Re: Black Ice and smb

• Next message: Lance Delacroix: "Re: choosing personal firewall ?"
• Previous message: Igor: "Help!: Ravlin II"
• In reply to: Ziggi: "Re: Black Ice and smb"
• Next in thread: Ziggi: "Re: Black Ice and smb"
• Reply: Ziggi: "Re: Black Ice and smb"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Duane Arnold" <darnold92@Insightbb.com>
Date: Thu, 18 Apr 2002 16:34:21 GMT

Hello,

I have not had an occasion to do trusted UDP port acceptance. However I do
use Remote Desktop Sharing of NetMeeting to control my desktop computer with
my wireless laptop computer. I am sure NetMeeting is using UDP ports to
communicate. But all I tell BlackIce on both the machines is to do trusted
IP connections between the two machines. So I don't think you need to do
trusted UDP for your machines behind the router. You may think differently.

If your router works like my Linksys, then using DHCP on the router assigns
a DHCP IP to a computer's nic card MAC address. And that computer will
receive the same IP address each time it boots, until the router is reset
when the router may assign a new IP to the nic card MAC address. That is why
I use trusted IP with BlackIce.

Now on my Win2k machines, I use the same user-id and password on all
machines, and I set the 'Never Expires Password" option so I don't have to
remember various passwords to access machines on my network. I am to old to
have to remember all that and besides, I am behind two firewalls so I feel
safe in doing it that way.

As for Internet Sharing Option on BlackIce, you can be safe in turning on
that option behind the router for your machines. In order for your computers
on a Microsoft network to share resources such as files and printers, three
things must be installed on the computer's network card and they are Client
for Microsoft Networks, File and Printer Sharing for Microsoft Networks, and
Internet Protocol(TCP/IP). And even if you have the File and Printer Sharing
for Microsoft Networks selected for your machines, BlackIce is blocking it.
You may be able to share your Web resources, but I don't think you can share
the other resources of your machines on the network.

There is a third protocol I use on my machines on my network called NetBEUI,
which allows me to see a graphical icon of the machines on my network when I
go to Network Neighborhood. I also must tell BlackIce on all my machines to
allow NetBEUI so that I can see the machine on the network.

Your private network, a private corporate network or the vast public network
is an Internal Network -- (Internet). Please don't confuse the meaning.

With your private Internet behind the router with your server, you must turn
on the Internet Sharing option with BlackIce to share your network
resources.

On the other hand, if you were to do DMZ with one of your computers exposing
it to the public network and it had BlackIce on it, you would turn Internet
Sharing off.

May be someday there will be a BlackIce version for routers like ZA, because
BlackIce is the best out of all of them, in my opinion.

I pH this helps
Duane

----- Original Message -----
From: "Ziggi" <ziggizag@poczta.onet.pl>
Newsgroups: comp.security.firewalls
Sent: Thursday, April 18, 2002 6:26 AM
Subject: Re: Black Ice and smb

> Hi !
>
> Thank you for your prompt reply !
>
> Anyway - if you be so please - let me ask you more :-)
>
> Currently indeed 'internet file sharing' option is disabled, though -
> due to setting firewall setting as described in my original post I am
> able to access files on the server (mostly files on my website).
>
> My question is - what is the right (more safe) configuration (there is
> a network router before the server)?:
>
> 1) Leaving the current configuration and accepting annoying alerts on
> failed SMB login
> 2) Setting "internet file sharing" option enabled
>
> I am not as much aware of the real meaning of this "internet file
> sharing" option - what it really do. I only know that now
> (theoretically) only my workstation is allowed to access ports
> 137,138,139 and 445, so - as the file sharing between my workstation
> and the server is working properly (if neglect these alerts) - I feel
> comfortable that potential intruders from the world will have problems
> to break in (and router's packet filtering makes IP spoofing
> difficult).
>
> In a contrary - I worry enabling file sharing option in the BlackIce
> configuration as I think then the only restriction to access files on
> shared directories on the server is the password system. I don't trust
> it as brute-force password grinding is quite an easy hacking (you know
> - logging in the server's shared directories every day from my
> workstation - I don't like to enter complicated, 20 signs long
> password).
>
> So - I would like to see your advice on the subject.
>
> Thank you,
> Ziggi

"Ziggi" <ziggizag@poczta.onet.pl> wrote in message
news:2f5776b.0204180326.3e0648ea@posting.google.com...
> Hi !
>
> Thank you for your prompt reply !
>
> Anyway - if you be so please - let me ask you more :-)
>
> Currently indeed 'internet file sharing' option is disabled, though -
> due to setting firewall setting as described in my original post I am
> able to access files on the server (mostly files on my website).
>
> My question is - what is the right (more safe) configuration (there is
> a network router before the server)?:
>
> 1) Leaving the current configuration and accepting annoying alerts on
> failed SMB login
> 2) Setting "internet file sharing" option enabled
>
> I am not as much aware of the real meaning of this "internet file
> sharing" option - what it really do. I only know that now
> (theoretically) only my workstation is allowed to access ports
> 137,138,139 and 445, so - as the file sharing between my workstation
> and the server is working properly (if neglect these alerts) - I feel
> comfortable that potential intruders from the world will have problems
> to break in (and router's packet filtering makes IP spoofing
> difficult).
>
> In a contrary - I worry enabling file sharing option in the BlackIce
> configuration as I think then the only restriction to access files on
> shared directories on the server is the password system. I don't trust
> it as brute-force password grinding is quite an easy hacking (you know
> - logging in the server's shared directories every day from my
> workstation - I don't like to enter complicated, 20 signs long
> password).
>
> So - I would like to see your advice on the subject.
>
> Thank you,
> Ziggi

• Next message: Lance Delacroix: "Re: choosing personal firewall ?"
• Previous message: Igor: "Help!: Ravlin II"
• In reply to: Ziggi: "Re: Black Ice and smb"
• Next in thread: Ziggi: "Re: Black Ice and smb"
• Reply: Ziggi: "Re: Black Ice and smb"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint