User Needs Help With Advanced Firewall Recommendation

Hello,

Here's a question for those security savvy users out there. I have a program that needs to access the internet in order to run, but I don't want some of the information I put into the program to be sent over the internet.

I think some form of advanced firewall is the answer, but I'm not sure. The firewall would have to enable me to block some outbound information sent by the program, while allowing other outbound information.

Obviously, I could just set the program's firewall permission to "ask" each time a connection to the internet was attempted. The problem with such an approach is that I would not know what connections to allow and which ones to deny.

Does anyone have any ideas/solutions? Perhaps a firewall that would allow me to see exactly what data was being transmitted before it was sent?

 

There is no safe way to do that, once an application has online access it can send pretty much whatever it wants if it really wants to. There are some firewalls which can detect specified plain text being sent but as soon as the data is modified (not even necessarily encrypted) you are out of luck.

 

I have figured out a possible solution:

Allow the program to connect to the internet. Once a connection has been established, set the firewall to block any outbound traffic for that program.

I know of plenty of firewalls that allow you to set a program's permissions to "outbound only"--do you know of a firewall that will allow me to set the program's permissions to "inbound only"

 

Is there some discernable difference in the information that's being sent? If there are differences, such as the data being sent to a different IP address or if it's sent using a different port or protocol, then specific firewall rules may control it. If all the data is sent to the same place, using the same protocol, on the same ports, then there's nothing a firewall can do to help you.

A packet sniffer can enable you to see the outgoing traffic, but it doesn't mean that you'll be able to read what's being sent. If your question is more to the effect of "is there a firewall that will let me see the outbound traffic in an easy to read text form?" there isn't one that I know of.
Rick

 

Years ago I had a Norton Firewall, 2000 I think, which had a facility that would alert the user to any user-specified text attempting to be sent. Passwords CC numbers etc might be the sort of thing you would elect to enter, but I haven't seen anything like it since.

 

Most traffic with the internet is a 2-way proposition... if you open up ports and allow inbound traffic, then there will also be outbound responses to that. If you block that, then there will be no communication at all, more or less. Same goes if you allow the outbound, then there will be resulting inbound... What you are trying to do is not really the job of a firewall. There needs to be some other way to limit or stop your information flow.

 

I looked into WireShark and installed it on my machine. The difficulty was that I couldn't tell with certainty what information was being sent--and as a complete novice in the field I was somewhat overwhelmed by the various packets that were being transmitted. That being said, I will take a closer look at the IPs and see if there are any clues there.

What do you all think of the following potential solution:

Set up two computers and have one computer access the internet and then send the data to a second computer that would not be connected to the internet.

Can anyone envisage a simple solution that would allow me to isolate a computer from the internet, while still allowing it to get information from the internet through another computer?

 

I read this question and I don't think a firewall will be able to do what you want. Using an analogy, it sounds like something like this - I want to do online banking (which requires internet access), but I don't want my personal information to be transmitted over the Internet. Unfortunately, online banking requires a user to provide authentication in order to use the service. If you refuse to provide the authentication, then you can't use online banking.

 

It seems like you are trying to scan every transmitted packet of information from your PC and the Internet (inbound and/or outbound). I understand your concern about what is actually being zipped back and forth when you go to websites. But with the constant pingings and other "noise" that occurs when you surf across the Internet, you would be pretty much tied down with examining each data packet and not being able to do much else, IMHO. I think that isolating a PC from the Internet and transferring some of the information from another PC could be simply accomplished by just copying info to a flash drive on one PC and then transferring it over to another. But I guess what you want to accomplish isn't as simple as that?