Running SEP 11.0.6005.562, on WinXP
I was attempting to add an "Application Settings" rule, but when I view the firewall rules, I see it at the bottom of the list, below the "administrator" rules, and I don't see how I can move it up. Since the last administrator rule is to "block all other incoming traffic", my Application Settings rule is never considered. It seems that I must use the Configure Firewall Rules option, and not the Application Settings option. Can anyone confirm this? Or know how to use the Application Settings option? -- Richard DeShong, Information Systems Analyst Athletic Study Center, UC Berkeley 164 Chavez Student Center 510-642-5123 office 925-285-1088 cell asc.berkeley.edu ------------------------------------------------------------------------- The following was automatically added to this message by the list server: To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site: http://micronet.berkeley.edu Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past. |
Yes, the customized UCB client installer with Network Threat Protection is configured to block incoming connections unless a firewall rule allows them. For allowing incoming connections by application, you must use the Configure Firewall Rules option and then create a rule that is specific to an application. You can use the "Application Settings" to restrict outgoing connections from specific applications. Another option is to download the administrator CD and install a default, non-customized client, then configure your own client rules. By default, incoming connections not matching specific block rules will be allowed, so you can use the Application Settings rules for both incoming and outgoing connections. But then unknown application including potential malware will be allowed to accept incoming connections by default, and I would not recommend this. Allison Henry System and Network Security University of California, Berkeley http://security.berkeley.edu On 9/24/2010 3:59 PM, Richard DeShong wrote: > Running SEP 11.0.6005.562, on WinXP > > I was attempting to add an "Application Settings" rule, but when I view the > firewall rules, I see it at the bottom of the list, below the > "administrator" rules, and I don't see how I can move it up. Since the last > administrator rule is to "block all other incoming traffic", my Application > Settings rule is never considered. > > It seems that I must use the Configure Firewall Rules option, and not the > Application Settings option. Can anyone confirm this? Or know how to use > the Application Settings option? > > -- > Richard DeShong, Information Systems Analyst > Athletic Study Center, UC Berkeley > 164 Chavez Student Center > 510-642-5123 office > 925-285-1088 cell > asc.berkeley.edu > > > > > ------------------------------------------------------------------------- > The following was automatically added to this message by the list server: > > To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site: > > http://micronet.berkeley.edu > > Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past. ------------------------------------------------------------------------- The following was automatically added to this message by the list server: To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site: http://micronet.berkeley.edu Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past. |
Thank you Allison.
Good to know that they can be used for adding additional outgoing restrictions - say, to allow an app to only connect to a local server. Previously with the Corp Edition client, I had done essentially the same thing - I created rules to block all traffic, and then added rules to allow only what I wanted. I had found the default settings to be too "welcoming". -- Richard DeShong, Information Systems Analyst Athletic Study Center, UC Berkeley 164 Chavez Student Center 510-642-5123 office 925-285-1088 cell asc.berkeley.edu -----Original Message----- From: Allison Henry [mailto:[hidden email]] Subject: Re: [Micronet] SEP, Config FW Rules Yes, the customized UCB client installer with Network Threat Protection is configured to block incoming connections unless a firewall rule allows them. For allowing incoming connections by application, you must use the Configure Firewall Rules option and then create a rule that is specific to an application. You can use the "Application Settings" to restrict outgoing connections from specific applications. Another option is to download the administrator CD and install a default, non-customized client, then configure your own client rules. By default, incoming connections not matching specific block rules will be allowed, so you can use the Application Settings rules for both incoming and outgoing connections. But then unknown application including potential malware will be allowed to accept incoming connections by default, and I would not recommend this. Allison Henry System and Network Security University of California, Berkeley http://security.berkeley.edu On 9/24/2010 3:59 PM, Richard DeShong wrote: > Running SEP 11.0.6005.562, on WinXP > > I was attempting to add an "Application Settings" rule, but when I view the > firewall rules, I see it at the bottom of the list, below the > "administrator" rules, and I don't see how I can move it up. Since the last > administrator rule is to "block all other incoming traffic", my Application > Settings rule is never considered. > > It seems that I must use the Configure Firewall Rules option, and not the > Application Settings option. Can anyone confirm this? Or know how to use > the Application Settings option? > > -- > Richard DeShong, Information Systems Analyst > Athletic Study Center, UC Berkeley > 164 Chavez Student Center > 510-642-5123 office > 925-285-1088 cell > asc.berkeley.edu > > > > > ------------------------------------------------------------------------- > The following was automatically added to this message by the list server: > > To learn more about Micronet, including how to subscribe to or unsubscribe visit the Micronet Web site: > > http://micronet.berkeley.edu > > Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past. ------------------------------------------------------------------------- The following was automatically added to this message by the list server: To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site: http://micronet.berkeley.edu Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past. |
Free forum by Nabble | Edit this page |