Re: PC Tools Firewall Question
- From: Maximum Dog4 <MaximumDog4@xxxxxxxx>
- Date: Sat, 17 Mar 2007 10:50:39 GMT
louise wrote:
Maximum Dog4 wrote:
louise wrote:
<snipped>
So I tried Kerio 2.1.5 which is light and "to the point". I added the rules you suggested about port blocking and all is running beautifully and taking minimal resources.
This seems questionable as to just what are you trying to accomplish.
I also found a site that gave tips on setting rules for kerio and, for whatever they are worth, I'm passing the Shields UP tests on both my desktop and my portable.
So, it's to be assumed that the two machines that are connected to your router, the LAN or Local Area Network, are never to share resources or network between the two, which are the ports you're blocking below with the PFW.
<snipped>
Ports 137-139 are your NetBios ports, which, unless you are on a local
area network, probably should be blocked. Most firewalls have NetBios
<snipped>
If the machine is never to network, then simply remove MS File & Print Sharing and Client for MS Network off of the NIC (Network Interface Card) and those ports you have blocked including port TCP 445(NT based O/S such as XP) are not open *period*. You don't need to set any rules with a PFW for those ports as they are not open.
Thanks for your suggestions about port blocking.
Why are you blocking the Windows Networking Ports while your machines are setting behind a NAT router and those ports are closed to the WAN/Wide Area Network - the Internet, by default?
No computer from the Internet can get to your machines on those ports and network with a machine, because they are behind the router.
That's unless *you* configured the router to open those ports. If you didn't do that, then it's a moot point of you setting rules with the PFW running on the computer to block the ports.
It only makes sense to set PFW rules to close those ports if the machine had a direct connection to the modem and therefore to the Internet. You don't want the machine in that networking situation -- that's bad.
The other reason would be that your laptop was on a LAN wireless or wired and it was not your LAN. It would be another reason you would want to set rules to close 137-139 UDP and 445 TCP with a PFW or remove the services off of the NIC to close the ports so that the machine couldn't network.
You seem very confused.
I may be very confused - but I'm not sure where my confusion is and perhaps someone could explain it.
My laptop and desktop are not networked and do not share files and/or printers. I don't want to remove this capacity (by removing files), as I might want to network them at some point in the future, but right now they are not networked and I don't want them to be.
You're not removing files. All you're doing is removing the services off of the NIC, unbinding them off of the NIC, so no networking with the machine is possible. If you do want to network the machine at a later time, then you simply bind the services/protocols back on the NIC.
I sometimes use my laptop on other wireless connections that are open and available either in other locations, or even in my own house if I'm doing a lot of uploading with my desktop. I also use it at friend's houses - they frequently haven't secured their networks. In other words, there are times when I hook into someone else' network - someone who has left their network unsecured. So, I certainly want my ports blocked at those times, don't I? My laptop travels many places and finds signals when possible.
If you unbind the networking services off of the NIC, the machine cannot network. The networking ports are not open, period, because the services that would open the networking ports to allow networking are not on the NIC and are not active.
Why is Kerio such a questionable product? My impression was that it was more reliable than Sygate, clearly doesn't transmit the virus that PC Tools seems to be transmitting and does not drain resources the way Sunbelt/Kerio or Outpost do. I regret being unable to use Comodo but it conflicted with both WinFaxPro and also with the spam filter I use with OUtlook.
This has nothing to do with the PFW, but rather, your ability to understand, control and protect the O/S, which removing the networking services off of the NIC protects the O/S, since you have no intention of the a machine ever being in a networking situation -- not even on your LAN.
You remove the services off of the NIC, the machine cannot network no matter what you connect the machine to in a LAN situation or the machine is directly connected to a modem and the Internet/no router between the modem and the computer. It flat-out cannot network when the services are not there.
So, could you please explain what I'm confused about so that I can learn? I thought I'd done a good job :-)
You go to the O/S and configure it/harden it to attack, not the PFW. You understand and learn how to control and protect the O/S.
http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm
This link may help you understand. You un-check Client for MS Network and MS File&Print sharing and the machine *cannot* network *period*.
http://www.practicallynetworked.com/sharing/xp/network_protocols.htm
.
- References:
- PC Tools Firewall Question
- From: louise
- Re: PC Tools Firewall Question
- From: Bullseye
- Re: PC Tools Firewall Question
- From: louise
- Re: PC Tools Firewall Question
- From: Maximum Dog4
- Re: PC Tools Firewall Question
- From: louise
- PC Tools Firewall Question
- Prev by Date: Re: PC Tools Firewall Question
- Next by Date: ZA Pro won't let me download anything!
- Previous by thread: Re: PC Tools Firewall Question
- Next by thread: Re: PC Tools Firewall Question
- Index(es):
Relevant Pages
|
