IE and Other Dirty Little Secrets?

Discussion in 'other firewalls' started by Jaws, Apr 22, 2005.

Thread Status:
Not open for further replies.
  1. Jaws

    Jaws Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    210
    .
    .
    I know I'll catch a lot of flak from all the security minded people on these forums but.....

    Internet Explorer. I like it (I'm NOT a microsoft fan), use it exclusively, I don't have to learn another piece of software and I don't have another program running on my machine that I don't need. I don't feel like I'm under any grave threat using IE, as long as it's locked down.

    I'm sure you know the drill. Disable everything in the internet zone. With IE6, also block all cookies. Works for me, but different strokes for different folks, these are just my opinions.

    The following is not intended to suggest there's no need for security software. Bear in mind I'm a single user behind a hardware router and I've been using Outpost Free. I'm hoping someone smarter then me about ports and protocols can answer some questions.

    Do the settings for the local area connection > Properties > Internet Protocol (TCP/IP) > Properties: DNS Servers Addresses and all the way through the Advanced.... IP Settings to Options tabs, help secure your internet connection? Do setting all the parameters with specific settings for your machine come close to protecting you, say instead of a free software firewall?

    For instance, I can run my computer with the “DNS Client Service Disabled” in Services with my DNS servers listed under IP Properties. Since experimenting with Outpost 2.6 Trail FW I've noticed how they want you to specify DNS Servers. Same thing with “Disable NetBIOS over TCP/IP” under the WINS tab, something you do when setting up other FWs.

    I'm also curious about the IP Security setting (I set mine to Client Only?) and TCP/IP Filtering (are these good for restricting ports? inbound - outbound? I assume it means inbound since the decription says traffic that reaches your windows computer.). For instance I have:

    Permit Only - TCP Ports: 80
    Permit All - UDP Ports: (you can't put port ranges in!) Should I use ports 53 & 1024-2000? A lot of typing.
    Permit Only - IP Protocols: (left empty?) Any recommendations?

    Like I said, I've been trialing OP 2.6 and I like it. BTW, that's how I caught on to specifying DNS Servers. I'm not trying to knock any software. Just wondering if these settings are a dirty little secret nobody talks about that could benefit some people who surf the web judiciously?

    Thanks,

    Jaws
     
  2. Jaws

    Jaws Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    210
    I probably should have posted this topic in the Other Firewalls forum now that I think about it. Perhaps this post can be MOVED over there. MODS?

    Thanks,

    Jaws
     
  3. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Done. ;)


    snowbound
     
  4. Jaws

    Jaws Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    210
    Thanks, snowbound.

    I'm curious if our firewall gurus have any info.. Lord knows I have a hard time understanding the concepts of TCP/IP, ports and protocols, as I'm sure many other members do.

    Thanks,

    Jaws
     
  5. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Nothing wrong with your choice. You have taken the time to configure it sucurely. I would not block all cookies, but if it works for you ...

    Most home users with dynamic IP's will get their ISP's DNS servers automatically. They will show when you do an "ipconfig /all" and do not need to be added manually unless you wish to add additional preferred servers for the OS to use.

    Most well behaved apps will use the preferred DNS servers specified in your network settings, whether the automatic ones, or manually entered. As most firewalls will permit DNS traffic globally by default, restricting DNS traffic to these servers can help prevent misbehaving apps or malware from using this for something else.

    Unless IPSec is something you are using, you can leave the default settings as is. The TCP/IP filtering available in your network settings is probably best left alone. It is much easier and more configurable to use a firewall for this.

    Regards,

    CrazyM
     
    Last edited: Apr 24, 2005
  6. Jaws

    Jaws Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    210
    .


    Other then the sites I put in the trusted zone, no other cookies get on my comupter.


    Can I infer from this that by me specifying my DNS server addresses through these LAN settings and disabling DNS Client service (win2kpro), that I'm protecting myself as a software firewall would, with rules for DNS server addresses?

