Outpost Configuration Help

Discussion in 'other firewalls' started by Toby75, Aug 5, 2013.

Thread Status:
Not open for further replies.
  1. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Been a while since I've been on here. Hope all is ok with everyone. I was hoping that someone could help me configure Outpost Firewall Pro (just the IP block list section of outpost). I moved and now I have a new computer with a new IP address. (ethernet connection)

    I do not have a wireless router. I'm really no expert on firewalls. I remember Stem helped me awhile back and he was a Godsend.

    Thanks a bunch,

    Toby
     
    Last edited: Aug 7, 2013
  2. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    829
    Location:
    UK
    Does auto learn not help?
     
  3. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Hi,

    I would just like to know if it would make my system safer if I entered a range of IP's under IP blocklist. The range listed in the pic is when I lived in a different state and had a wireless router and a different computer. Now I am currently connected via ethernet.

    Thanks,

    Toby
     

    Attached Files:

    • OP.png
      OP.png
      File size:
      67.5 KB
      Views:
      10
  4. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    814
    Those IPs aren't even Internet IPs. They are devices attached to or potentially attached to your router.
     
  5. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Correct, Stem helped me set this up long ago, long story. My question is can I input anything here to make my system more secure?

    Thanks,

    Toby
     
  6. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    829
    Location:
    UK
    If your home network has not changed then adding those IP addresses would be fine.
     
  7. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Thanks for the input...can you read my first post? I have moved and was wondering what I needed to with the IP block section of Outpost.

    Thanks in advance,

    Toby

    Edit: I just edited my original post...hope this makes it more clear.
     
  8. Manny Carvalho

    Manny Carvalho Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    270
    I'm not quite sure what you are trying to do. IPblocklist is designed to filter out all inbound/outbound internet connections by IP addresses. The address you list are internal LAN addresses rather than external IP addresses.

    If you want to control your LAN then use the LAN settings [below]. If you could be a little more specific as to what you are trying to do then maybe we could offer better help. For example, if you don't want to trust devices on your LAN then remove the tickmarks under the LAN settings.
     

    Attached Files:

    • LAN.png
      LAN.png
      File size:
      31.8 KB
      Views:
      601
  9. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Thanks Manny...

    OK, so here's the deal. I have Outpost Pro Firewall installed on a Windows 7 machine. This laptop is for malware testing ONLY. I would like to maximize the effectiveness of Outpost. So I was just curious about the IP blocking section. IP blocking refers to blocking known malicious websites, correct? Wouldn't improvenet's blacklist help with that? Should I leave the IP blocklist alone or are there lists out there on the internet which I could add to this section.

    Any thoughts you could share would be great!

    Thanks,
    Toby
     
  10. Manny Carvalho

    Manny Carvalho Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    270
    Thanks that makes it clearer. Yes, it would help blocking traffic from/to those malicious websites. Agnitum doesn't provide blocklists but there are third party who do. There's a little bit of a learning curve on how to do this such as lists aren't additive but importing a new one deletes the old one. But once understood then it's fairly easy.

    Here's a recent thread at the OP forum that should provide what you want: http://www.outpostfirewall.com/forum/showthread.php?27354-IP-Blocklist&p=204702#post204702
     
  11. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Thanks for the info Manny....

    It appears that Improvenet does have some sort of site blocking functionality.
     

    Attached Files:

  12. Manny Carvalho

    Manny Carvalho Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    270
    Yes, it does. This list, which is not visible to users and is only known exactly to Agnitum, will show a site in that screen when you happen to visit it so that you can exclude it should you want to. If you turn it on then it will offer protection automatically from those sites on their list. IPBlocklist offers additional protection by allowing you to add any other sites you choose. In addition IPBlocklist had priority in blocking those sites as described in this KB article: http://www.agnitum.com/support/kb/article.php?id=1000120&lang=en

    Using the blacklist is a simple tool in automatically blocking malware sites and is updated via ImproveNet. I only see a hit there once in a blue moon because I don't normally visit known malware sites.
     
