Zonealarm and defualt protection?

Discussion in 'other firewalls' started by dja2k, May 12, 2005.

Thread Status:
Not open for further replies.
  1. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Is there any advanced options hidden in zonealarm that would have to be changed from the defualt presets. I mean things like allow or deny ports. Anything that is know to be better if changed. I mean the defualt pass most tests , but maybe there are some hardening stuff to put on it.

    dja2k
     
  2. Arup

    Arup Guest

    Just make sure to uncheck server rights for any programs, most are set to ask, just block it and block explorer's net access too.
     
  3. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Are there any ports that should be blocked manually that are different from the defualt ones?

    dja2k
     
  4. Arup

    Arup Guest

    Uncheck the server rights and do a scan at Sygate as well as GRC site, you should not be behind a router as that would bring in wrong results, see if any ports are open.
     
  5. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    ZA has always stealthed everything on my machine, no problems there..
     
  6. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    never seen anything in ZA to control port access, seeing as it is an application based firewall, and not a rules based one (ie it configures it automatically dependant on what apps you let through).

    Everything should be in full stealth mode. But changes you can make include moving the trusted zone security from medium to high. And turning on 'automatic lock' <set to when your screensaver starts>
     
  7. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    You can do rules in ZA Pro and Plus... Not easily, but it's possible..
     
  8. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    ah, have only ever used the free version :)
     
  9. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Yes it is fairly easy to do rules in zonealarm, yet there are no places to find custom rules for each app; well none that I have found. Yes there is a place to block ports under the FIREWALL>INTERNET SECURITY>OPTIONS. I remember back in the day, people recommended blocked some ports there, but don't remember which ones and if they are still a threat today. By defualt, yes all ports seem to be stealth.

    dja2k
     
  10. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    If I remember right (I'm not running ZA Pro right now so I can't look), I think you can create rules for each app as well as general system rules. Look again. I'm almost certain you can do app rules. From my experience though, they were a pain in the ass to do..
     
  11. Arup

    Arup Guest

    Yep, in ZAP, app specific as well as system specific rules can be created but you do have to remember to give them the right priorities or else they will cancel each other out, rule making is not at all easy as in Kerio2x where we just have to make sure to position the rule right.
     
  12. MushfiQ

    MushfiQ Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    131
    Just curious...among the ZA series...which is the lightest version & perhaps a bit stable?
     
  13. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    I like the older ZA Plus 4.0. Has all the modern conveniences without all the bloat. Very stable also.
     
  14. Arup

    Arup Guest

    Agreed but the latest ZA has very good SPI as well.
     
  15. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    If you don't mind turning all the unessential things off, the current version is as light on ram use as any of them I think.
     
  16. MushfiQ

    MushfiQ Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    131
    Kerodo...actually am tempting to try ZA + CHX combo so was wondering which version of ZA i could implement. Arup already guided me several time...thx to him as always. Or perhaps will try out Netvda. Gotta love application filtering plus component control of ZA or Netevda along with CHX :cool:
     
  17. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    If you're just using ZA for app filtering with CHX, then you could try the old ZA 2.6.362. It's very minimal. However, I don't think it's much ligher on ram usage than the new ZA, so it's kind of a toss up. Also, if you use ZA Pro, you'll get component control too.
     
  18. MushfiQ

    MushfiQ Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    131
    Thx Kerodo...i am trialing the new ZA pro tonight on my box alone....so far so good...doing pretty well no slowdown at all. Just kept that adblocker & antivirous monitoring off....taking only 11-13 mb memory on my box..havent noticed CPU usage either for almost 4 hrs now :) Liked the component control in it..a bit like which the new version of Outpost have too :)
     
  19. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    Yes, I am using Outpost Pro right now with good results myself. Liking it as much as ZA. Both are good... Glad ZA is working well for you too.. :)
     
  20. Jazzie1

    Jazzie1 Registered Member

    Joined:
    Dec 5, 2003
    Posts:
    174
    Hi All!

    I have found that CHX-I and ZA/ZAP work best together. If you want tighter control of your apps, then use the Pro version with component control. I also turn everything else (bloat) off and use 11 k, which is ok by me. No conflicts, what so ever....

    Regards
    Jazzie
     
  21. MushfiQ

    MushfiQ Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    131
    I have a small questiont o ask for....under programs when i rite click which i allowed already if u rite click >>optios>>under advanced Control >> There are 2 option one is to access the internet & the other one Aloow Open Process...what is this if i allow it? or what does it do..if anyoen could enlighten would appriciate that...cheers
     
  22. Jazzie1

    Jazzie1 Registered Member

    Joined:
    Dec 5, 2003
    Posts:
    174
    MushfiQ--

    You don't need to enable inet filtering with ZA(P) & CHX-I. That defeats the purpose of having one fw, filter packets and the other apps. Just set the free version to it's highest application filtering level (medium) and keep the inet filter on LOW (off).. Under Advanced options, set wether you use ICS and the gateway (192.168.*.*) for your nic, if using a router... Don't use double filtering at the packet level, this will cause conflicts for sure.

    Regards,
    Jazzie
     
  23. Arup

    Arup Guest

    Jazzie,

    I was actually thinking, if we are totally stealthed using CHX, wouldnt' it be a better idea to run something like SSM or PG which offers better outbound monitoring and guarding instead of using ZA or for that matter any other firewall for just outbound protection.
     
  24. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    SSM or PG don't offer any outbound protection in terms of connections to the internet. So for that, you would need some form of firewall type software. At the moment, one of the firewalls is the only thing that would do the job.
     
  25. Arup

    Arup Guest

    SSM does monitor TCP stack for any activity either by browser or some other app trying to access it, correct me if I am wrong.
     
Loading...
Thread Status:
Not open for further replies.