Kerio 2.1.5

Discussion in 'other firewalls' started by Comp01, Sep 8, 2005.

Thread Status:
Not open for further replies.
  1. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    I connect via Dialup (Unfortunately no DSL/Cable access where I live.) and I was wondering if Kerio 2.1.5 still does an adequate job at PC protection still? (I am looking for a very light, but semi-easy to use firewall.)
     
  2. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    hi Comp i use 2.1.5 with dialup - pcflank tests show kerio to be very secure.
     
  3. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    677
    Location:
    Blasters worm farm
    I also use Kerio 2.1.5. IMO its one of the best for dialup. :)
     
  4. pcalvert

    pcalvert Registered Member

    Joined:
    May 21, 2005
    Posts:
    203
    It's good, but not if you use the default ruleset that comes with it. You probably already knew that, but I wanted to make sure that this important point was not overlooked. There are lots of people reading these forums, and many probably don't know that.

    Phil
     
  5. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Thats what I figured, is there any rulesets for download? (Like I know there is for Look 'n' Stop, etc.) or any recommended rules?
     
  6. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    pcalvert would you care to elucidate a little on the problems of using the default rules? - i'm not aware of any problems? seems to work fine out of the box? - has passed every test so far.

    check out this discussion Compo.... http://carmainc.org/forums/index.php?showtopic=2525&pid=2276129

    also.... http://www.dslextreme.com/users/surferslim/tpf.html

    and....http://www.broadbandreports.com/faq/security/2.5.1. Kerio and pre-v3.0 Tiny PFW
    Quote - "The KPF is installed easiest with its default rules left intact and in their default order from top to bottom. That's it, end of your firewall install :)"
     
    Last edited: Sep 9, 2005
  7. pcalvert

    pcalvert Registered Member

    Joined:
    May 21, 2005
    Posts:
    203
    I just passed along what I learned on this forum. See:

    https://www.wilderssecurity.com/showthread.php?t=35586


    Phil
     
  8. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    thanks for your reply phil - bz states that kerio is not secure out of the box - but doesn't state why.

    there is no doubt that rules based firewalls can be very complicated to delve into - i can only speak for myself in saying that i'm satisfied (so far) with the default rules - as long as it prompts me when it isn't sure about something going in or out and it passes all the known firewall tests then i'm happy to let it do it's own thing. cheers.

    anyone with an in depth knowledge of kerio - feel free to give your views on the subject.
     
    Last edited: Sep 9, 2005
  9. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    One example of customizing rules to make System-Wide Rules more secure would be to specify the IP addresses for DNS and DHCP(the default is "any" - see attachment)

    Here is a discussion of DNS/DHCP.

    See also CrazyM's sticky post for other good links.

    Also, in the internet rules portion of the rule set, you can specify the Service (application) instead of using the default "any application"). For example, DNS is controlled by services.exe in Win2k and svchost.exe in WinXP.

    Another type of customizing would be specifying IP addreses for your secure sites (bank) via your browser on port 443 (help prevent phishing)

    Also, some of the rules in the default set may not be applicable to you.

    Only if you are not familiar with networking (I speak from experience when first starting to customize Kerio).

    If you take the time to study and learn about ports, protocols, and all of the other networking stuff, you will be much more knowledgeable about firewall security, and be able to utilize Kerio in a more effective way.


    regards,

    -rich
    ________________
    ~~Be ALERT!!! ~~
     

    Attached Files:

    Last edited: Sep 9, 2005
  10. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    I would also like to hear some other peoples views on whether the default rules config is adequate or not.
     
  11. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    thanks for the comprehensive reply Rich - i am gradually working thru your tutorial - and hope by the time i get thru it i will be an expert :D

    the reason why i query the need for rule changes is that kerio stealths (almost) all ports when firewall tested and resists all exploit and trojan attempts thrown at it by the tests using the default rule set - it passes the grc leak test and always prompts anything it's not sure of.

    so far i've not come across any problems at all using the defaults - i cetainly don't regard this firewall as insecure in it's current state - thanks for the tips you listed in your post - will check em out.

    btw - i did a ipconfig /all and only one address was listed under dns servers - isnt there suppose to be 2 - a primary and a secondary?

    cheers
     
  12. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    If you search these forums, and BBR forums, and the internet in general, you will find examples of Kerio rule sets.

    Based on my own experience, you will be frustrated because many of the individual rules will not apply to you, and you may not understand the reasoning behind a particular rule created by another user.

    It's better to "educate" yourself on networking and rule sets in general, then study other rule sets as examples and create your own rules.

    regards,

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
    Last edited: Sep 9, 2005
  13. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Hi toploader,

    This is fine for inbound. It's the outbound (DNS for example) that can be tightened up.

    Mine has two; check with your ISP.

    regards,

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  14. yogishree

    yogishree Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    871
    Location:
    Chhattisgarh-India
    The point is to tighten the rule sets to the extent possible. All rulesets , including BZ's or any other , should be starting points which require to be adapted to individual systems . The logs should be periodically scrutinised for considering reviews of the rules - if so thought required. However , the problem here is that most of us would like to install & forget - which may prove costly in case of a rule based FW.

    I refer below to a small discussion which took place recently at CARMA which may prove useful to some.

    http://carmainc.org/forums/index.php?showtopic=2525
     
  15. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    So its mostly outbound that needs to be tightened up? (IE: so it only allows your ISP's DNS servers, etc.) ?
     
  16. pcalvert

    pcalvert Registered Member

    Joined:
    May 21, 2005
    Posts:
    203
    When I first tried KPF 2.1.5, I used the default ruleset. A few months later, though, I abandoned it and went to Sygate. Why? Because it's old and I was afraid that it no longer offered good protection. Actually, what happened is that KPF crashed and stopped working a few times while I was online. I suspected that someone had used some sort of remote exploit to crash it, but I had no proof of that.

    After using Sygate PF for over a year, I decided to try KPF 2.1.5 after reading the comments about it on here. I decided to use BlitzenZeus's standard replacement ruleset and modify it according to my situation. I also password-protected Kerio.

    So far, Kerio 2.1.5 seems to be working quite well. I've had no (apparent) trouble with it whatsoever. There is one minor annoyance, though-- the need to manually delete the log file periodically. I check it occasionally and delete it when it's more than 1 MB in size. Actually, what I do is reboot into DOS (I'm using Win98SE) and run a small batch file that renames the relevant files, thereby making a backup.

    I also want to say that I had no trouble modifying BZ's standard replacement ruleset. Of course, I'm no newbie, but neither am I an expert. It does take some patience, though, because one needs to carefully read and follow instructions. However, it's probably not for most people. For example, I would be reluctant to recommend Kerio PF 2.1.5 to any of my family members and most of my friends.


    Phil
     
  17. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Why? Use your knowledge of Kerio and write a tutorial and teach them how to design a rule set, starting with the basics of networking. If they are willing to follow your instructions, you will be passing on to them a good product that you like, and you will be greatly rewarded knowing that there will be a few more knowledgeable people in this important area of security!

    regards,

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
Thread Status:
Not open for further replies.