Configuring Firewall

That depends on your computing behavior and whether you are the sole user of your computer.

Hi there. I have Sygate Personal Firewall Pro and currently I have it set up to allow the programs I have on my computer that use the net to have access to all ports and protocols and to be able to act as a server and a client. Is it worth setting it up so each app has only access to the protocols etc that it needs?

Thanks

michNOSPAMael snipped-for-privacy@hotmail.com (Michael_jd) wrote in news:4272df5c$ snipped-for-privacy@news2.actrix.gen.nz:

Application Control in a PFW solution is bloat junk and if you depend upon it, it will open the door for you to be burnt eventually.

Duane :)

Hi Michael. If you are running a single computer connected to internet, I would recommend you set up Sygate the way I have mine. I have used Sygate for about 4-yrs. My approach is to "Block Everything I Do Not Use". In Application Rules, (1)you Allow all applications that you want to connect to internet. (2)In Applications Rules--Advanced, you allow each application to only connect to the remote ports that each one uses. (excluding all other remote ports) Browser-80, 443; mail client-25,110; mail client-119 etc... As you set up the App. Rules and if you are in doubt about what remote port an application needs, look in the traffic log. It will be listed there. Allow each app. to act as client. Do not allow any app. to act as server unless it won't work otherwise. In Advanced Rules, (1)Allow TCP, UDP and ICMP remote/local ports incoming/outgoing that you use and block all others. (2)Block undesirable sites using IP numbers or number blocks. Casey

I agree completely with this method... after using sygate for roughly a year or so I am quite happy with not only the relatively easy way of setting up rules for the applications that connect to the net, I also like the feature of being able to see which ports and remote ports that the applications are using.

This feature was very useful when I was setting up a server-like computer to my hardware router/firewall. Using the traffic log I was able to see what needed to be connected and was able to see what happened when specific apps were blocked.

It is also Very useful for blocking ip addresses and ip ranges that attempt to hack my FTP server... Very annoying, but relatively easy to fix.

Side note - allowing all is more like paying for a car and then never using it. There might be things that it will still block but I am not really aware of any real functional reason to allow all.

Anyhow... its a great program!

What I have is an FTP server that only allows IP specific connection to my server...

When a foreign IP attempts to login the FTP server logs the IP and then denies them. I look at my log, NeoTrace back to the ip if I dont like the location where its coming through I will go and set and advanced rule in my sygate firewall to block either a specific IP (which 1 rule only allows for 5 IPs if I remember correctly) or an IP range.

Then in theory that ip is not even allowed in to access my FTP server because it has been blocked before it enters my system...

I'd like to think of it as semi-secure... but I'd rather not be hacked to find if it really is. (lol, if you cant see it its not there... right?)

So thats what I do for one of my systems.

I am not sure if it will detect FTP attacks simply because I want my FTP server to be semi-visible in order to have my associates connect to it from the outside world. I will have to check into that if there is a feature that will assist with that.

-Demon

Could you elaborate a little on how Sygate helped you accomplish this? Was it just with the IPs in the log or does it have any feature to detect FTP hacks?