Hints on using Online Armor FW-a Learning Thread 4

Hi 19monty64:



Wish I had thought to ask that! Oh are you asking me?

Well right now what I will do is go over all the posts then sleep on this question. I will try to answer it but there is some work and study I need to do. My answer ( not THE answer) will come but only when I've got one to give you. Should I be suffering ? Maybe I don't know.

If anybody who has/had OA 2 paid or trial (not just the free) has suggestions let us know anyway you like, PM, open post or email.

Please remember this is not a vendor bashing opportunity, as per OP #1.

I have several questions posted here that remain unanswered.

Here are 2 more, on IE extensions. My jpg is the same as the OA 2 help file except my sun java is ? not allowed.

Is this IE add on trustworthy or not?
In my case with the ? is this the same as denied? Will it launch, or be removed? I'm

Mike, it might be better to have a separate help file for standard and advanced/power users?


For ease of reference, here is the copy paste from help

 

Re: 2 OA Restricted Ports List Questions

Attached are 2 jpg's. One is a rule for Netbios, the other is my current OA 2 Restricted Port list.

There are 3 entries in the table and 1 rule. Shows all the same ports denied and the same protocols. This seems fine so far.

The direction of the deny shows in the 1 rule BUT not in the OA 2 list.

1. Is the direction denied in OA 2 FW the same eg BOTH?
   
2. To Stem et al, is it okay security wise to allow "local programs" access to these ports?

Thank you.

 

Re: 2 OA Restricted Ports List Questions

Hi Escalader,

You're now the happy owner of 3 threads, even though you don't want all of them.

You're getting close to my favorite subject, now - the blocking of windows system processes.

You found netbios in the restricted ports tab, I suppose. Is there any way to find the other system processes and block these?
I'm sure that all MS stuff is included in the white list, so you will never hear anything about those, unless you disable something. Any plans here?

 

Re: 2 OA Restricted Ports List Questions

Hi Lundholm:

No nothing new. Just plodding ahead.

Mike Nash asked me via PM to post 1 by 1 questions at OA 's forum as he cannot spend time on the learning thread. If he posts there all OA users can benefit from his posts. I have no problem with that myself. As long as answers are received that is all I care about, not where.

I posted the netbios question there and will check later to see what is said.

More later

 

Re: 2 OA Restricted Ports List Questions

So we will visit the OA help forum in order to study the technical details, and this thread will describe the overall learning progress, right?

 

Re: 2 OA Restricted Ports List Questions

That sounds okay to me. I will post my own learnings/observations (when I have any) here so members can get results as I see them.

I use the same id there as here and anybody can see the question and the responses I get over there at will.

This will be a bit of a bounce between the forums exercise, let's see how it goes.

You don't have a spare test PC at your end by any chance? I ask because if you had the 30 day OA trial you could help me by moving to the next tab and then I would try the one after that. Just a thought.

 

Re: 2 OA Restricted Ports List Questions

Using a tabbed browser, this should be possible.

If I had a test PC, my participation here would be more constructive (and aggressive, believe it or not). Or maybe I would be testing something else? A more complete product? Comodo?

I still think that this is a courageous project!

Cheers

 

Re: 2 OA Restricted Ports List Questions

Hi Peter,
You seem to know an awful lot about OA development. Exactly what is your position in this context? Moderator or what?

Cheers

 

The blocklists within OA have never really given any problem (certainly not from my testing on the earliers builds of OA).
It is an addition I have always liked, certainly from the fact that the blocklists can be made only against a certain (1 single or more )application, or all OS

PG2 is now more stable and less conflicting with firewalls. This is why I mentioned this application to you, so you could place your block lists regardless of firewall in use.

 

Post 19 is quite involved, as this does go through some of the advanced firewall features. I did go through some of these settings in an ealier thread But we can look at all this again later in thread.

I have not taken time to look at this. I do know various secerity software that put in place protection on this, do this in various ways. Some just check to see if this (Hosts)file is accessed, some check content, then check the IP against the actual host to see if this is correct (as long as its localhost or correct IP then no alert) I will look at this when I install.

 

ICMP within OA is a problem for me, as there is no direction.
A question was made, but no reply yet on this that I can find.

As example, I would allow an outbound ping. But allowing this within OA also allows the inbound ping. A bit of a problem for me.(and possibly for others).

Those (like you) behind a router, only need concern for ICMP on LAN, on an home or fully trusted LAN, ICMP should be allowed for internal error message.
If for example, you have 2 or more PC`s both active on the internet, your PC is best advised if ports are in use on the router, it can save slowdowns.

 

Re: 2 OA Restricted Ports List Questions

Access of application to the internet (via White list) can be disabled (allways have been~ although I did get an e-mail stating that OA apps could bypass this. I need to re-check, I know this did not happen in the earlier builds I installed/checked)

In the firewall options, you see see an option to "automatically allow trusted applications", disable this. You should then get a popup for any application not already allowed (apart from the possible mentioned above~... not a good move OA!!)

 

Re: 2 OA Restricted Ports List Questions

Lets stay with topic.

I have been away/short of time due to work. I can now help (at least for a while). So on this thread, please either ask questions regarding thread title, or help with answers.

cheers,
Stem

 

Re: 2 OA Restricted Ports List Questions

Hi Stem,

My OA is already allowed - but you can block it in the GUI if you want to. I'll check again tomorrow as I install and post back as I have OAFree installed at the moment, so can't test it by doing check for updates.


Mike

 

Re: 2 OA Restricted Ports List Questions

Hi Stem, welcome back. I completely agree with this. My first reply was for Escalader, my second reply was for Peter, and my third reply is for you.

 

Hi Stem:

For now I have the blocklists set against all applications. What would your example(s) of using them against a specific application? What would a rationale be for that?

Yes, PG 2 is an execellent application. On their forum there has been some concern about the list builder Bluetak (sp?) finances as they appealed for $.

 

Okay, I have my setting done for those screens, thanks.

The way I have it working in OA's is the host tab shows Spybot S & D large (and maintained for me) list of bad sites loaded into the real host file showing as accepted in OA 2. This is confusing until I learned that OA 2's tab is not the real host entries but the rules about them.

These entries are "allowed" to exist in the host file. I suggested to Mike Nash that the tab should be rennamed Host Rules.

 

I don't know the answer either. In their ICMP list/table there are several entries, echo request, echo reply, timestamp, masks etc, etc.

Not knowing how to maximize security with this table I didn't accept the default settings and denied them all. Waiting for consequences and none are obvious at user screen level. Bellow the surface I have no clue.

What would your ICMP settings look like?

 

Re: 2 OA Restricted Ports List Questions

For the record, I already have the auto allow trusted disabled!

I also have auto configure trusted disabled, but I don't know if this makes sense since I don't want to "shoot my settings in the foot" or lose a paid for OA 2 benefit that is good for me

Comments as alway welcome

 

Re: 2 OA Restricted Ports List Questions

Stem is concerned about hard-coded rules. If he disables the whitelist, he should get a prompt about every application trying to access the net. Someone told him that OA's own applications/processes might be granted access rights even with the whitelist disabled.

 

To all thread posters:

This is my thread and deals with questions and answers that have been raised.

Please see and follow :

https://www.wilderssecurity.com/showpost.php?p=1113715&postcount=91

Thank you

 

Two OA 2 FW Rule Proceesing Questions

1. In the design of the OA 2 FW paid version, are the rules processed from the 1st rule to the last as in a computer program?
   
2. If the detail rule list has no rule allowing a specific application to connect via one protocol or another, is that connection implicitly allowed or blocked?