Re: how to on firewall

From: donut (none_at_none.com)
Date: 08/26/03 

Date: 26 Aug 2003 07:13:37 GMT

"RB" <rbigg@seii.net> wrote in news:bierb3$t4u$1@news.utelfla.com:

> I'm an old guy who doesn't know beans about the ins and outs of
> computers. I do like using mine, but am not yet as knowledgeable as
> I'd like to be.
>
> I need help on a pc firewall issue. I have Kerio. If I set the
> security level where it should be, several things happen which are not
> good, from a convenience aspect: (the firewall is doing its job):
>
> a. The firewall frequently alerts. It does this whenever I go to and
> from web sites, or change web pages at a site. It does it at other
> times, too.
>
> b. Certain web sites and/or web pages won't load because of blocking
> action by the firewall.
>
> Without a better state of knowledge, my action is to "deny" all
> alerts.
>
> What I need is some simple rule of thumb which tells me which alerts
> it's OK to let through, and which to deny----bearing in mind letting
> something in sets a rule for future occurences from that source.
>

>
> I have no idea what kind of alerts bad cookie or malware/spyware
> coming in presents. I do know that when I run Adaware and Spybot
> weekly, both usually catch several items.
>
> So, what kind of simple rule can I adopt that will let me permit
> "good" activity, and deny "bad" activity in a quick way?
>
> Thoughts/comments appreciated.
>
>
>
>

Kerio requires "rules" which comprise a "ruleset." The rules tell it what
to block and what to allow.

When you get those alerts, some rule has been triggered.

Now, where did you get the ruleset your firewall is using? Likely, Kerio
built it using the info you provided it by either allowing or denying
certain activities.

It comes with a very small default ruleset that denies almost nothing.

Basically, you want to allow your trusted applications (email, browser,
etc.) while disallowing everything else. Some people like to use Kerio like
Zone Alarm (popup alerts) but that is just scraping the surface of what
this powerful, customizable firewall is capable of.

> It's probably OK and even desireable to let certain apps in, and to
> let my computer communicate/respond outbound for certain apps. The
> trouble is that I don't know which is which just from the info the
> alert presents me.

Actually, this is exactly backwards logic. You should not allow ANYTHING in
that you yourself have not initiated.

The apps that you allow need to connect outward only.

Just for starters, right click the Kerio icon in the toolbar, and choose
"administration." Now click the "advanced" button. This will open up the
ruleset and allow you to see exactly what Kerio is and is not allowing.

Green means allowed, red means disallowed. The arrows indicate which
direction the rule applies to.

Choose one and click on "edit." Don't worry, you aren't going to change
anything.

Now you can see how a Kerio rule is built, and how you, as the user, can
build any rule you want for any application. This is the hidden power of
Kerio. Now, just cancel your way out, and nothing has changed.

I suggest you take a look at this page to learn more about Kerio and how it
can work for you:

www.geocities.com/yosponge

Sponge does the best job I've seen of making this easy for the newbie to
understand and put to use.

Quantcast