Re: ZA Conceptual Question

From: Steve (pearsons_11112@mindspring.com)
Date: 10/30/02 

From: Steve <pearsons_11112@mindspring.com>

Still confused.

I set the internet zone firewall to high, which according to what it
_says_, allows only broadcast/multicast. Allow outgoing ping is _not_
checked. Why then does program controls prompt me when I ping an address on
the internet? It seems that the option to check or uncheck "Allow outgoing
ping" is superfluous. ZA leaves it to program controls in either case. So
that means there's no way to control outgoing ping except with program
controls. What am I missing? Thanks.

"David" <davidwnh@adelphia.net> wrote in
news:8yIv9.1419$6g.189441@news1.news.adelphia.net:

> There is plenty you can do with the firewall settings.
> Program controls will not by themselves control traffic to a server
> application. The high security setting blocks incoming unsolicited
> traffic. The program controls will not by itself open a port for
> incoming unsolicited traffic. The program controls do not of
> themselves know which ports a program needs. If you run a webserver on
> port 80 for example you would have to use the firewall controls to
> specifically open port 80 if you are in high security mode. You may
> allow all access to it in the program settings, however it will not
> receive incoming unsolicited traffic unless you open the port via the
> custom firewall setting. The firewall controls give you much better
> control over what is and isn't allowed. You can close ports to
> incoming unsolicited traffic if you are running in medium security for
> example via the custom settings. It is also via the firewall settings
> that NetBios,ICMP, etc. default settings are set or overridden so that
> you can customize each security level to your own needs.
>
> Program settings allow control over incoming and outgoing traffic that
> is "initiated from within". It will not override firewall settings
> that block "unsolicited" traffic. This is the key that most miss. The
> firewall rules are absolute with regard to unsolicited traffic. There
> is a huge difference in the handling of incoming traffic that is
> unsolicited and incoming traffic which is a response to your own
> outgoing traffic. Unfortunately due to ZL's ignorance to the need for
> good documentation, this is not apparent unless you thoroughly read
> the somewhat lacking documentation.You have to really dig deep into
> the documentation or run a server application to figure this out.
>
> The firewall settings will also allow you to block all outgoing
> traffic on a port in custom settings regardless of program settings.
> This is feasible with certain protocols that normally use specific
> ports on both ends of the connection (NetBios). That is why NetBios
> access is controlled here. If you block it here it will override any
> program settings that try to allow it. Since many programs chose a
> somewhat random high port to initiate a connection from, it is not
> usually possible to control a client program this way without
> affecting other programs also.
>
> With the firewall setting on high security you are not blocking any
> ports(Netbios,etc. aside) to user initiated traffic unless you
> specifically block them in the custom settings. All it really does in
> this instance is pass the control of user initiated traffic to the
> specific program settings. You are not overriding the firewall rules
> with program control settings, because the default high security
> setting is not blocking these ports to user initiated traffic to start
> with! The only instance where the program settings override the
> firewall settings is if you allow unsolicited inbound on a port via
> the firewall settings then block that traffic through the specific
> program setting.
>
> Anything you block by firewall rules is ALWAYS absolute. You will not
> override this with program settings. The high security setting alone
> is just not blocking as much as you think it does.
> Start thinking of ports as one part of an addresses instead of
> doorways and you might just start to understand this.
>
>
>> | Hmm...that's not my understanding at all. Program controls allow
>> | you to control both accepting and initiating connections (both of
>> | which involve inbound and outbound packets). By default program
>> | controls accept or reject without respect to port number, but that
>> | can be tuned as well (I can't think of any use for this). So
>> | apparently there's nothing you can do with the firewall that you
>> | can't do with program controls. Perhaps
> the
>> | intent is just a convenient way to shut down a port regardless of
>> | the program involved.
>>
>> The firewall rules are absolute, unless program controls over
>> ride
> them.
>> By example, if you set firewall security to Low, you will only have
> program
>> controls operating within the firewall package. This will leave all
>> ports open to any incoming packets. If an incoming packet activates
>> a sleeping trojan, theoretically, you should get an outgoing program
>> permission box. However, if that trojan is "spoofed" to look like
>> another program, you may not get that box. Additionally, at Low
>> setting, you NetBIOS and shared ports are open and available as well
>> (assuming your OS is not configured
> to
>> close them). No setting within program controls can close those, or
>> any other ports (except with respect to specific programs). So, I
>> don't see
> how
>> just the program controls could be used as an effective firewall
>> setup.
> You
>> could control outbound fairly well with just that, but your inbound
>> would
> be
>> wide open.
>>
>>
>
>

Relevant Pages

  • Re: Deep Throat
    ... this port by default: ... >>Norton Firewall, can you block inbound traffic and allow ... >>Your browser will be checked for installed ActiveX ... >>ActiveX controls are a kind of enhancement plugins for ...
    (microsoft.public.security.virus)
  • Re: ZA Conceptual Question
    ... > There is plenty you can do with the firewall settings. ... > Program controls will not by themselves control traffic to a server ... > port 80 for example you would have to use the firewall controls to ...
    (comp.security.firewalls)
  • Re: ZA Conceptual Question
    ... Go into firewall custom settings. ... ZA leaves it to program controls in either case. ... >> port 80 for example you would have to use the firewall controls to ...
    (comp.security.firewalls)
  • Re: Deep Throat
    ... Norton Firewall 2004, but are so annoying that they keep ... >Port 1025 will have to be open to out bound traffic, ... >Your browser will be checked for installed ActiveX ... Invocation of secure ActiveX controls ...
    (microsoft.public.security.virus)
  • Re: ZA Conceptual Question
    ... There is plenty you can do with the firewall settings. ... The program controls will not by itself open a port for incoming unsolicited ...
    (comp.security.firewalls)