This is my first post here, and I’m a bit of a computer idiot, so this may be a dumb question. I have two PCs, and there are two more in this household, all connected through a router to a cable modem. I guess that would be the LAN network. I want my two PCs to be totally unable to access each other, and I don’t want anyone else on my local network to be able to access anything on either of my PCs.
Now one of my PCs has CIS 4.1, Firewall & Defense +, with Avira free as the antivirus. On this one, I go to Stealth Ports Wizard, and I check Block all incoming connections and make my ports stealth for everyone. Now this is exactly what I want. Problem is, I installed CIS 2011 on my other PC, set it to proactive defense, and I go to Stealth Ports Wizard, and this option is not available anymore. I do not want to be alerted to incoming connections and make my ports stealth on a case by case basis, so forget that option. The other one wants me to define a new trusted network and make my ports stealth for everyone else. Well, I want my ports stealthed to anyone on any network, because I don’t trust anyone on any network. So how do I do this on CIS 5? Should I put trusted network to loopback zone or what? Why doesn’t CIS 2011 have the “Block ALL incoming connections and make my ports stealth for everyone” option, like CIS 4.1 does. This disturbs me greatly. Perhaps CIS 2011 defaults to the block all incoming option, but I have no idea if this is the case. So, having said what I am trying to do here, how do I set up CIS 2011 to do this, i.e., Block ALL incoming connections and make my ports stealth for EVERYONE? Thanks, and I apologize if this is a stupid question, but please enlighten me.
loopback (127.0.01) is by definition your own local computer, and has nothing related even to lan.
I’m not sure that the stealth port wizard shall have whatever efficiency when speaking of lan communications. Did you test the results of such rules from inside the lan?
Of course, setting custom rules in the firewall is the best idea and quite easy to achieve, but you don’t want to.
If the stealth port wizard does not do the job (it actually exists under cis5, but as far as i remember, i am not presently running cis5, now in the various firewall settings tabs), you could try, in the same location, to set as a blocked zone the lan ip you don’t want, but i’m not sure it would work either speaking of lan.
Note that, unless some lan hacking is suspected, other computers won’t see anymore of you that your mere existence(i.e. won’t be able to browse and open anything) if you have no windows shares.
If you have some for whatever reason (ftp…), they should not be global (i.e. not at the root of whatever partition) and password protected.
It is truly odd your v5 Proactive does not have the “Block all incoming connections and make my ports stealth for everyone” option in Stealth Ports Wizard.
Can you post a screenshot of the Stealth Ports Wizard?
My apologies, Eric. My secondary PC is set up with an older monitor which is normally farther away than it ought to be. When I read your post, I got real close to the screen and could see the scroll bar. I simply couldn’t see it before, the way I have that PC set up. Had it been on my other PC with the bigger and better monitor, I’d have seen it right off. The option is indeed there after all. My Bad. Thanks for responding and sorry to trouble everyone. By the way, I think this is a fantastic product, hard to believe it is free! This software is simply great!