Does this hurt my protection? [Resolved]

[Guest]

[Júštiñ™]

Hi,

In the Network Monitor I have it set so both protocols IP In and IP Out with bothset as Allow. Will these settings hurt my security?

Regards,

Justin
 

[Eric Cryptid]

As far as I can tell... Yes it will! If you turn off the block to allow all, it will allow all incoming traffic into your computer. for all intesive purposes your turning off your firewall when you do not block incoming traffic.

[panic]

Hi,

In the Network Monitor I have it set so both protocols IP In and IP Out with bothset as Allow. Will these settings hurt my security?

Regards,

Justin
 

Hey Justin,

Eric is spot on! Setting IN/OUT to ALLOW for all IP addresses is the same as not having a firewall in the first place.

IN/OUT for all IPs on your LAN is fine, but definitely not for all IPs everywhere.
IN for all IPs should be set to BLOCK.

While this second rule might seem like you are stopping all inbound traffic, it is only stopping unsolicited[/u] traffic from outside your LAN. If you send a request outside of your LAN (like for a web page etc.), the response from the required address is allowed back in because the originating request came FROM you, not from the remote IP.

In geek-talk, this is the three way handshake that IP requires.

Assume that "A" is YOU and "B" is a web server somewhere.

1) "A" sends" what is known as a "SYN" packet to "B".
2) "B" responds with a "SYN-ACK" packet to "A".
3) "A" in reply sends an ACK packet.

In 1) "A" is basically asking if "B" is out there (SYNchronise reuest).
In 2), "B" is saying it exists (this is the ACKnowledge bit) and checking if it can get back to "A" (SYN).
Step 3) is where "A" ACKnowledges the SYN request from "B".

At the end of the process, both "A"  and "B" have not only established that they both exist and can send and receive data on the appropriate ports, but they have also established the route (or data traffic path) between themselves.

CPF is sitting on the perimeter of your system examining every packet of data that leaves your PC and every packet of data that tries to get to your PC. It job is to filter what goes in or out, baased upon the rules you've defined.

Hope this helps,
Ewen :-)

[timcan]

Hi guys, If justin is behind a nat router I believe he's still ok. My router serves as an inbound firewall.  tim

[drhayden1]

curious.......i'm the one that has the topic ...network monitor... i think its on page 2 now(see reply 11..that's the way mine set-up up).....read......when i added my network to the trusted zone both my ip in and out are set as allowed............you said some do and so don't.......if mine is set that way when i added it should i leave as is?? .............i'm also behind a router(wireless)with wep and spi firewall.....(NAT)

[gwheaton]

What should be in the Network monitor for rules?

I think I might have deleted something by mistake.

Right now I have allow in and out for my home network and that is all.

Thanks

[Eric Cryptid]

You still need a software firewall even though you are behind a router!

Routers do have a hardware firewall installed but this doesn't mean they block everything. Trojans and and other malicious still gets through. It's all about packet inspection with routers but you still need a software firewall to protect your system completely! I use a Linksys Wireless gateway at home as I have a laptop instead of a standard pc. Previously I used to use McAfee and it recorded at least a couple of hundred blocked events each day, sometimes as many as 1000. The router is like a first line of defense but ITS ESSENTIAL to have a software firewall. If you're going to allow all incoming traffic then essentially you arent using a software firewall. And what happens if you take your laptop with you somewhere? you can't trust someone elses router and certainly not a hot spot to protect your computer!

BLOCK INCOMING TRAFFIC! For your own good!

[drhayden1]

EricEgan.........should i go and block my incoming after i did the trused zone thing it set both as allowed.....i also have a laptop with a linksys router with speedbooster........the other topic told me to leave as both allowed................i'm confused.. : allow or blocked or allowed or blocked.....even gone to the help section under network monitor and on the network after doing trusted zone it shows ip in allowed............i want to do the right thing.....security wise

[panic]

EricEgan.........should i go and block my incoming after i did the trused zone thing it set both as allowed.....i also have a laptop with a linksys router with speedbooster........the other topic told me to leave as both allowed................i'm confused.. : allow or blocked or allowed or blocked.....

I think you need to get your head around how the firewall rules work.

There are three basic rules that really should exist before you start defining custom rules to suit your environment/applications.

RULE 1
SET UP YOUR HOME LAN AS A TRUSTED ZONE
Setting up your LAN as a trusted zone, is basically telling the firewall to allow all traffic inbound and outbound BETWEEN PCs THAT HAVE AN IP ADDRESS THAT IS WITHIN THE RANGE DEFINED AS YOUR HOME LAN. This is at the absolute exclusion of any traffic leaving your trusted zone (your home LAN) and going out onto the internet.

RULE 2
ALLOW YOUR PCs TO GET TO THE INTERNET AND TO RECEIVE DATA FROM THE INTERNET
You need another rule that allows outbound traffic from your home LAN to ANY. This rule will allow PCs on your home lan to get to the internet and to accept valid responses from the internet.

RULE 3
BLOCK UNSOLICITED TRAFFIC FROM THE INTERNET
The next rule you need to have is to BLOCK ALL INBOUND from the internet. This rule blocks only unsolicited inbound data from the internet. It does not block traffic from the internet that is sent to you in response to a request that came from your PC.

