Kerios 2.1.5 firewall

Discussion in 'other firewalls' started by sniper968, Jan 17, 2009.

Thread Status:
Not open for further replies.
  1. sniper968

    sniper968 Registered Member

    Joined:
    Apr 3, 2008
    Posts:
    3
    Hello,

    I'd appreciate if someone who has an expert grasp of Kerios 2.1.5 firewall rules and settings could evaluate my setup - see photo.

    I just switched over to Kerios 2.1.5 firewall from XP Pro.

    I'm using a desktop plugged into an Asus router WL-600g adsl2 modem. Wireless is disabled. I also use AVAST anti-virus and yes, the computer is patched on a frequent basis.

    I also have the P2P - utorrent running at night. I set it up so that it only uses one port. But utorrent wouldn't work unless I allowed it access to all ports.

    Hamachi - a virtual network program- is set up to have access to all ports- this is used solely when I play Command and Conquer ZH with a high school friend. Game.dat is one of the associated game files. Otherwise its disabled.

    I have MSN Messenger on most of the time - as most of my friends use the service.

    Have I made any big mistakes?

    Oh an my system specs is this: XP Pro, Pentium Dual Core, 2gig Corsair RAM, Nivida GF 7800 GT, 2 hard drives x 500gig. Also have Spybot Search and Destroy.

    Cheers,

    Wylie
     

    Attached Files:

  2. wat0114

    wat0114 Guest

  3. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    I would see the DSLR link in that thread above for the most detail. I would also tighten up your rules with specific ports and port ranges (local and remote) and addresses where possible. Your DHCP rule will never be used as you are already permitting all DHCP traffic in the rule above it titled "Router Config". So that's redundant. I'd remove the "router config" rule and then fill in a specific address in the DHCP rule. You may need additional DHCP related rules also.

    It's mostly trial and error and reading and checking logs till you get to where you want to go with it all.
     
  4. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I can't be specific on several of the rules without knowing exactly how your LAN is set up, but there's a couple I see that can be tightened.

    Your router configuration rule. Can I assume you configure it via the browser? If so, limit that rule to the browser instead of any application. Outbound is all you should need for manual configuration.

    You have 8 rules for µTorrent. The last 4 are allowing all traffic which makes the first 4 meaningless. It should be possible to limit inbound traffic to one specific port. You mentioned it didn't want to use just one port. Are you using UPnP? If so, that's a separate specific port you'll have to allow unless you forward the port manually in your router and modem.

    I'd also keep all of the ICMP rules together. Same for DNS rules. I'd also move your inbound NETBIOS and system blocking rules upwards, above the rules for specific apps. Kerio reads the rules from the top downward and uses the first one that applies. This makes it easier to keep a ruleset organized.

    I notice that you have several rules that allow inbound for different apps. I'm not a gamer so I don't know what those games need, but if you can, limit the inbound to specific IPs or IP ranges if possible.

    Several of those rules are the default rules kerio makes when installed. This includes:
    The DHCP rule. If you use DHCP, fine. If not, you don't need it.

    I'd disable the allow rules under DHCP starting with LSA Shell (Kerberos) and ending at reply from NTC server. These are all default rules. Depending on your setup, you might not need most of them.

    I'd also be as specific as possible with SVCHOST (generic host process) rules. Specify the ports and IPs whenever possible. This is used for a lot of different purposes, mainly services that most people don't need. Some malware also makes use of SVCHOST to connect out. This is a good one to keep on a tight leash.

    You might want to limit Outlook Express to the IPs of the accounts you use it with and block inbound to it.
     
    Last edited: Jan 18, 2009
  5. Durad

    Durad Registered Member

    Joined:
    Aug 13, 2005
    Posts:
    591
    Location:
    Canada
    Is there set of rules to import so that Kerio 2.1.5 act as XP firewall?
     
  6. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,618
    Location:
    Canada
  7. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    The BZ ruleset should be treated as a starting point, not as a complete ruleset. It contains a lot of network rules that are not needed on most home setups. It does not contain any rules for applications. His rules are tighter than Kerio's startup rules but they are not a finished product. It's not possible to make a tight ruleset that will work on others PCs.

    If you're going to use Kerio 2, take the time to learn the basics of internet protocol, what ports are, how IPs and IP ranges work, the basic protocols, etc. This knowlegde is necessary in order to configure Kerio properly. The how to optimize security in Kerio 2.1.5 mentioned earlier is very good. If this is more than you want to deal with, you'd be better off choosing a different firewall.
     
  8. sniper968

    sniper968 Registered Member

    Joined:
    Apr 3, 2008
    Posts:
    3
    Thanks. Its all very complicated though. I'll read it through and try and make sense of it. Its quite an education.
     
  9. wat0114

    wat0114 Guest

    From the linked thread I gave you, check out this post by Lucas1985. He provides a link to an excellent tutorial.
     
Loading...
Thread Status:
Not open for further replies.