Re: ZA Conceptual Question

From: David (davidwnh@adelphia.net)
Date: 10/31/02 

From: "David" <davidwnh@adelphia.net>
Date: Thu, 31 Oct 2002 01:57:50 GMT

Go into firewall custom settings. In there are ICMP settings as well as
other fine tuners. You can override the defaults for high security here.

"Steve" <pearsons_11112@mindspring.com> wrote in message
news:Xns92B782F2595F7pearsons11112mindspr@140.99.99.130...
> Still confused.
>
> I set the internet zone firewall to high, which according to what it
> _says_, allows only broadcast/multicast. Allow outgoing ping is _not_
> checked. Why then does program controls prompt me when I ping an address
on
> the internet? It seems that the option to check or uncheck "Allow outgoing
> ping" is superfluous. ZA leaves it to program controls in either case. So
> that means there's no way to control outgoing ping except with program
> controls. What am I missing? Thanks.
>
> "David" <davidwnh@adelphia.net> wrote in
> news:8yIv9.1419$6g.189441@news1.news.adelphia.net:
>
> > There is plenty you can do with the firewall settings.
> > Program controls will not by themselves control traffic to a server
> > application. The high security setting blocks incoming unsolicited
> > traffic. The program controls will not by itself open a port for
> > incoming unsolicited traffic. The program controls do not of
> > themselves know which ports a program needs. If you run a webserver on
> > port 80 for example you would have to use the firewall controls to
> > specifically open port 80 if you are in high security mode. You may
> > allow all access to it in the program settings, however it will not
> > receive incoming unsolicited traffic unless you open the port via the
> > custom firewall setting. The firewall controls give you much better
> > control over what is and isn't allowed. You can close ports to
> > incoming unsolicited traffic if you are running in medium security for
> > example via the custom settings. It is also via the firewall settings
> > that NetBios,ICMP, etc. default settings are set or overridden so that
> > you can customize each security level to your own needs.
> >
> > Program settings allow control over incoming and outgoing traffic that
> > is "initiated from within". It will not override firewall settings
> > that block "unsolicited" traffic. This is the key that most miss. The
> > firewall rules are absolute with regard to unsolicited traffic. There
> > is a huge difference in the handling of incoming traffic that is
> > unsolicited and incoming traffic which is a response to your own
> > outgoing traffic. Unfortunately due to ZL's ignorance to the need for
> > good documentation, this is not apparent unless you thoroughly read
> > the somewhat lacking documentation.You have to really dig deep into
> > the documentation or run a server application to figure this out.
> >
> > The firewall settings will also allow you to block all outgoing
> > traffic on a port in custom settings regardless of program settings.
> > This is feasible with certain protocols that normally use specific
> > ports on both ends of the connection (NetBios). That is why NetBios
> > access is controlled here. If you block it here it will override any
> > program settings that try to allow it. Since many programs chose a
> > somewhat random high port to initiate a connection from, it is not
> > usually possible to control a client program this way without
> > affecting other programs also.
> >
> > With the firewall setting on high security you are not blocking any
> > ports(Netbios,etc. aside) to user initiated traffic unless you
> > specifically block them in the custom settings. All it really does in
> > this instance is pass the control of user initiated traffic to the
> > specific program settings. You are not overriding the firewall rules
> > with program control settings, because the default high security
> > setting is not blocking these ports to user initiated traffic to start
> > with! The only instance where the program settings override the
> > firewall settings is if you allow unsolicited inbound on a port via
> > the firewall settings then block that traffic through the specific
> > program setting.
> >
> > Anything you block by firewall rules is ALWAYS absolute. You will not
> > override this with program settings. The high security setting alone
> > is just not blocking as much as you think it does.
> > Start thinking of ports as one part of an addresses instead of
> > doorways and you might just start to understand this.
> >
> >
> >> | Hmm...that's not my understanding at all. Program controls allow
> >> | you to control both accepting and initiating connections (both of
> >> | which involve inbound and outbound packets). By default program
> >> | controls accept or reject without respect to port number, but that
> >> | can be tuned as well (I can't think of any use for this). So
> >> | apparently there's nothing you can do with the firewall that you
> >> | can't do with program controls. Perhaps
> > the
> >> | intent is just a convenient way to shut down a port regardless of
> >> | the program involved.
> >>
> >> The firewall rules are absolute, unless program controls over
> >> ride
> > them.
> >> By example, if you set firewall security to Low, you will only have
> > program
> >> controls operating within the firewall package. This will leave all
> >> ports open to any incoming packets. If an incoming packet activates
> >> a sleeping trojan, theoretically, you should get an outgoing program
> >> permission box. However, if that trojan is "spoofed" to look like
> >> another program, you may not get that box. Additionally, at Low
> >> setting, you NetBIOS and shared ports are open and available as well
> >> (assuming your OS is not configured
> > to
> >> close them). No setting within program controls can close those, or
> >> any other ports (except with respect to specific programs). So, I
> >> don't see
> > how
> >> just the program controls could be used as an effective firewall
> >> setup.
> > You
> >> could control outbound fairly well with just that, but your inbound
> >> would
> > be
> >> wide open.
> >>
> >>
> >
> >
>

Relevant Pages

  • Re: ZA Conceptual Question
    ... There is plenty you can do with the firewall settings. ... The program controls will not by itself open a port for incoming unsolicited ...
    (comp.security.firewalls)
  • Re: ZA Conceptual Question
    ... > There is plenty you can do with the firewall settings. ... > Program controls will not by themselves control traffic to a server ... > port 80 for example you would have to use the firewall controls to ...
    (comp.security.firewalls)
  • Re: ZA Conceptual Question
    ... I set the internet zone firewall to high, ... ZA leaves it to program controls in either case. ... > There is plenty you can do with the firewall settings. ... > port 80 for example you would have to use the firewall controls to ...
    (comp.security.firewalls)
  • Solution! mIRC: DCC Send Firewall Problems (Or running a server)
    ... you are behind a firewall, I have found it is best to leave the firewall ... that you should NOT check "Enable Firewall support for: Server, ... Port:" should be able to handle port 1080, but if it doesn't, then enter ... know is that I have a firewall and it works fine with these settings. ...
    (comp.security.firewalls)
  • Re: XP Less Secure than 98 for Sharing Files
    ... Ever tried chasing up settings ... > that and/or your firewall supports it) or running with no firewall. ... If you have TCP/IP loaded at all, regardless of NetBEUI, and have Internet ...
    (microsoft.public.windowsxp.security_admin)