Outbound firewall software

Hi uk.comp.*

I think it's time I installed some outbound firewall software. I have a
router with built in firewall to protect my LAN from the WAN side, but I
think it's time to do some more locking down.

Day to day use on my machine is by five users all using fast user
switching on restricted accounts. There's one administrator account
which is used solely for setting up hardware/software.

What I'd like is a program where Administrator can configure what
applications or processes can connect out to the Internet. I'd prefer
to be able to set it so this was relaxed for LAN connections.

It's very important though that only Administrator can allow what
programs are and are not acceptable. Normal users shouldn't be offered
the chance to connect out at all. The machine is used by a couple of
inexperienced computer folk, and I'd prefer them not just to be able to
click 'Yes' to allow something when they aren't sure what it is they're
allowing.

Any suggestions for any software?

Thanks in advance for any replies

On 30 Sep 2004, in uk.comp.security, NoSpam wrote:

>It's very important though that only Administrator can allow what
>programs are and are not acceptable. Normal users shouldn't be offered
>the chance to connect out at all.

I've been using (and am happy to recommend) Tiny Software's firewall, or
Kerio v2.1.x (see <http://www.321download.com/LastFreeware/>) and there's
a newer version from Kerio which you can try for 30 days... You could set
up to block 'any application' 'any IP' and 'any port' as the last rule (so
users would not be prompted to add rules/allow connections) and disable the
particular rule when you are doing maintenance to add new application.

For the LAN, you could add a rule to "allow IP range", but how complex the
set of rules will become is a little difficult to guess when you need LAN
access to be more generally open...

Also, any application you do allow might not use all its expected ports
when you are creating rules, so some might 'fail' even when you want your
users to be able to use such an application. As an example - if you used
Real Player (OK, perhaps not one you'd generally permit, but suitable for
explanation)... it will make use of various ports... typically 554, 3030,
7070 and 8200, but some radio service may use other ports... eg WGN 5544
so by default it would end up blocked if the final rule is 'stop access'.

NoSpam wrote:

> Hi uk.comp.*
>
> I think it's time I installed some outbound firewall software. I have a
> router with built in firewall to protect my LAN from the WAN side, but I
> think it's time to do some more locking down.
>
> Day to day use on my machine is by five users all using fast user
> switching on restricted accounts. There's one administrator account
> which is used solely for setting up hardware/software.
>
> What I'd like is a program where Administrator can configure what
> applications or processes can connect out to the Internet. I'd prefer
> to be able to set it so this was relaxed for LAN connections.
>
> It's very important though that only Administrator can allow what
> programs are and are not acceptable. Normal users shouldn't be offered
> the chance to connect out at all. The machine is used by a couple of
> inexperienced computer folk, and I'd prefer them not just to be able to
> click 'Yes' to allow something when they aren't sure what it is they're
> allowing.

I *think* SPF can do that. Not sure as I don't have access to a windows box
atm - www.sygate.com. It'll certainly block outbound.

On Thu, 30 Sep 2004 02:53:00 +0100, NoSpam <(E-Mail Removed)> wrote:

>Hi uk.comp.*
>
>I think it's time I installed some outbound firewall software. I have a
>router with built in firewall to protect my LAN from the WAN side, but I
>think it's time to do some more locking down.

Kerio Personal Firewall 4
http://www.kerio.com/kpf_download.html

--
Dave Mason

Zone Alarm Pro works well, with a password facility to prevent users
changing things. Users will get alerts when traffic is blocked, so get them
to run through the simple tutorial to understand what's going on.

www.zonelabs.com

--
####################
## PH, London
####################
"NoSpam" <(E-Mail Removed)> wrote in message
news:415b66ea$0$20253$(E-Mail Removed)...
> Hi uk.comp.*
>
> I think it's time I installed some outbound firewall software. I have a
> router with built in firewall to protect my LAN from the WAN side, but I
> think it's time to do some more locking down.
>
> Day to day use on my machine is by five users all using fast user
> switching on restricted accounts. There's one administrator account
> which is used solely for setting up hardware/software.
>
> What I'd like is a program where Administrator can configure what
> applications or processes can connect out to the Internet. I'd prefer
> to be able to set it so this was relaxed for LAN connections.
>
> It's very important though that only Administrator can allow what
> programs are and are not acceptable. Normal users shouldn't be offered
> the chance to connect out at all. The machine is used by a couple of
> inexperienced computer folk, and I'd prefer them not just to be able to
> click 'Yes' to allow something when they aren't sure what it is they're
> allowing.
>
> Any suggestions for any software?
>
> Thanks in advance for any replies

