Kerio Predefined Network Settings

Discussion in 'other firewalls' started by Dazed_and_Confused, Apr 8, 2006.

Thread Status:
Not open for further replies.
  1. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    I am trying out the Kerio firewall. There is a section where you can predefine network security rules (see pic). Right now I have set all rules to their default settings. Please note that some of these the default Internet setting is "Permit". I have tried setting all of them to "Deny", and have not noticed any connectivity problems, but maybe I'm missing something.

    My question is - does anyone see any reason to allow the ones currently set to "Allow"? Are there any practical security risks by keeping any of them set to "Allow"? o_O

    P.S. I speak above of "Internet" network settings. I am not concerned with keeping any of the "Trusted" network settings to "Allow"
     

    Attached Files:

  2. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    You will need to leave the DHCP and DNS outbound allowed to the internet for proper functioning of things. ICMP out (ping) might also occasionally be needed too. There's no harm in allowing any of these. The other two at the bottom (Virtual Private Network and Broadcasts) I don't know about and don't use myself. If I were you, I'd just leave the defaults as is. If you want to tighten up your DNS rules so that DNS is only allowed out to your specific ISP's DNS servers, then you can create custom rules for that, specifying the DNS servers you want to premit. Alternately, and this is the nice thing about Kerio 4, you can disable the Predefined Rules altogether, and make your own in the Packet Filter section, as tight as you want them. You can even import BZ's Kerio 2 rules into it and revise as needed. Takes more work than the Predefined route, but then you get more control over things too.
     
  3. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Understood. Thanks, Kerodo. :D I'm going to do a search on BZ's Kerio rules and check them out...
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
  5. Mem

    Mem Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    292
    Kerodo hit it.... If you want to stay with the predefined settings and no rules you can always put the DNS servers into the trusted area and deny DNS to the Internet.

    Other than that, I disabled VPN and Broadcast to Internet.
     
  6. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Thanks, Mem. :D I have since joined the BB that Kerodo suggested. Lots of good stuff there...;)
     
  7. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    Could I inject a question about the terminology here?

    I don't have Kerio 2 yet, but am considering it, so I'd like to know what is meant by broadcasts? Thanks.


    -HandsOff
     
  8. Mem

    Mem Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    292
    A broadcast, a normal part of network operation, is a data packet that is destined for multiple hosts - such as IP networks use broadcasts to resolve network addresses using Address Resolution Protocol (ARP). While the following link is in regards to broadcast flooding it does give a definition of broadcasts (and multicasts) in the first section.

    http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs006.htm

    I should add that my setup is used on a PC on a local LAN (behind a router).
     
  9. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    Thanks, Mem, for the detailed information!

    I'm probably still a bit short of understanding this. Firewalls, to me, are the most incomprehensible of all security programs. Probably because almost all my computing (until recently) has been on a computer, with me as the only user, and a direct connection to the internet.

    I'm hung up by the term "hosts" in your definition, and don't understand if you said that you were behind a router...how that changes the situation as for as broadcasts are concerned. Does that mean the router is the "host", so it handles the broadcast, so that that the software firewall (Kerio) never deals with this issue?

    I always thought a host, or a server was a computer that respondes to high volumes of requests for files...but looking at the definition it almost sounds like any computer that connects the to internet is a host / server.

    I realize that it probably isn't necessary for me to get into this details, but who knows, maybe somewhere down the line it will all come together.

    Anyways, thanks for the info!

    - HandsOff
     
Loading...
Thread Status:
Not open for further replies.