So i changed some things in comodo firewall.
(For the non-germans: Ausgehend = Outgoing, Eingehend = Incomming… also I´m pretty much using the default settings for webbrowser/ftp/mail/…)
1st i changed the network zone to a list of trustfull IP´s i know. Then I changed some of the rules.
I have no real rule for svchost.exe… is that fine?
Maybe I´m allowing too much to system/windows operating system/… ?
Here is how it looks like:
Firewall Behaviour Settings:
Network Security Policy:
This is how the global rules look like:
!!! Instead of Home-Network2 there should/is be Home-Network !!!
!!! Instead of Home-Network2 there should/is be Home-Network !!!
!!! Instead of Home-Network2 there should/is be Home-Network !!!
(Only the Loopback and Network-Home Network-Zones are finished. I actually want to change all the other Network Zones to a list of single IP adresses too?)
Is all that fine? With the single ip list instead of the standart scheme… the system & global rules… no svchost rule,… ?
Thanks
You have various ranges that suggest your computer connects to various networks. Can you tell us more about this and what the various networks are meant for?
Some things that caught my eye. Home-Network 2 encompasses Home-Network; you can remove the Home-Network as it is covered by Home-Network 2.
About Wlan Patrick. What is it for? It is in the 169 range.
The zone for your HTC phone. Would one address be enough? How are you connecting to your HTC for what purpose?
You have a range for your Thomson. Is that a Speedtouch modem/router?
actually i wanted to remove home-network2 as it allows all pc´s in my network to freely send/recive data? i thought about removing home-network2 and using home-network with a list of trustfull IP´s ? It should be more secure than allowing everyone in the network to connect?
Wlan Patrick is my wlan at home. I have a Wlan hub and it seems that 169 is the IP which the wlan hub gave me (DHCP?)
The HTC Phone: I sometimes use my HTC Phone to thether its internet.
Thompson: Random network i once was connected via wlan.
Also: What about the svchost rules and explorer.exe,… ?
thanks
You could consider limiting the incoming traffic for svchost.exe to only allowing traffic from your router.
mhh okay… but i thought more about limiting the svchost connectivity only to things which it rly should connect to… so virus files that are calling themself “svchost.exe” won’t be allowed.
what about explorer.exe
and what about the home-network. Is an IP-List with single-trusted-ip´s more safe?
Thanks
That is possible but is a bundle of work.
so virus files that are calling themself “svchost.exe” won’t be allowed.
CIS recognises files by their hash codes not by file names. When a virus is calling its self svchost or scvhost it will be sandboxed because it is an unknown file or when not using the sandbox you will get an alert that unknown file wants to…
what about explorer.exe
I have it set to Outgoing Only. Which is a more loose type of setting probably. Keep in mind that Explorer is a protected file so malware cannot stealthily sneak up on it; it is protected by D+ in the first place.
and what about the home-network. Is an IP-List with single-trusted-ip´s more safe?
Thanks
A limited list is always more secure.
Since you seem to connect to various networks you could consider making separate configurations for separate situation. Say for exampl one for public hot spots and one for you home situation. This is a bunch of work though.
hmm okay i will set svchost.exe to only accept traffic which is comming from my router (so for each network i would have the router into my “router-network-zone” ?).
Well its not that much work to make an ip-adress list? I just use “netscan.exe” to scan all devices in my network… and the ones which i trust/need access to will be added to the list (so only ~5 IP´s in my network).
For public networks: Is there a way to pre-configure such network rules already? Cause comodo will ask me for what kind of network it is, i select public… but still it will create a network zone / rule which will allow everyone in the network to access me. So i always have to manually edit it. And why is comodo doing that all ? Isn’t that very insecure?
Thanks
Oh and one more question: By doing an IP list, could i prevent Man-In-the-middle attacks (password sniffing) ? By sniffing my passwords, he would have to get the packets from my pc and then re-send them to the router. But comodo wouldn’t allow someone to get my Packets if its device/ip isnt on my list?
Indeed
Well its not that much work to make an ip-adress list? I just use "netscan.exe" to scan all devices in my network.. and the ones which i trust/need access to will be added to the list (so only ~5 IP´s in my network).
Only if their IP addresses are fixed.
For public networks: Is there a way to pre-configure such network rules already? Cause comodo will ask me for what kind of network it is, i select public.. but still it will create a network zone / rule which will allow everyone in the network to access me. So i always have to manually edit it. And why is comodo doing that all ? Isn't that very insecure?
It will only add the Network Zone to the list; it does not allow access from the network. Nor does it work like Windows which allows you to define Public and Private network settings for connections
The adding of Network Zones is a courtesy to the user to make rules making easier.
Oh and one more question: By doing an IP list, could i prevent Man-In-the-middle attacks (password sniffing) ? By sniffing my passwords, he would have to get the packets from my pc and then re-send them to the router. But comodo wouldn't allow someone to get my Packets if its device/ip isnt on my list?
CIS has the ability to [url=http://help.comodo.com/topic-72-1-206-2029-Advanced-Settings.html]Protect the ARP cache[/url] to protect against this man in the middle attack.
okay thanks… i will use a list of IP´s for my home-network (or generally networks i often use and which have fixed IP´s). for the rest i will leave the standart network zone that is getting created.
I have no rules for svchost & explorer.exe
ARP Cache is already getting protected… but that doesnt prevent password sniffing :S … guess i will use HTTPS & VPN for that.
