Re: should these be connecting to the internet?

From: N. Miller (anonymous_at_discussions.microsoft.com)
Date: 09/11/04


Date: Fri, 10 Sep 2004 16:34:20 -0700

In article <6005702b.0409091550.3e5fd311@posting.google.com>, Mike Henley
says...

> Hi... I'm using Kerio personal firewall 4, I have to decide about the
> following whether i should allow or deny them access to the internet
> or/and the "trusted" zone

> 1. LSA Shell (export version)
> 2. Windows NT Logon Application
> 3. Userinit Logon Application
> 4. Microsoft File and Printer Sharing
> 5. Kerio pesronal firewall GUI

> I'm using windows xp sp2 on a single home machine. Thanks

Pay close attention to the destination of the requested connection.

I don't have a WinNT kernel computer (NT/2K/XP) so I can't address items one
through three definitively, but...

2 & 3 should be okay for localhost only.
4 should be okay for the LAN only.
5 should be okay for localhost only (unless it is a setup for remotely
administering Kerio on another computer; I have version 2.1.5, and allow
remote administration).

The key is to know whether the destination IP address is 127.0.0.1
(localhost), or your LAN IP address range, or the Internet. I suspect that
none of those items should be allowed onto the Internet; block them all
(from access to the Internet), and back up if that breaks something.

-- 
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint


Relevant Pages

  • Re: Event id 529
    ... I guess these are infected win boxes on the internet doing scans for other vulnerable boxes and trying to login with some standard/random usernames/passwords. ... Of course, you could do that with any sniffer/packet capturing tool like Ethereal or Network Monitor, but I think as a first step windows firewall would be easier to use. ... Event Type: Failure Audit ... Logon Failure: ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Event id 529
    ... The machines are not accessible from the Internet. ... I don't have access to my Network ... Logon Failure: ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Researching TS for new setup
    ... "Amanda" wrote: ... Logon: In ADUC we set the account to only logon to the TS, ... as in where between the internet connection coming ... Can this be setup so that two locations, Hotel A and Hotel B which are ...
    (microsoft.public.windows.terminal_services)
  • RE: Researching TS for new setup
    ... Logon: In ADUC we set the account to only logon to the TS, ... need a program like Cybersitter to keep people from undesirable sites. ... as in where between the internet connection coming ... Can this be setup so that two locations, Hotel A and Hotel B which are ...
    (microsoft.public.windows.terminal_services)
  • RE: Researching TS for new setup
    ... Wow Amanda, ... Logon: In ADUC we set the account to only logon to the TS, ... as in where between the internet connection coming ... Can this be setup so that two locations, Hotel A and Hotel B which are ...
    (microsoft.public.windows.terminal_services)