Firewall and bridge.sys

VB - read up on the firewalls before suggesting that people drop one for the Windows Firewall. While the Windows Firewall is the absolute MINIMUM in protection, there are better products (and just about anything on the market is better) than it.

Better forget Sygate and use the Windows-Firewall.

Yours, VB.

That wasn't his question.

Isn't it a good rule of the thumb to block everything you don't use? That includes most system files.

Yes. But it's the answer to his question.

No. It's a result of the lack of knowledge.

Yours, VB.

VB, that violates security norms - if you don't need something, block it, in fact block it with fully.

Only allow access to the internet for things that need internet and then only to the connections/services they need.

That is nonsense. I block everything I do not use. That includes remote/local ports on tcp/usp/icmp, in/out, unused services, and block application access to remote ports they do not require. When I installed Sygate, I knew nothing about firewalls. It took me 3-yrs to learn about these computer/internet features so I could set up a firewall properly and completely. Casey

:> > Isn't it a good rule of the thumb to block everything you don't use?

:> No. It's a result of the lack of knowledge.

:That is nonsense. I block everything I do not use.

As do we. The regulations we operate under mandate it: that in any situation in which we have a firewall at all, we are required to actively manage outbound traffic as well as inbound, and may only permit the outbound traffic that we have determined to be -necessary- for the network operations approved under our security policies.

If you block ALL OUTBOUND and INBOUND by default, then only open OUTBOUND for the need ports and then only for the internal IP's that need those ports, then you are doing it right.

If you only allow inbound to specific nodes depending on need an port/service type, then you are doing it right.

If you're "blocking" sockets on 127.0.0.1 or sockets, which your filtering application uses, this is just a result of the lack of knowledge.

If you're using Sygate any more, you are just knowing not much about firewalls yet.

Yours, VB.

That is nonsense. I block everything I do not use.

Sygate doesn't have the ability to block local host 127.0.0.1

I don't think, that you're blocking everything you don't know, but I think, that you know what is running on your boxes, and are blocking anything what you don't want to have.

Am I right?

So why driving an ALG on Windows and then blocking it? Why not just shutting down?

Yours, VB.