I waited til I had a couple questions 'cause I know you’re all busy:
Is there harm in giving (Defense+) Windows System Application privileges to non-Windows applications that I believe to be righteous? In an attempt to insure that certain apps ran with carte blanche I went ahead and did this for Perfect Disk and a few others. Bad Idea? Is “Trusted Application” more liberal?
I’m behind a Zyxel 660R-ELink router (I mention the name hoping one familiar with/having same might have specific tips) and have configured the security settings within as strict as possible but it doesn’t seem to have a firewall per se. I’ve Blocked and Logged all incoming and currently have a Global to allow all outgoing traffic (with some fairly tight application rules) - should I restrict this to my trusted zone? or is Allow IP Out okay?
It took me five tries to log in to the forum just now (this is not the 1st time) is this a common phenomenon for others as well?
Thank you for your consideration, and apologize in advance for any/all obtuse queries. (:NRD)
The Predefined Security Policies give the same access rights and Protection Settings to both, so I use them interchangeably depending on the particular application. Don’t know if there is anything more subtle.
You don’t need a global allow out at all. If allowed by the application rules and not blocked by the global rules, it goes out. I have no global rules and all works fine. Blocking and logging the incoming will catch everything except the SPI inbound responses (DHCP, DNS, …).
I have my login set to forever, but when I log on and off occasionally it works the first time.
Regarding #2: I too had no allow global out rules until recently when I’d log blocks like:
WOS Blocked UDP from 192.168.1.1 Port 53 to 192.168.1.13 (static) Port 4000(+range)
while there were only a couple of these, I had some difficulty with (even w/ netstat -ano) locating the source - but noticed no impedance in function, so the rule goes.
Thanks again.
(ps. So the only distinction between Trusted and Windows System is the name unless I modify these settings?)
OK, I do have a WOS rule to allow UDP and TCP out for the same reason of occasional blocks at that level. But what you show is an incoming DNS response from your router, which usually doesn’t appear if your internet link is up because it is allowed by SPI. ???
I change my configurations manually (rather than import/export) for different situations and may have had something locked for a second (I’ll disable a connection sometimes until I’m sure my rules are safe) when that particular (type) block occurred. I’ve dropped the inbound rules completely until I show blatant evidence of a need for them.