small question regarding firewall configuration

I'm using ZoneAlarm firewall and found an option called "lock hosts file."
Should I use this option to prevent qhost infection, or should I just leave it unchecked?
What about "Enable ARP Protection?"
Please advise.

 

Hi!
yes, lock host file will lock the 'hosts' not allowing modifications. Other software may need to hook on hosts file so double check is not causing conflicts....

Not an expert on ARP but according to the manual "ARP protection will block all incoming ARP (Address Resolution Protocol) requests except broadcast requests for the address of the target computer. Also blocks all incoming ARP replies except those in response to outgoing ARP requests"

If you are alone in the LAN its not needed... and if your LAN is populated by trusted PC also will be not needed.

Cheers,
Fax

 

Hello:

You have a response to your ZA questions.

FWIW, I agree, lock host and block ARP as it matches my security policy of block by default and allow by exception. You may be alone on the LAN now but that has an odd way of rapidly changing.

I don't know if you use a host management system but in my case I have the BISS Host manager and it renders the host file read only. So there may be doubling up for you on locking it if you did both a FW lock and a BISS type lock.

Out of curiosity only, how do you use your Host file? For 127.0.0.1 loopbacks or do you also put addresses you want to resolve in the list thus saving DNS lookups?

Take care!