Jetico with NTWrapper: is it secure during boot/close down??

Discussion in 'other firewalls' started by SamSpade, Nov 26, 2006.

Thread Status:
Not open for further replies.
  1. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415
    For Stem, in particular, can you test this?

    If anyone else knows, please chime in !


    //
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello SamSpade,
    I can see from your recent posts, that you have some concerns about the safety of your PC during boot/login.
    I will of course test this for you, but could you tell me what O.S. you are using, as I would also like to point out a number of possible ways to protect yourself. (do realise that a lot of firewalls will not protect you during boot, this is mainly down to the need for DHCP (so your PC can get an IP),... some will give an option to block or allow traffic during boot, but actual packet/port filtering during boot is only available by a few firewalls.
     
  3. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    Thanks, Stem. I'm using XP sp2, all updates. And for the record, I use NOD32, SpySweeper (real-time anti-vir turned off), and am trialing AVG anti-malware (used to be Ewido) currently running in real-time with no apparent conflicts with anything else.


    //
     
  4. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    You've got my concern down right, Stem.

    Btw, do you have a list of firewalls that *do* give the option of blocking traffic during boot/shut-down? I know SunKerio 4.3 does (but, good Lord, what a RAM hog).


    //
     
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi SamSpade,
    I have installed NTwrapper for Jetico. There is a period of about 5 seconds while booting to login screen that the PC is unprotected, but there after jetico is running and filtering (while waiting to login). During shutdown, the PC is unprotected (on this setup).

    I dont have a list.
     
  6. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Stem, have you tried to test during user switch? If I understand correctly NTWrapper restarts the service automatically
    Thanks for your feedback
     
  7. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    Thanks for your effots, Stem.

    So, even with NTWrapper running Jetico as a service there is still a period when the line into the computer is unprotected??

    Any suggestions on how to close down that vulnerability, short of disconnecting the line?


    //
     
  8. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    In addition to SunbltKerio, what other fws *do* allow one to close off the connection until the fw is loaded? Outpost 4.x?? ZA Pro?? LnS??


    //
     
  9. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Yes, the cable:D
    Unplug it when shutting down, plug it only when you log in
     
  10. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Its a case of disabling un-needed windows services, so that ports are not left open. From my own setup, all ports are closed during boot/close down.
    I will need to find time to check. As some firewalls give an option to protect during boot/close down, but they can also block DHCP and cause problems.
     
  11. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I logged off to the login window, and Jetico was not filtering. So the PC is unprotected at that time.(unless I have missed a setting some where in NTwrapper)
     
  12. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Do you mean disabling NetBIOS and the likes, hardening with WWDC, using static IP, etc?
    I readed it here
    Check "restart application"
     
    Last edited: Nov 27, 2006
  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Yes. There are also other service`s that should be looked at. (example: "Remote Registry" / "Computer Browser")
     
  14. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Thanks, my doubts are gone :D
    My security setup is almost complete now and it´s time to read the Jetico tutorial, the sticky and the Nautopía(Spanish) tutorial
     
  15. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I have made this setting, but when I log off, there is no filtering while at the login screen.
     
  16. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Just to clarify: that post suggests that exists a time interval of 20 seconds between logoff and the restart of Jetico. Have you considered this quirk?

    Off topic: I am using PeerGuardian(IP blacklisting). Outpost offers the chance to import the lists. Is there a way to do this in Jetico? If so, what´s the impact on firewall performance and resource usage?
    Thanks again
     
    Last edited: Nov 27, 2006
  17. shek

    shek Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    342
    Location:
    SE CHINA/NYC USA
    lucas1985---

    You could take a look at here, the post #128 and #138
     
  18. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Great :D
    PeerGuardian removed :D
     
  19. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    Sure, that's one option. What I am looking for is an ironclad way to maintain security (packet filtering or some other method) while the machine *is* connected during boot-up/shut-down.

    I know some firewalls give you the option: Sunbelt Kerio 4.3 does, and I believe Zone Alarm's got a service (possibly even a driver) that stays on from the time the computer starts to boot and until the machine shuts off.

    I'm looking for firewalls or other options that can keep the computer shielded. It's been said that Jetico running as a service is better than running as an app, but there is still some few seconds that it remains vulnerable. I'm trying to close that vulnerability without unplugging cables or turning off the wifi connection.

    Anybody know something about this ??

    Thank you in advance for sharing it here.


    //
     
  20. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Why don't you just disable all the unencessary services so that all of your ports are closed when you don't have a firewall? That way, nothing can happen to your computer since no services can be exploited. Use tcpview from sysinternals to determine what is listening on what port, then search around the web for solutions to close that particular port.

    I do know that SKPF has an option to prevent all packets when shutdown and reboot occurs, but it doesn't do any real filtering, just blocks the packets, which isn't needed if nothing can be exploited anyways

    Cheers,

    Alphalutra1
     
  21. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    SamSpade: I understood you. I was just trying to lighten things up. It's not the end of the world for the firewall not to load ASAP. I know it's always better to have the Firewall load right away, but until then the cable won't fail:) . If it can be improved though, it should be improved.:thumb:
     
  22. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    Thanks, Alpha, I'll give that a look.

    Is it only services that I need to check? How about drivers, or are they finally working through services they activate in order to do what they do?

    Sam


    //
     
  23. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    Yeah that !!

    :)


    Sam


    //
     
  24. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Just see whatever is listening on a port, using tcpview, then disable whatever it is, whether service, application, etc.

    Cheers,

    Alphalutra1
     
  25. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    Could you post the list of services you have disabled (for port protection). Also, how long you have been doing this without problems, and also what problems may have occurred after disabling those services??

    Many thanks, Stem.

    Sam
     
Loading...
Thread Status:
Not open for further replies.