Help Me in knowing about FIREWALLS

Discussion in 'other firewalls' started by subratam, Nov 16, 2003.

Thread Status:
Not open for further replies.
  1. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    i hav Tiny personal firewall 2.0.15A i hav downloaded kerio 2x as was said by Blitz to remove the bugs... i hav already made some rules i need to kno if i do install the kerio exe will it import the rules... i am very concerned with that coz i hav a affected network with xploiting packets...
    i had ZA but as i had installed tiny 1st with the rules and as i was said to keep one firewall i uninstalled ZA
    plz anyone i need proper guidance on firewall i still can afford to buy ZA pro but hou can i b safe in the affected network and which is better to use as my Tiny also effectivele does its works...
     
  2. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Actually with your knowledge level ZA Pro would be a much better choice for you, and it would allow for some advanced configurations. That would be the only firewall you would need, and its application based so you would understand it better. You didn't understand what your rules did in Tiny 2x so you left yourself wide open.

    If you still want to continue with Kerio 2x at the moment, see your previous thread.
     
  3. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    Blitz i understand wat u r sayin... as u said that one firewall is better so i uninstalled the ZA.. and hav by nou downloaded Kerio installed it it all ran smooth :D and i chked the rules it xported frm Tiny.. all well nou...
    one thing its unregistered .. i am runnin it in home so will it still b the same after 30 days :doubt:
    i understand that ZA is better for me.. but dun u think kerio wud do good as u said its more effective than Tiny which i was runnin...
    one question i hav TDS when i chk the ports for trojan anything it says allrite
    i ran shields UP test it says normal ports like 23, 25, 443 , 80 etc are open rest are closed or stealth
    when i run my netstat -an it gives some other ports namely 135, 445, 1025, 1025, 1027, 1029, 1032, 44334(Kerio i got frm TDS port resolver)... can u throw some light on that
    the IP also thats being shown isnt my IP and the trace stops somewhr else too.. not comin at all my network...
    i think the server in my network is gettin all secured.. or is it?
    i hav Kerio nou .. i am gettin confused as u said me ZA is better.. and then Kerio has also got some bugs covered and i read
    "I use Kerio 2.15 as my software firewall (free) and it has a learning mode, so you won't have to create the rules yourself."-->Dollefie
    overall kerio is goin to keep me safe rite?
     
  4. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Kerio is free for personal use, and you did download 2.1.5 right?

    Now ZA is easier for beginners to understand, rule based firewalls like Tiny/Kerio are more for power users at least as they have to know what they need to permit. Its not which firewall is 'best', its which one is better for you. I don't personally suggest anyone starting out use a rule based frewall as they won't have a clue how to protect themselves, and can even make themselves more insecure by their own configurations. When it comes to rule based firewalls, its all in your custom configuration unless something outside your computer is doing things before they reach your computer. As your not even sure what your rules allow, an application based firewall would be better for you currently.

    You will have to create rules yourself, you can't just use the rule assistant all the time, and expect to be secure. You have to learn how to create, edit, and postition rules so they work better. The order of the rules is very important if its allowed, or blocked by a previous rule, no other rule will be applied to that packet.

    Now if you have a router, or another machine provides your internet connection might be responding to those packets.

    You will always have listeing ports, its a fact.

    Your imported Tiny 2x ruleset was full of holes to the point its not worth fixing, you still haven't told me how your entire network is setup so I will not help with your configuration at this time.

    I had told you to import a special ruleset from a thread I linked to you, but you didn't do that. So I'll leave you at this point, and if you decide to import that standard ruleset, then completely read/re-read that other thread I link to you, I can help you with that. However if you want to run with your old ruleset, or go over to ZA/ZA Pro that is up to you.
     
  5. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    i hav downloaded the Kerio 2X
    i agree that its rule based
    i hav been reading and reading the link u gave me and i have been making my own rules
    i hav downloaded the kerio2Xdefault and i will do the "load" nou
    i hav already made fixes like NetBios Block, Local Ports etc and i am still reading your posts
    its informative and i like this challenge to learn on ur own and more . i will succeed under ur guidance
    once i get thru all this i will post the rule logs once again
    and u inspect and say then again
    regarding my network its 172.16.X.X
    waitin
     
  6. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Well you havent stated how your entire network is setup yet so its harder to give you accurate information. Are you using a router, modem which acts like a router, or does another computer computer on your computer provide your internet connection?

    If you use a router, and it gives you a 172.16.x address with no other machines on your network you should be fine with the basic dhcp/dns rules secured. If you have another machine on the network, and don't use filesharing then your also fine.