"Philip Herlihy" <(E-Mail Removed)> wrote in message
news:cjjl66$r61$(E-Mail Removed)...
> Zone Alarm Pro works well, with a password facility to prevent users
> changing things. Users will get alerts when traffic is blocked, so get
them
> to run through the simple tutorial to understand what's going on.

Does it still curl-up and die when it hits (IIRC) 500 event messages?

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!

>> Zone Alarm Pro works well, with a password facility to prevent users
>> changing things. Users will get alerts when traffic is blocked, so
>> get
> them
>> to run through the simple tutorial to understand what's going on.
>
> Does it still curl-up and die when it hits (IIRC) 500 event messages?
>
How about crashing when you try and use netmeeting on NT 5.x? (ie
2000/XP)
I personally use kerio, and although its a very thorough software
firewall, i can see it being too much for many inexperienced home users.
Having said that, I haven't tried simple mode.
Does ZA integrate with SP2 yet? Kerio have recently released an update
so it does.
G

On Mon, 04 Oct 2004 09:11:23 GMT, "Hairy One Kenobi"
<abuse@[127.0.0.1]> wrote:

>"Philip Herlihy" <(E-Mail Removed)> wrote in message
>news:cjjl66$r61$(E-Mail Removed)...
>> Zone Alarm Pro works well, with a password facility to prevent users
>> changing things. Users will get alerts when traffic is blocked, so get
>them
>> to run through the simple tutorial to understand what's going on.
>
>Does it still curl-up and die when it hits (IIRC) 500 event messages?

I had not heard about that, but I recently installed ZoneAlarm for my
wife's parents and it went through 20,000 blocked attempts in the
first day...

Hasn't fallen over yet (must be in the millions by now).

Are you talking about a different count?



Jonathan Beckett
http://www.pluggedout.com/blog

"Jon Beckett" <jonbeckett73@nospam_yahoo.co.uk> wrote in message
news:(E-Mail Removed)...
> On Mon, 04 Oct 2004 09:11:23 GMT, "Hairy One Kenobi"
> <abuse@[127.0.0.1]> wrote:
>
> >"Philip Herlihy" <(E-Mail Removed)> wrote in message
> >news:cjjl66$r61$(E-Mail Removed)...
> >> Zone Alarm Pro works well, with a password facility to prevent users
> >> changing things. Users will get alerts when traffic is blocked, so get
> >them
> >> to run through the simple tutorial to understand what's going on.
> >
> >Does it still curl-up and die when it hits (IIRC) 500 event messages?
>
> I had not heard about that, but I recently installed ZoneAlarm for my
> wife's parents and it went through 20,000 blocked attempts in the
> first day...
>
> Hasn't fallen over yet (must be in the millions by now).
>
> Are you talking about a different count?

I installed ZAP a fair while ago, replacing my self-configured Win2000 box
as firewall (just on the basis that I /might/ have missed something, so it
was probably worth getting a "proper" firewall, rather than simply hardening
the box)

Once the message queue got to (IIRC) 500 undismissed messages, ZAP refused
to allow any connections - i.e. it acted as a pretty efficient DOS attack,
all on its lonesome.

Still haven't got a response (after a couple of years), and wouldn't
contemplate going back - hard-coded queue sizes are sloppy, even for a 14
year old, let alone a "professional" product. And it's probably best not to
ask just how many different ways I had to explain to their helpdesk that
most outfits don't employ someone logged-in to the firewall all day,
clicking "OK" every couple of seconds..!

The base TruVector firewall seems to be OK - it's just the GUI that's been
sloppily coded.

If I had *no* other option at all, then I'd /consider/ using them. If I
still had to pay an annual fee (about the cost of a cheapo router, these
days), then I wouldn't. Simple as that.

H1K