Re: controling ports

From: pat (hobo@speakeasy.net)
Date: 06/16/02 

From: "pat" <hobo@speakeasy.net>
Date: Sun, 16 Jun 2002 01:00:18 -0400

Hi xy,

It can be done....I think :-). I have a dedicated filter up, no
proxy/application filter yet.

A packet filter will not achieve what needs to be done. Personal firewalls
are dangerous alpha/buggy products at best that do not do the job.....period
(IMHO). I agree with your point on ipsec filters BUT I trust MS code a whole
lot more than any of these "free personal firewalls" code hacks with or
without logs. Their commercial versions are feature oriented and come with
support...but they do not say anything about curing the security holes and
screwy code of their twin free versions.

Controlling and hardening your bx from the OS is by far more secure than
depending on some program to do this for you. Loose control of that program
and the game is over. Case in point, tiny firewall , the main exe was a
trojan ( if you will). It required that you followed the product chat boards
and do a few reg. hacks to protect yourself from being hijacked (mainly
change the name of the exe and update the reg., its like the trojan concept
but in reverse...install trojan and change name so nobody else can use
it...except do not tell anybody just let them figure it some how) I wonder
how many out there are living under a dilution from Tiny Firewalls product.

In any case trojans are not my true concern here. Tunneling and imbedded
rogue scripts are. Case in point I do not want outlook opening port 80 and I
do not want ie opening port 25. I could go down a whole laundry list of
don'ts for exe and ports. I am sure that the port opening behavior of these
programs and others can be customized in the reg. in someway.

I am exploring how to control outlook from executing java among other things
with ie security setting. Any thoughts?

I have never use the reg. to control what programs can be executed by a
user. I believe it is defaulted as a parameters in the default MS gpo inf
files. I am thinking of using it as a "raising the bar"concept. Has anybody
used this and might be willing to pass along a few of their thoughts and
experiences.

I have learned to value what you say (xy) even though I choose to disagree
with you a little today. Thanks for responding.

"x y" <jamescagney90210@excite.com> wrote in message
news:#r7eH#LFCHA.2116@cpimsnntpa03...
> I think you really want to do this with packet filters, ideally with a
> hardware or software filter. I'm not aware of any way of limiting within
IE
> what ports it can and can't use. IE can use any of them. Also,
controlling
> what ports IE or Outlook uses does nothing to stop a trojan from using
those
> ports. Only a port filter on the machine would do this. In win2000 you
can
> do this with IPsec filters, but there is no logging, so if something isn't
> working and you suspect it's being blocked, you have no way of knowing
what
> port to open up. also you have no alerting of hacking attempts and no
> evidence if a hack is successful.
>
> Sygate firewall is free for non-commercial use and gives I think the best
> ability to write very detailed filters for blocking various ports both
> incoming and outgoing. Antivirus and a hardware firewall in addition are
> also very good ideas.
>
>
> "pat" <hobo@speakeasy.net> wrote in message
> news:ugip5dbr3s7n29@corp.supernews.com...
> > Hi,
> > Technet had an article on how to set which and how many ports could
> be
> > opened on a win2000 bx thru the reg. Does any body know it's location on
> > technet.
> >
> > Additional I am try to figure out how to force certain programs (mainly
> > outlook and ie ) to ONLY use certain ports thru the reg. I believe this
is
> > possible but an not sure of the keys and values to use. I would like to
do
> > this for most applications that are aware if possible. In general I am
> > trying to stop rogue apps and scripts from using certain ports at the
> local
> > level without installing additional software.
> >
> > It is possible I have read, I have never done, to state in the reg.
which
> > programs a user may use. What I would like to know and can not find is
> what
> > programs/exe does this NOT effect. Is there a base installed set of
system
> > exe that this does not effect.
> >
> > Thx
> >
> >
>
>