Opening Port? OLE any use?

Hi all,

My first question, which is also the easiest, is, is Application analysis really necessary for the security of a computer?

My second question, is that I am running a apache webserver with optional SSL support. I need to open port 80 and 443. My server worked before installing CPF on it. How can I allow traffic safely thru port 80 and 443 and still be protected from hackers? Talking about hackers, how does CPF warn you, when a DoS attack happens? And is the default settings for DoS attackes good enough for a server?

Thank you for all the help, and I await eagerly for a reply.

Cheers! (L) (B)

Assuming you mean Application Behavior Analysis (or ABA), then yes it is necessary… this is the element of CFP that catches all the leak tests.

Assuming the Apache web server opens and listens on 80 & 443, then other than answering a CFP pop-up or 2, then you shouldn’t need to do anything. However, if the inbound connection on TCP 80/443 is unsolicited (ie. Apache does not have the ports open & listening), then you will need to create a custom rule in the Network Monitor to open these ports.

Looking at CFPs Log is a good way of checking to see if CFP is blocking something & a good guide to what you need to open/change.

On a DoS attack CFP says “Suspected DoS Attack” (or something like that) in the Log & blocks the activity for 5 minutes (by default). If you need to tweak the DoS & Flooding/Scanning, really does depend on how much throughput your server handles & what it is doing. You might well need to increase the counts/durations. Again, use CFPs Log as guide to what you might need to increase… if any of these events are triggered, then CFP will state it in the Log.

Hi!

I have found out that rule no. 5 (See screenshot) is blocking my webserver. I would like to know, if its okay to delete this rule, or should I create a new one? I would like to use the solution that provides the best security. If I have to create a new rule, what should I do? Just FYI, my server runs on port 80 with SSL on port 443. It also has a sub-domain name (xxxx.hopto.org).

Also by application analysis, I mean the OLE automation alerts. I would like to disable this as some people using my computer have no computer knowledge, and I do not want to them to block something they shouldn’t. I won’t switch OLE alerts off if it isn’t good for server security standards… thanks!

[attachment deleted by admin]