewall that can handle 800 simultaneous connections with just a few CPU cycles and little memory footprint than some leaktest giant that dies after 10 min of P2P.

Let firewall handle traffic. Other things, including user, should monitor programs and execution. A person cannot examine each packet but he sure can examine the few programs running here and there.

Mrk

 

Hey Mrk:

Just to lighten the tone a bit ( these days we need it)

I want you to send me the products from your signature so I can trial them!

NIS 2008, IE 8 with Anti-Linux BHO, Vista DRM SP3 + more sweet corporate stuff

I'm particularly interested in the antilinux BHO!

 

Hello Posters:

I have not abandoned this thread!

What I am doing is learning more about FW settings and functions with Stem and other posters over in:

https://www.wilderssecurity.com/showthread.php?t=172579

Have look, if you can/want contribute there!

When I fall out the bottom of that learning thread my plan is to return here and finish it up,

 

Here is a post, that bears on this thread! If new users just allow every block to be accepted then over time it reders the Software FW useless.

This includes putting the router itself in the trusted zone on setting up the FW. Don't do it! Put it in Internet zone.

 

That holds true for any security app that prompts the user for a decision. With a firewall, when a user allows both inbound and outbound traffic without specifying any limitations as to protocol, IP address, etc, for all purposes that app is not protected or controlled anymore. Too many users resort to some form of "allow all" rule just to silence the firewall alerts. When rules like that get applied to system components, you might as well shut the firewall off. It's no longer doing anything.

There's a big difference between what an app or system file wants in regards to internet access, and what it actually needs to function.
Rick

 

Hello Herb:

Boy you got that right! (again!)

In the cases where users just allow and allow and allow in and out since they just want to shut the darn thing up it is really sad.

1. they have a false sense of security since they can say I've got FW product x
2. They don't take the time to learn what the blocks mean!
3. the vendor makes the messages unfriendly in the extreme
4. the vendor puts in soft rules at default time so the users won't just dump the product on day 1 just for being too chatty

So a pro for a FW would be strong defaults from day 1 but a learning mode period with extra help saying if you allow this or that these are the possible consequences for your PC we recommend this or that, with no hard accepts locked in during learning period. Just some rambling ideas I have probably make no sense or vendor advocates will rush in and we have that already or you don't need it (their tool doesn't have it)

 

Hello,
Firewall default: deny all. Simple.
Then, allow as needed.
Mrk

 

Wow! It's so simple a rule it must be right! I even understand it that;s why I like it

I agree with the principle and will use that in my thread on

"How to Optimize settings in ZA pro?"

When in doubt due to any number of foolish reasons, I will deny and see who/what complains and why!

 

It really is that simple, and not just with internet firewalls. That's the basis of a policy that will secure windows (default deny). Your system and user policies, the security apps you choose and how you configure them, even your browser settings and the configuration of script blockers, filters, etc, all these should enforce that policy. Most importantly, the users decisions should stick with that policy or the security-ware configurations mean nothing. The best security-ware means nothing if a user can't say NO.
Rick