Discussion in 'other firewalls' started by SamSpade, Nov 26, 2006.
For Stem, in particular, can you test this?
If anyone else knows, please chime in !
I can see from your recent posts, that you have some concerns about the safety of your PC during boot/login.
I will of course test this for you, but could you tell me what O.S. you are using, as I would also like to point out a number of possible ways to protect yourself. (do realise that a lot of firewalls will not protect you during boot, this is mainly down to the need for DHCP (so your PC can get an IP),... some will give an option to block or allow traffic during boot, but actual packet/port filtering during boot is only available by a few firewalls.
Thanks, Stem. I'm using XP sp2, all updates. And for the record, I use NOD32, SpySweeper (real-time anti-vir turned off), and am trialing AVG anti-malware (used to be Ewido) currently running in real-time with no apparent conflicts with anything else.
You've got my concern down right, Stem.
Btw, do you have a list of firewalls that *do* give the option of blocking traffic during boot/shut-down? I know SunKerio 4.3 does (but, good Lord, what a RAM hog).
I have installed NTwrapper for Jetico. There is a period of about 5 seconds while booting to login screen that the PC is unprotected, but there after jetico is running and filtering (while waiting to login). During shutdown, the PC is unprotected (on this setup).
I dont have a list.
Stem, have you tried to test during user switch? If I understand correctly NTWrapper restarts the service automatically
Thanks for your feedback
Thanks for your effots, Stem.
So, even with NTWrapper running Jetico as a service there is still a period when the line into the computer is unprotected??
Any suggestions on how to close down that vulnerability, short of disconnecting the line?
In addition to SunbltKerio, what other fws *do* allow one to close off the connection until the fw is loaded? Outpost 4.x?? ZA Pro?? LnS??
Yes, the cable
Unplug it when shutting down, plug it only when you log in
Its a case of disabling un-needed windows services, so that ports are not left open. From my own setup, all ports are closed during boot/close down.
I will need to find time to check. As some firewalls give an option to protect during boot/close down, but they can also block DHCP and cause problems.
I logged off to the login window, and Jetico was not filtering. So the PC is unprotected at that time.(unless I have missed a setting some where in NTwrapper)
Do you mean disabling NetBIOS and the likes, hardening with WWDC, using static IP, etc?
I readed it here
Check "restart application"
Yes. There are also other service`s that should be looked at. (example: "Remote Registry" / "Computer Browser")
Thanks, my doubts are gone
My security setup is almost complete now and it´s time to read the Jetico tutorial, the sticky and the Nautopía(Spanish) tutorial
I have made this setting, but when I log off, there is no filtering while at the login screen.
Just to clarify: that post suggests that exists a time interval of 20 seconds between logoff and the restart of Jetico. Have you considered this quirk?
Off topic: I am using PeerGuardian(IP blacklisting). Outpost offers the chance to import the lists. Is there a way to do this in Jetico? If so, what´s the impact on firewall performance and resource usage?
You could take a look at here, the post #128 and #138
Sure, that's one option. What I am looking for is an ironclad way to maintain security (packet filtering or some other method) while the machine *is* connected during boot-up/shut-down.
I know some firewalls give you the option: Sunbelt Kerio 4.3 does, and I believe Zone Alarm's got a service (possibly even a driver) that stays on from the time the computer starts to boot and until the machine shuts off.
I'm looking for firewalls or other options that can keep the computer shielded. It's been said that Jetico running as a service is better than running as an app, but there is still some few seconds that it remains vulnerable. I'm trying to close that vulnerability without unplugging cables or turning off the wifi connection.
Anybody know something about this ??
Thank you in advance for sharing it here.
Why don't you just disable all the unencessary services so that all of your ports are closed when you don't have a firewall? That way, nothing can happen to your computer since no services can be exploited. Use tcpview from sysinternals to determine what is listening on what port, then search around the web for solutions to close that particular port.
I do know that SKPF has an option to prevent all packets when shutdown and reboot occurs, but it doesn't do any real filtering, just blocks the packets, which isn't needed if nothing can be exploited anyways
SamSpade: I understood you. I was just trying to lighten things up. It's not the end of the world for the firewall not to load ASAP. I know it's always better to have the Firewall load right away, but until then the cable won't fail . If it can be improved though, it should be improved.
Thanks, Alpha, I'll give that a look.
Is it only services that I need to check? How about drivers, or are they finally working through services they activate in order to do what they do?
Yeah that !!
Just see whatever is listening on a port, using tcpview, then disable whatever it is, whether service, application, etc.
Could you post the list of services you have disabled (for port protection). Also, how long you have been doing this without problems, and also what problems may have occurred after disabling those services??
Many thanks, Stem.
Separate names with a comma.