    Please, be specific if anyone cares to join in with info on these or the other settings I talked about, this really is interesting to me.

    Because from reading through the forums I get the impression that I was probably no better protected using OP Free, with a router, then if I was not using OP Free. And by using these other settings I may be able to do almost as well without using more software. (I'm a KISS guy).

    BTW, during my trail with OP 2.6 I have not had any BSOD. Not something I can say about OP Free, because I would get intermitent BSODs using it. Never thought OP Free caused these. But I really don't want to make this a discussion about other software.

    EDIT
    Why would I not want to use IP Security?

    Thanks,

    Jaws
     
    Last edited: Apr 24, 2005
  7. noway

    noway Registered Member

    Joined:
    Apr 24, 2005
    Posts:
    351
    Fooling around with the TCP/IP settings (and/or IPSEC) will not prevent many "bad" applications that could get on your computer from communication OUT to the internet, whereas a software firewall can (for the most part).

    Some of the most "trusted" names in the business send out stuff that you may not want them to for various reasons, such as the latest Intellipoint, XP Windows Search, etc. If you are confident that this has not happened or ever will happen to you then you might be ok with just the router. Personally, I am comfortable that after having closed ports 135/445, etc. inbound filtering is good enough FOR ME and FOR NOW and that I will not lose any sleep over it, but many do not agree. I also use IE and have it locked down.. also using Proxomitron to remove all the annoying stuff that comes with it. I don't even run anti-virus active since it can slow down computer, but I own what I think is the best (Kaspersky) and scan without exception every bit of software I download. Also own an imaging program (Drive Image) so that if something bad happens I can put things EXACTLY the way they were before. So my security includes closing ports, Proxomitron, good AV and scan all downloads, delete all e-mail attachments, inbound firewall protection, researching all new software before downloading it, Drive Image, reading security sites daily, etc. I have chosen only layers that don't really slow the computer down, although all of this manual scanning, imaging, reading etc. slows ME down sometimes. If I were you, I would keep using a software firewall until you are willing to do these types of things and make it a hobby and have done it successfully for a long while.
     
    Last edited: Apr 25, 2005
  8. Jaws

    Jaws Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    210
    .

    Well I've done some research and there's plenty of info on IPSec for w2k. The fooling around I've been doing with my settings outlined in the links below look a lot like the rules that are set with software firewalls. Real interesting stuff.

    http://www.securityfocus.com/infocus/1559

    A lot of links here

    http://www.microsoft.com/technet/itsolutions/network/security/ipsecld.mspx


    EDIT:
    Another Excellent Site




    It's all chinese to me, but I'm starting to understand some of it. Just don't know what ports to block or rules to create. Type gpedit.msc in the Run dialog, the interface is pretty straightforward and there's even a wizard.

    Right now my manual address settings under -Internet Protocol-Properties- are set to the ipconfig /all addresses, which always stay the same behind my router. Also have “Disable NetBIOS over TCP/IP under the WINS tab in Advanced. DHCP and NetBIOS over Tcpip show up disabled in ipconfig /all. Does this help security?

    The reason I'm doing this is because every software firewall out there seems to have a shortcoming or two. Sometimes they're hard to set up, or are resource hogs, or a problem with slow surfing or don't play nice with other software.

    I liked OP Pro a lot and I would have bought it if not for extremely long boot up and my network connection took a long time to start. I want a minimum amount of software on my system, less conflicts. So why not use something that's already there.

    EDIT:
    Right now I've removed software firewall and I'm just running behind a router. Nice and fast. Spend most of my time on security sites right now. No worries.

    Don't know how all this will turn out or how long it will take. I'll take any help I can get.

    Thanks,

    Jaws
     
    Last edited: Apr 27, 2005
  9. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Setting up packet filtering in IPSec is not for the faint of heart. You have to know exactly what you need before defining your policy or things won't work. No logging to help with trouble shooting. An oooold thread from here: IPSec and you... (W2000/XP).

