Jetico making me crazy.

That is what I did before. At beginning, click alot of allow and then summarized to a rule table. Then I put a browser rule inside the Siteadvisor rule, (and at the beginning, a ftp client rule inside a browser rule). But I found siteadvisor still popups, I put it into Siteadvisor update rule, then that night it comes out again, during I was CSing. Then I put it into block zone, quieted it down. Therefore I thought that be the hashcheck problem. I noticed it might change directory after update and there are normally two apps for it. Now I start to doubt if it is really useful.

Out of topic, thanks anyway.

 

I've come back to Jetico, again. It's the most straight-forward -- albeit most labor intensive -- firewall I've tried, and others... well, they pack a lot of questionable stuff, use more resources, and are slower.

Anyway, I use my computer for email, Skype, internet browsing (tame), software updates (including Microsoft XP and Office), and occassional FTP downloading. I may try a "torrent" type download in the future, but haven't yet.

My question is: which of my ("local") ports (those on my computer) should I *never* allow to be used; and which remote ports should I *never* connect to.

A corollary would be are there any IP addresses I should manually enter into Jetico as places *never* to connect to.

I've read a lot of things in a number of different threads on this issue, but I cannot keep track of all of them. I'd like to make my set-up as leak-proof as possible, as well as being as locked-down as possible while still using the apps I mentioned above. Ie, I'd like to be securely sealed while seeing as few pop-ups as possible.

If someone could help me simplify my rule-making to limit what ports I should not use, as a start in my quest, I'd appreciate it. Thanks.


SS



|||

 

My apologies for asking for a re-hash:

I know my questions have been covered before (long before, probably), but if anyone has any updated news on Jetico 1 rules for hardening my connections, I'd appreciate it. If the old rules in the forum are still the best, then a quick point to them would be appreciated. So far I have found:

https://www.wilderssecurity.com/showthread.php?t=145740&page=2&highlight=jetico

https://www.wilderssecurity.com/archive/index.php/t-62970.html

http://mintcream88.netfirms.com/jetico/


Anything else?

Thank you.


//

 

Hi,Stem!
I wanted to ask you if it's possible to block all incoming and all outgoing traffic of all kinds,except the NOD32 antivirus updating,Lavasoft Ad-Aware professional,Firefox and Internet updating?
Is it possible to only partially allow these programs for updating?

Also,does Jetico2 protect against malware websites loading?
Similar like Spy Site blocking in ZA Pro.

Also,I'd like to ask you for opiniono you think Jetico 2.0.0.37 gives more and greater protection in all areas than ZA Pro 7.0.408.000?
And thanks for your help!

 

Once all rules for all applications are created, you can disable the "Ask" rules within the tables. This will effectivly block any/all outbound/inbound attempts without popups. This can lead to problems, as example for aceess to network, as a newly installed program may require this (but not actually need internet connections, and can (possibly) cause internet loss if blocked)

Do you mean with endpoint restictions? (so that these applications can only connect to defined IP`s)

No, I have been pushing for the ability to import tables/groups into Jetico2, this would then allow the import/use of blocklists.
All ZA is doing is automatically allowing these lists to be imported/used.
Using Peerguardian will give the same.

This would basically be attempting to compare a firewall with a suite. I will not follow such a debate.

 

Jetico1 default rules are quite tight. Any outbound/inbound connections will cause a popup(unless a rule in place).
The only area to cover is any "open rules". These are rules in place with no application binding (where an open rule does not have an application within the rule). This only applies to the rules within the config (not the rule tables, such as "browser", that are not actaully used unless a jump is made~ normally when you would "handle as"~ "browser",.. this then binds thoese rules to the application).

What to look for. Such as the DNS rules. I do disable the windows DNS client (forcing all applications to make DNS lookups), I then place the DNS rules into a table. Any DNS lookup attempt will cause a popup (outbound datagram(UDP) or outbound TCP~ depending on the DNS server) to remote port 53), if this is expected, then I allow the application with a "handle as" ~ "DNS(or what you have named the table with the DNS rules)"

 

Thanks for your time, Stem.

1. "Open rules" ... can you explain that more? These are rules that I set, or are part of the software defaults?


2. I also stopped my DNS service some time ago (upon advice regarding having a large Hosts file), but have no clue as to how to apply any "table" (rules) for that.


|||

 

What I call an "open" rule, is a rule that does not have an application within that rule. So the rule can be used by any application. From a default installation of Jetico1, look at the "Application Table". You will see 2 rules for DNS.(send/receive datagrams (UDP)). If you open the rule, you will see no application within the rule.

To create a table for the DNS rules.

Right click the "root" and select "insert table"



Right click the "new table" and rename (in this example) to DNS



Go back to the "Application Table", select the 2 DNS rules, left click/ hold down the mouse button and drag the rules to the DNS table



You now have a table for the DNS rules.



Now, when any application attempts to make a DNS lookup (send datagrams to remote port 53), if this is allowed, you select "Handle as" DNS (The new table will show in the drop down menu of the popup)

 

Tables are the beauty of Jetico. They offer very granular control and help at managing pop-ups due to hash changes (application update).

 

Excellent, elegant, and *simple* break-down of setting up a table. Before that was a strange and scary term for me, but you have made it clear. Thanks.

If I might change the subject a bit: what does Jetico v2 offer that v1 does not have?? Does it include more default rules for common programs/apps/services (such as DNS lookup)?


|||

 

Bottom line. Better leak detection. Ability to create compound rules (Example: allow TCP and UDP within one rule). Better protection for ARP

Jetico2 have added more rulesets, what good these are I have not taken time to fully check. But, I would still prefer that users could exchange rulesets (export/import rulesets (tables)), this was asked for a long time ago, and I would say is needed.

 

Thanks, Stem.


|||

 

I'm using Jetico firewall server version 1.0.1.61, firewall user interface version 1.0.1.86. My internet browsers can't access servers when the security policy is set to 'Optimal Protection'. Access is possible only with policy 'Allow all'. What's causing this ?