  13. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    829
    Location:
    UK
    Manny, is there a test site or one that isnt too dangerous that we can use to see this working?

    thanks
     
  14. Manny Carvalho

    Manny Carvalho Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    270
    I'm not aware of anything like that. You actually have to visit the site to see it being blocked. However, you can choose to add a normal site such as this one to IPblocklist, not to the blacklist since it's not user editable, and see it at work.
     
  15. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    829
    Location:
    UK
    I already have sites in the ip blocklist imported manually but there is nothing in the table.

    Are you sure of this or am i misunderstanding you?
     
  16. Manny Carvalho

    Manny Carvalho Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    270
    The blacklist is the one that you can't see anything unless you visit the site already in the list provided by Agnitum.

    The IP Blocklist you have to create yourself. If you have addresses there then those are ones you added.

    I'm sorry but I don't understand what you mean by table.
     
  17. kronckew

    kronckew Registered Member

    Joined:
    Aug 27, 2006
    Posts:
    209
    Location:
    CSA Consulate, Glos., UK
    simple method. a picture is worth a thousand words.

    advanced settings, ip blocklist, edit list

    type [noparse]www.agnitum.com[/noparse] into the HOST box & click add button & ok back out (OP does the hard work and will lookup
    the IP and replace the url name with the IP and add the url as the 'comment') (my list is from bluetack)

    Capture 003.jpg

    in browser address window type in the ip address & go.

    Capture 004.jpg

    no connection alert...

    go back and remove the entry (it sorts to the bottom until you restart OP)

    try again.

    Capture 001.jpg
     
    Last edited: Aug 11, 2013
  18. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Quick question Manny or whoever would like to chime in....

    As stated above, I'm using this laptop soley for the purpose of malware testing. I am wondering if I should allow this connection, block, or use the browser preset (or download manager preset) Is this connection required to update java? Are there any potential security risks?

    Thanks,
    Toby
     

    Attached Files:

    Last edited: Aug 18, 2013
  19. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    BTW here is my web control settings....
     

    Attached Files:

  20. Manny Carvalho

    Manny Carvalho Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    270
    Well, if you are malware testing then let it go as a browser and see what happens.

    It's the Java updater and as such seems legit. If you are keeping Java - lots of people are saying to get rid of it as I did - it would be best to keep it updated.

    By the way, this outbound connection has nothing to do with web control. This is simply an app requesting permission to make an outbound connection that was intercepted by the firewall.
     
  21. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Thanks Manny....

    Yeah I just posted the web control pic to show what's being blocked when I visit web pages, that's about it. If I disable java completely then I wouldn't be able to visit youtube and such. Would it be safer to choose "allow" or just use the preset brower rules. In other words...does choosing the preset rule put limitations on anything thereby making the system safer? I hope I'm explaining this correctly. o_O

    You had said that you had disabled java. How do you watch videos that require it?

    Thanks again,

    Toby
     
  22. Manny Carvalho

    Manny Carvalho Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    270
    It's safer to limit what apps do. If you allow it as a browser than it can go anywhere. If you create the Allow rule then it limits the app to that site. The preset browser ruleset allows for a far greater range of connections.

    I haven't noticed anything that I can't do without Java including viewing youTube videos.
     
  23. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Thanks for clarifying...

    The thing is that when I disable java in web control I can't watch youtube videos.

    1 more question and this shall be the last.....

    If used for malware testing....any suggestions for rule settings for Internet Explorer (outbound connections, anti-leak settings,etc) Same for explorer & flash...any ideas how to tighten it up?
     
    Last edited: Aug 19, 2013
  24. Circe

    Circe Registered Member

    Joined:
    May 10, 2011
    Posts:
    138
    Location:
    Cheshire, England
    Set Java to prompt, also do not test malware.
     
  25. Manny Carvalho

    Manny Carvalho Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    270
    I don't know what to tell you because I have not installed Java on this machine and have no problems with YouTube.

    As far as hardening IE for malware testing I don't have anything specific for it since anything you do should be overall for everything in your machine. Your security umbrella should take care of it. Most malware now a days try to trick you into clicking malicious links. When you do that then you are basically giving your permission so listening to what the HIPS part of the firewall is telling you and really studying what is going on before allowing it will go a long way in stopping malware.

    I'm afraid there's no magic bullet, your common sense comes closest, when dealing with malware.
     
Loading...
Thread Status:
Not open for further replies.