[Micronet] SEP, Config FW Rules

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] SEP, Config FW Rules

Richard DeShong-2
Running SEP 11.0.6005.562, on WinXP

I was attempting to add an "Application Settings" rule, but when I view the
firewall rules, I see it at the bottom of the list, below the
"administrator" rules, and I don't see how I can move it up.  Since the last
administrator rule is to "block all other incoming traffic", my Application
Settings rule is never considered.

It seems that I must use the Configure Firewall Rules option, and not the
Application Settings option.  Can anyone confirm this?  Or know how to use
the Application Settings option?

--
Richard DeShong, Information Systems Analyst
Athletic Study Center, UC Berkeley
164 Chavez Student Center
510-642-5123 office
925-285-1088 cell
asc.berkeley.edu



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] SEP, Config FW Rules

Allison Henry

Yes, the customized UCB client installer with Network Threat Protection
is configured to block incoming connections unless a firewall rule
allows them. For allowing incoming connections by application, you must
use the Configure Firewall Rules option and then create a rule that is
specific to an application. You can use the "Application Settings" to
restrict outgoing connections from specific applications.

Another option is to download the administrator CD and install a
default, non-customized client, then configure your own client rules. By
default, incoming connections not matching specific block rules will be
allowed, so you can use the Application Settings rules for both incoming
and outgoing connections. But then unknown application including
potential malware will be allowed to accept incoming connections by
default, and I would not recommend this.

Allison Henry
System and Network Security
University of California, Berkeley
http://security.berkeley.edu

On 9/24/2010 3:59 PM, Richard DeShong wrote:

> Running SEP 11.0.6005.562, on WinXP
>
> I was attempting to add an "Application Settings" rule, but when I view the
> firewall rules, I see it at the bottom of the list, below the
> "administrator" rules, and I don't see how I can move it up.  Since the last
> administrator rule is to "block all other incoming traffic", my Application
> Settings rule is never considered.
>
> It seems that I must use the Configure Firewall Rules option, and not the
> Application Settings option.  Can anyone confirm this?  Or know how to use
> the Application Settings option?
>
> --
> Richard DeShong, Information Systems Analyst
> Athletic Study Center, UC Berkeley
> 164 Chavez Student Center
> 510-642-5123 office
> 925-285-1088 cell
> asc.berkeley.edu
>
>
>
>  
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] SEP, Config FW Rules [Solved]

Richard DeShong-2
Thank you Allison.

Good to know that they can be used for adding additional outgoing
restrictions - say, to allow an app to only connect to a local server.

Previously with the Corp Edition client, I had done essentially the same
thing - I created rules to block all traffic, and then added rules to allow
only what I wanted.  I had found the default settings to be too "welcoming".
--
Richard DeShong, Information Systems Analyst
Athletic Study Center, UC Berkeley
164 Chavez Student Center
510-642-5123 office
925-285-1088 cell
asc.berkeley.edu


-----Original Message-----
From: Allison Henry [mailto:[hidden email]]
Subject: Re: [Micronet] SEP, Config FW Rules

Yes, the customized UCB client installer with Network Threat Protection
is configured to block incoming connections unless a firewall rule
allows them. For allowing incoming connections by application, you must
use the Configure Firewall Rules option and then create a rule that is
specific to an application. You can use the "Application Settings" to
restrict outgoing connections from specific applications.

Another option is to download the administrator CD and install a
default, non-customized client, then configure your own client rules. By
default, incoming connections not matching specific block rules will be
allowed, so you can use the Application Settings rules for both incoming
and outgoing connections. But then unknown application including
potential malware will be allowed to accept incoming connections by
default, and I would not recommend this.

Allison Henry
System and Network Security
University of California, Berkeley
http://security.berkeley.edu

On 9/24/2010 3:59 PM, Richard DeShong wrote:
> Running SEP 11.0.6005.562, on WinXP
>
> I was attempting to add an "Application Settings" rule, but when I view
the
> firewall rules, I see it at the bottom of the list, below the
> "administrator" rules, and I don't see how I can move it up.  Since the
last
> administrator rule is to "block all other incoming traffic", my
Application

> Settings rule is never considered.
>
> It seems that I must use the Configure Firewall Rules option, and not the
> Application Settings option.  Can anyone confirm this?  Or know how to use
> the Application Settings option?
>
> --
> Richard DeShong, Information Systems Analyst
> Athletic Study Center, UC Berkeley
> 164 Chavez Student Center
> 510-642-5123 office
> 925-285-1088 cell
> asc.berkeley.edu
>
>
>
>  
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe
from its mailing list and how to find out about upcoming meetings, please
visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and
the list's archives can be browsed and searched on the Internet.  This means
these messages can be viewed by (among others) your bosses, prospective
employers, and people who have known you in the past.


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.