Re: What should I block out with my new firewall software?

From: Duane Arnold (notme_at_notme.com)
Date: 02/14/04 

Date: Sat, 14 Feb 2004 03:09:55 GMT

rladbury@kittymail.com (Bob Ladbury) wrote in
news:e8bf8c5c.0402131813.149cfab9@posting.google.com:

> After much deliberation, it looks like I'm sticking to my good ol'
> Kerio Personal Firewall v2.15. I still don't know much about net
> communications, but I'm learning by entering configurations from
> people like SpongeBob. I'm wondering if there are major things I can
> block out that I don't use or need, like UDP or TCP. Reason I ask is
> that I believe I'm getting "pinged"; one of my rules is telling me
> that a couple of different remote addresses are trying to use XP's
> "Generic Hosts Processes for Win32 Services" at local ports
> 2265,2266,2267 through the TCP out protocol. At the same time, I'm
> also getting warnings I don't understand from XP's SYSTEM, UDP IN and
> TCP IN at ports 135-139. I got the W32 blaster worm yesterday that
> went through port 135, so for all I know, this could be local worm
> activity or attempts from outside hackers to penetrate these ports.
> Hence the reason I'd like to block ALL UDP and TCP, if I can get away
> with it, and tell Kerio to eliminate whatever other net services I
> don't need. I don't know what these protocols are used for, but here's
> what programs I use on my HOME system, that access the net:
>
> - Web
> - Email
> - P2p
> - occasionally software that needs to be updated
>
> What I DON'T use or want to use is:
>
> - Microsoft's web updates
> - local home networks
> - file/printer sharing (already turned off)
>
> ...and a bunch of other stuff I can't think of. Do I need MS's
> "svchost"? It runs like a half dozen processes in the background, and
> really gobbles up memory and keeps bothering my firewalls.
>

The protection of the NT based O/S starts at the O/S. Kerio, the AV and
everything else is scondary to the O/S. If you have a direct connection
to the Internet and not be behind a router or such, then it is important
that you go to the O/S and *harden* it to attack.

http://www.uksecurityonline.com/index5.php

Duane :)

Relevant Pages

  • NetMeeting Through a NAT Router?
    ... Windows firewall is disabled but I am running Kerio Personal Firewall, ... I can receive incoming incoming calls and sound, ... just open a few ports to it's impossible don't try. ...
    (microsoft.public.internet.netmeeting)
  • Re: Kerio 2.1.4 Reboot with NetBIOS
    ... > Has anyone had any problems with Kerio Personal Firewall 2.1.4 causing ... > problem with SP1 and SP2). ... The problem is when Kerio brings up the ... > screen about NetBIOS and file sharing etc. if i disable NetBIOS (in ...
    (comp.security.firewalls)
  • Re: Kerio Personal Firewall help! help!
    ... Fogar writes: ... Your Kerio firewall will block everything that has no rule inplace to ... Log on to www.webbbs.org and check out the WebBBS Secure Information Server, one of the most unique and secure web servers available for Microsoft Windows operating system. ...
    (comp.security.firewalls)
  • Re: kerio/etrust/w2k
    ... >> A google search shows a similar problem to mine with Kerio and Etrust ... >> Kerio, over the existing install, all seems to go well until it comes ... >The best approach is to do a clean install of the O/S and install the ...
    (comp.security.firewalls)
  • Re: Kerio continously downloading/uploading, why ????
    ... >I've just installed Kerio Personal Firewall. ... >the "Opened Connections at locahost" window, ... >PFWADMIN.EXE program is continously downloading data at an average of>4 ... Why does Kerio firewall need to do this? ...
    (comp.security.firewalls)