These three rules should appear IN THIS ORDER, as the firewall applies the rules in the order they appear in the rules list.

These three rules are the cornerstone of securing your PC. You may have applications that require specific rules or you may run some sort of serverfrm your PC that needs to receive incoming requests, but these three rules are your bread and butter.

Hope this helps,
Ewen :-)

P.S. If I got any of this wrong, or if you can explain it better - jump on in. I think this type of query is going to be relatively constant as more and more people hop on board the Comodo train, so we may as well try and formulate a definitive document that we can point new users to.

cheers
ewen :-)

[timcan]

Hi EricEgan,  I admit that I have both of the default network rules in place(allow ip out)and (block ip in). I feel better with this if something happened to my router and had to connect directly to the modem.  Many people connect using nothing but a router as firewall protection.

[drhayden1]

panic.......i just went to the network monitor......network control rules.....and set my trusted zone in..............now BLOCKED................curious though why are the 2 default ones that were there in the first place have to stay under my in and out from my trusted zone....go to the network monitor topic on page 2 now and look at reply 11 and they told me that way was the correct way.................thats why i was confused.......hearing both ways ???even when i went to the help section .....network monitor.....i saw the picture of the network control rules and the trusted zone one....ip in was allowed.....understand why i am messed up

[panic]

G'day again,

I hope this is the posting in "network monitor" you were referring to.

****************************************************

ip 0.......allow...ip out....any......zone(my network).....any

ip 1.......allow..ip in....zone(my network)...any.....any

then the 2 i just did

ip 2....allow.....ip out.....any..........any.......any

ip 3....blocked.....ip in....any.....any......any

******************************************************

If this is the post you were on about, then this is exactly what I described except what you have defined above as "ip0" and "ip1" can be set as a single rule;

allow - ip in/out - from zone (your LAN) - to zone (your LAN) - any

Hope this helps,
Ewen :-)

[panic]

panic.......i just went to the network monitor......network control rules.....and set my trusted zone in..............now BLOCKED................curious though why are the 2 default ones that were there in the first place have to stay under my in and out from my trusted zone....go to the network monitor topic on page 2 now and look at reply 11 and they told me that way was the correct way.................thats why i was confused.......hearing both ways ???even when i went to the help section .....network monitor.....i saw the picture of the network control rules and the trusted zone one....ip in was allowed.....understand why i am messed up

G'day again,

I just re-read your post and used ALL my brain this time. LOL.

I noticed that you said you have changed your network rule for your trusted zone to blocked. Why?

Providing you have defined the zone according to the IP address range used by your PCs, changing this rule to BLOCK will stop the other PCs on your LAN talking to this PC.

Let's go back to step 1.

We'll have to make a few assumptions.

Assume that you have 2 PCs and a router and this constitutes your home LAN.
Your router has an IP address of 192.168.1.1.
Your PCs IP addresses are 192.168.1.2 and 192.168.1.3.

In CPF, you need to define your home LAN as a trusted zone. You need to provide a name for the zone and a start and end address for the devices within the zone. The name can be anything, I usually use "Home LAN". The start address, following the assumptions made above, is 192.168.1.1 and the end address is 192.168.1.255. This allows any device on your network whose IP address starts with 192.168.1 to be treated as within the trusted zone.

The next step is to add a network rule that uses the defined trusted zone. The rule should be;

Allow ..... tcp/udp - in/out ..... zone (your lan) .....zone (your lan) ..... any

This rule tells the firewall to allow tcp and udp packets to be sent to any other PC in the trusted zone and to allow tcp and udp packets to be received from any other PC in the trusted zone.

At this point, all PCs on your home lan should have access to all other PCs on your home lan.

Please note that this rule has NO BEARING WHATSOEVER on a PCs ability to get onto the internet. This is because the rule specifically refers to the trusted zone, and we have  set the zone up with an address range of 192.168.1.1 - 255. This address range CANNOT refer to anything on the internet, they are reserved IP addresses for private usage.

The two default rules are what determines your PCs ability to send and receive data from the internet. Notice how they do not include a reference to the zone?

As you have described them,

ip 2....allow.....ip out.....any..........any.......any

ip 3....blocked.....ip in....any.....any......any

"ip2" allows any your PC to send IP data out to ANY address on the internet. As your PC is sending a request to the internet, the firewall WILL accept a response to your request.

"ip3" blocks all IP data received from any address on the internet that IS NOT RECEIVED AS A RESULT OF YOUR PC ASKING FOR THE DATA TO BE SENT.

In a nutshell, three rules are sufficient - allow my lan to talk amongst itself, allow my PC to talk to the internet and block all data from the internet UNLESS I ASKED FOR IT.

Hope this helps,
Ewen :-)

[drhayden1]

not really......any way you can send a pic(jpg)..
here is the way it is on my screen now

0.......allow.....ip out......any........zone.......where ippronto is any
1....blocked....ip in.........zone.......any........where ippronto is any
                               then the 2 defaults ones


i think we posted at the same time.......i have only 1 pc

[drhayden1]

ok......just go to the ip in on my trusted zone and change back to in to allow.......is the set up like the help section pic on the network control zone.......are the default ip2 and 3 working with my trusted zone.......that's why i didnt understand....

[Tags:]