I waited til I had a couple questions 'cause I know you’re all busy:
Is there harm in giving (Defense+) Windows System Application privileges to non-Windows applications that I believe to be righteous? In an attempt to insure that certain apps ran with carte blanche I went ahead and did this for Perfect Disk and a few others. Bad Idea? Is “Trusted Application” more liberal?
I’m behind a Zyxel 660R-ELink router (I mention the name hoping one familiar with/having same might have specific tips) and have configured the security settings within as strict as possible but it doesn’t seem to have a firewall per se. I’ve Blocked and Logged all incoming and currently have a Global to allow all outgoing traffic (with some fairly tight application rules) - should I restrict this to my trusted zone? or is Allow IP Out okay?
It took me five tries to log in to the forum just now (this is not the 1st time) is this a common phenomenon for others as well?
Thank you for your consideration, and apologize in advance for any/all obtuse queries. (:NRD)
The Predefined Security Policies give the same access rights and Protection Settings to both, so I use them interchangeably depending on the particular application. Don’t know if there is anything more subtle.
You don’t need a global allow out at all. If allowed by the application rules and not blocked by the global rules, it goes out. I have no global rules and all works fine. Blocking and logging the incoming will catch everything except the SPI inbound responses (DHCP, DNS, …).
I have my login set to forever, but when I log on and off occasionally it works the first time.
OK, I do have a WOS rule to allow UDP and TCP out for the same reason of occasional blocks at that level. But what you show is an incoming DNS response from your router, which usually doesn’t appear if your internet link is up because it is allowed by SPI. ???
I change my configurations manually (rather than import/export) for different situations and may have had something locked for a second (I’ll disable a connection sometimes until I’m sure my rules are safe) when that particular (type) block occurred. I’ve dropped the inbound rules completely until I show blatant evidence of a need for them.