Protections with (various) Ports...

Discussion in 'other firewalls' started by saxofun, Feb 24, 2004.

Thread Status:
Not open for further replies.
  1. saxofun

    saxofun Registered Member

    Joined:
    Feb 17, 2004
    Posts:
    17
    To protect me, I have blocked the incoming and outgoing TCP and UDP on port 25 (in fact from port 1 to 79), and incoming TCP and UDP on port 110. Fine... :D

    But after that, I have permitted the outgoing TCP on port 25 and 110 to received/send my mails with OutlookPro2000 (application=mapisp32.exe). :)

    By having open those ports, even restricted (outgoing, application), have I exposed my PC to vulnerabilities or is it enough? o_O

    If you have some advice to add some restrictions to thoses "permit" rules, you are welcome ! ;)


    - Since these are virtually the same question, and are actually firewall related, I've merged them together and moved them to "other firewalls". LWM
     
  2. saxofun

    saxofun Registered Member

    Joined:
    Feb 17, 2004
    Posts:
    17
    Protection with Ports 80, 81, 82, 8080 and 443

    To protect my PC, I have blocked incoming TCP and UDP on ports 80, 81, 82, 8080 and 443. Fine... :D

    But after that I have permitted the outgoing TCP on those ports to be able to surf on the net... :)

    By having open those ports for outgoing TCP with no other restriction, have I exposed my PC to vulnerabilities or is it enough? o_O

    If you have some advice to add some restrictions to thoses "permit" rules, you are welcome ! ;)
     
  3. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    Saxofun,

    These questions are all related to how you are using your firewall. From another earlier post it seems you have "Kerio Personal Firewall 4.0" (as mentioned here), and in that thread you had block all DNS access (UDP Port 53), which you really should not do. (There are points and questions remaining in that thread that you have not yet replied to.)

    The problem is with how you are using the firewall. You should not need to block all these ports specifically, all unsolicited access should be blocked by default, as long as you haven't created unnecessary allow rules.

    By creating these extra block rules and then having to add those additional allow rules, you may be weakening your security not making is stronger. You make any mistakes with the scope of these rules and suddenly you may allow far more than you think.

    You really might want to return to the original defaults and then ask some of the Kerio users here what else would be good to add to that.
     
  4. saxofun

    saxofun Registered Member

    Joined:
    Feb 17, 2004
    Posts:
    17
    LowWaterMark

    Thank you for your reply

    As for my previous post I have corrected the problem. I have corrected the problem. I had just forgotten to include the secondary DNS of my ISP... :oops:
    Concerning the UDP port 53, Il allow just a specific range of address directed to my ISP and deny the rest to block intrusions. :cool:

    As for this actual post, I don't think I am weakening my securities by:
    blocking the blocking the incoming TCP/UDP
    AND
    allowing the outgoing TCP/UDP on common ports

    I just want to know if I shoud be more specific on the way I have allowed those incoming traffic... :doubt:
    What do you think?

    Thank you for your advices! ;)
     
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    It's very difficult to advise on this when we are only speaking in generalities. Not knowing exactly what rules you added, but only going by a general description of them makes it unlikely that anyone can tell either - this is good or this is bad.

    Perhaps it'd be best to post the specific rules here so the experts in rules-based firewalls can review them, then you can be sure one way or the other.
     
  6. saxofun

    saxofun Registered Member

    Joined:
    Feb 17, 2004
    Posts:
    17
    I will soon post my set of filter rules to get you comments on it. ;)

    It is always a pleasure to learn every day from experts! :D

    What would be the best to attach: an export of my settings in .cfg, a screenshot in jpg, other? :doubt:

    Thank you for your reply. :cool:
     
Loading...
Thread Status:
Not open for further replies.