    Your router will protect systems behind it from unsolicited inbound traffic. What you employ on systems behind the router will be more for application control if desired and to protect those system from others on the LAN if required.

    There are many still searching for the perfect firewall, if it exists. You just have to find and use what works best for you.

    Regards,

    CrazyM
     
  10. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,787
  11. Jaws

    Jaws Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    210
    .

    Thanks for the replies guys, I thought I'd get stiffed on this subject. Seemed like a no-go subject here.


    Quote from August 2002 about IPSec
    Another 2002 post
    I'll try to keep at it. I followed Paranoid 2000 configuration guide for OP FW and I did OK. What I need is a lot of hand holding & PICTURES. I like to - Keep It Simple Stupid (KISS) - but I may be biting off more then I can chew.

    No matter, I have two 80GB HDs mounted in my computer that have just been reformatted. If I screw up (likely), I can just switch the cables and start again. No worries.

    Thanks,

    Jaws
     
  12. Jaws

    Jaws Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    210
    .

    Hey, CrazyM, that's just what I was looking for, thanks. A file I can download to help me start out. The AnalogX configuration file was a breeze to install and its now running on my system with no problems. And it works too, since I forgot to check off POP3 Client & SMTP Client, when I tried to get my email it was a no-go.

    I'm going to try and add or edit rules per Kerodos recommended web sites. Been thinking I could search around the web for pictures of posts that show firewall rules and see if I can glean some more info on what ports to block.

    One nice thing about using IPSec is that if you don't want to use it anymore or you think its causing problems, you can just disable IPSec in your LAN Properties settings without going back and screwing with your registry.

    WOW, with GPEDIT.MSC it looks like you have total control over your Computer and User configuration. Who needs tweakui.

    For instance, go to - User Rights Assignment - and you can determine who has access or deny access to this computer from the network. In - Browser User Interface - you can change the title bar and create your own custom animated logo. If you wanted to screw with someone you can hide all desktop icons on their machine. Not that anyone would do such a thing. Think I might keep I log of changes I make, may be helpful.

    I've learned a lot since coming to Wilder Security Forums. I really appreciate all the support and help you've given me! I'll be back, with more info if I have any. Is there anyone else interested in this subject or has info that would like to post, please?

    Thank,

    Jaws

    Perhaps with a router, IPSec settings and something to tell me of outgoing connections (Port Explorer?) for example, I'll be fine without a software firewall.

    .
     
  13. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    IPsec is useful for securing (encrypting) communciations within a local network where you can configure all PCs to use it - a standalone PC accessing Internet sites (which are not configured to accept IPsec traffic anyway) would not gain any security benefit in my view. If you are concerned about outsiders eavesdropping on your web traffic, you should consider using an anonymizing proxy (see the Don't Fear Internet Anonymity Tools thread for a long discussion on these). There is a small security benefit (protecting yourself from man-in-the-middle attacks) but the main role of these services is to provide anonymity and privacy online.

    Since the theme here appears to be about securing IE, I would point out that this is far more difficult for several reasons but the Internet Explorer Faces CERTAIN Extinction thread covers most of them.

    A quick note about DNS settings - limiting access via your firewall to your DNS servers only can block malware from trying to hide its traffic as DNS. It is not necessary or recommended though to adjust the DNS settings in Network Properties since if your ISP subsequently changes servers, you will be unable to connect to websites (and will receive little information on exactly why). Using the automatic option here is better, along with keeping an eye on your firewall blocked logs in the event of a server address change.
     
  14. Jaws

    Jaws Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    210
    Well, I guess all is for naught. Can't argue with a security expert.
     
  15. Huwge

    Huwge Registered Member

    Joined:
    Oct 21, 2004
    Posts:
    405
    Location:
    UK
    Sorry to post on anothers thread but dont really want to start another......can someone point me to the site that tests and advises on settings for IE to prevent malware downloads etc

    Thanks
     
Thread Status:
Not open for further replies.