    However if you do share files with another computer on the network you would have to use allow rules above the current blocking rules for netbios, and other blocking rules. Something like this:
    Lan Netbios
    both directions
    tcp/udp
    local ports: 137-139
    remote addy: lan ip address, or lan range(172.16.0.1 through 172.16.0.2 for example)
    remote ports: 137-139
    allow

    --This would go in the same area the other lan rules are in the ruleset you downloaded.--

    This is a lan bypass rule so all traffic across your lan would be unrestricted, so its your choice if you wan to use it. If one machine gets infected with something, it could spread it to your other machine on the lan if the worm/virii/trojan is network aware.
    Lan Bypass 172.16.x
    both directions
    tcp/udp
    local ports: any
    remote addy: lan ip address, or lan range
    remote ports: any
    allow


    Well since you have loaded that ruleset, read through the instructions, and if you have any specific questions ask them.
     
  7. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    i hav the LAN network with other computers thr too but i dun need file sharing with them. so i think i dun need the lan bypass rule..
    one thing to ask i hav put my NetBios Local ports rule etc
    reading your reviews and rule sets u had given. and regarding LAN rule wat wud b appropriate for me??
    i just need connection from server being 172.16.x.1 and i dun need file sharing with anyone not even server
    i am using stand alone PC and home user so i want the best possible configuration
     

    Attached Files:

  8. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    wat wud b the rule to b safe in my network .. ( wud it b network/range or mask??) as for the rule set i downloaded.... bout 172.16.0.0-172.32.255.255... i need some information bout that :)
     
  9. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    still thr anyone?? waitin .....anyone welcome plz
     
  10. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    blitz... welcome... i am waitin :doubt:
     
  11. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
  12. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    cool one again mate....
    dun wanna make u say "welcome" by sayin "thx".. ;)
     
  13. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    You could have a rule for either - range or subnet if you are behind a router and want to allow all traffic between systems on the LAN.

    If you provide the LAN IP's of your systems (including gateway) we could provide example rules.

    Edit: You mention in another post that your system is stand alone connected to cable. If you have no router in the mix or other systems at home connected, you would not need any LAN rules.

    Regards,

    CrazyM
     
  14. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    i am in a cable network whr i am also one subscriber gettin broadband internet service from the local cable server which inturn is connected to some ISP.
    i dun want anyone in the network i am havin to access my file or see anything
     
  15. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    From what you said it sounds like, a host computer on the lan provides your internet connection, and it acts just like a router, if it is not an actual router. So from my previous statement, if you don't use filesharing, or other services like filesharing across the lan no further configuration is needed.

    It sounds as you don't run this lan so if you need the range the lan uses ask the admin, 172.16-172.32 is a huge range to allow when its probably not more than 100 computers on the lan which might be 172.16.0.1-172.16.0.100, or something close to that range.

    You still don't understand how the rules work, you put the verisign rules below your applcation rules, they were put at the top to prevent applications from contacting those addresses. Just like I said before, the order if the rules is very important, and the first rule to apply to the packet will be the last rule to apply to the packet.

    Have patience, I would have to say most, if not all users on this board have jobs, or goto some kind of schooling on top of their personal activities. Just remember this is a user support board for the most part ;)
     
  16. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    i thank again for watever support i am gettin... i understood that verisign shud b at top.. when i saw ur rules when i read that and when i loaded ur default rules.. actually i did make the necessary arrangement soon after post ..
    blitz 1 thing to ask wats the green and red arrow sign in kerio traffic?
    as for lan rules u got it rite a host computer provides internet connection :)
    (blitz i like ur style... ;) )
     
  17. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    nou u get the clear picture.. i think
     

    Attached Files:

  18. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    The green arrow(s) means the rule allows traffic, and the red arrow(s) means the rule blocks traffic.

    You still are using your old ruleset as a base with almost no changes including doing things like securing dhcp/dns like the example thread I linked to did. The reason I asked to you start over again by importing that other ruleset was there were some serious holes in your old configuration, and they were so numberous it would have been easier to start over.

    You can run the program how you like, but currently the lan is protecting your computer, if you ever had to dial-up, or connected directly to the internet your connection would have some services wide open for everyone to connect to. Which is why I basically wanted you to start over again with that starting template, and follow the directions to configure the basic rules on that template securely. So currently your lucky another network protects your computer at the moment, otherwise you would be wide open.
     
  19. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    i access internet only through LAN connection and not intend to access through dial-up near future also.. i will again check my rules and am still going to enforce ur rules... but as u said i think i leave it as it is nou as u said i am secured through LAN...
    i will ever if i think to access directly through my computer i will not think twice before enforcing the rules i downloaded the basic sets :)
     
Loading...
Thread Status:
Not open for further replies.