[ Jump to bottom ]




index -- intro -- rules1 -- principles1 -- tweaks -- hints1 -- articles1 -- software1 -- links1 -- config -- glossary -- projects -- diverse -- events16 -- about -- sitemap



Config 2


Google
Web tadej-ivan.50webs.com
sponsored links
Valid XHTML
----
Valid CSS
validate



Copyscape Website Plagiarism Search



NAVIGATE:  previous --> config1.html


And this is a second page of of the "configuration settings" section and this one is strictly security configuration related, so I still need to decide if it will be titled as "config" also in future. I would like/prefer to call it "security", however, the one under the software section is already named security so the name/title "config" seemed the most appropriate at the time of writing it (compare to "safety" or "privacy" that were other two options that I thought of back then); simply because as mentioned, it's more or less related to security configurations, rather than to the security programs themselves.





FIREWALL CONFIG SETTINGS/RULES 1


These below are so-called "expert settings" for Zone Alarm firewall from ZoneLabs program (and beside the mentioned Sunbelt Kerio Personal firewall); both are available also in free versions. For Zone Alarm firewall in particular, I put in the Trusted Zone: loopback/localhost (127.0.0.1), DNS servers, and in the Blocked Zone: those particular IPs that you want't to prevent from connecting to the Internet.


Expert settings for Internet Explorer:

AccessTypeSourceDestinationDescription
AllowUDPMyComputer: Any*DNSservers: 53DNS
AllowTCPMyComputer: 1024-5000InternetZone: *WebserversWebservers
AllowUDPMyComputer: 1024-5000MyComputer: 1024-5000Loopback
BlockAnyAnyAnyBlock the rest

*Location Group: DNSservers (Group is a list of all my ISP's DNS servers.)
*Protocol Group: Webservers

Protocol: TCP
Source ports: Any
Destination ports: *80, 443, 8000, 8080


Expert settings for Outlook Express:

AccessTypeSourceDestinationDescription
AllowTCPMyComputer: Any*E-Mail Servers: (or: InternetZone)E-Mail Servers
AllowTCPMyComputer: 3000-5000Internet Zone: *HTTPHTTP
BlockAnyAnyAnyBlock the rest

*Protocol Group: E-Mail Servers

Protocol: TCP
Source ports: Any
Destination ports: 25, *81-83, 110, 143, 443, 993, 1080, 8080, 8088, 11523, + 113 (local auth)

*Protocol Group: HTTP

Protocol: TCP
Source ports: 3000-5000
Destination ports: 80 (or: *81-83)

*Location Group: E-Mail Servers

POP3, SMTP






FIREWALL CONFIG SETTINGS/RULES 2


And secondly there are the specific "program settings" that I created for Agnitum Outpost firewall program (and yes, I would also recommend trying the Sygate firewall), which processes the rules by the order (from the top to the bottom) by which they are created; by the way, these two firewalls are also available in a free version.


Program settings for Firefox:

AccessTypeLocal HostRemote HostLocal PortRemote PortDestination
AllowTCPAnyloopbackAny1024-7500Outbound
AllowTCPAnypop.gmail.comAny995Outbound
AllowTCPAnyAnyAny25, 80, 110, ...Outbound

* ..., 143, 443, 1080, 3128, 8080, 8088 (it would be too long to fit the table)


Program settings for Thunderbird:

AccessTypeLocal HostRemote HostLocal PortRemote PortDestination
AllowTCPAnyloopbackAny1024-7500Outbound
AllowTCPAnystream.24ur.com1024-1750021, 80-83, 443, ...Outbound
AllowUDPAnystream.24ur.comAnyAnyAny
AllowTCPAnyAnyAny554, 7070Outbound
AllowTCPAnyAny1024-750020Inbound

* ..., 3128, 8000, 8080 (it would be too long to fit the table)


Program settings for Internet Explorer:

AccessTypeLocal HostRemote HostLocal PortRemote PortDestination
AllowTCPAnyloopbackAny1024-17500Outbound
AllowTCPAnyAny1024-1750021, 80-83, 443, ...Outbound
AllowTCPAnyAny1024-500020Inbound

* ..., 8000, 8080 (it would be too long to fit the table)


Program settings for Real Player:

AccessTypeLocal HostRemote HostLocal PortRemote PortDestination
AllowTCPAnyAnyAny*80-83, 443, ...Outbound
AllowTCPAnyAnyAny*80-83, 443, ...Outbound
AllowTCPAnyAnyAny6770-32000Inbound
AllowTCPAnyAnyAny6770-32000Outbound

* ..., 3128, 8000, 8080, 11523 (it would be too long to fit the table)
* ..., 3128, 8000, 8080, 11523 (it would be too long to fit the table)






CONFIGURATION OF INTERNET EXPLORER


The truth is security is relative, but you can successfully argue that IE is less safe (that is not less secure) compare to for example FF because it is attacked more. Ultimately, an architecture with more attack vectors is by its nature less secure (and IE has more attack vectors), however, my opinion is that security is not the desired goal, it is safety. What is not relative about IE is that it is a platform designed to run arbitrary binary code and it uses the denounced practice of "filtering-out-the-bad" instead of "filtering-in-the-good" (with its kill-bits), which is a smart practice for some, but not for all. This makes it a less secure architecture by adding more attack vectors and bad security practices. Starting with Vista, though, IE is, by default, run in a sandbox with lower user rights. In practice, this makes it more safe than previous versions especially when you combine it with other safety mechanisms like DEP and random memory locations. So in general, IE can be more safe when it's not trusted by the OS and safety mechanisms aren't disabled by the user. Without those mechanisms, there's just too many bullets being fired at it (for me at least) to be considered safe and/or trusted. Anyway, "secure" is a red-herring as it doesn't matter if you're wearing a bullet proof vest when the entire world is shooting, meaning that you need tanks and an army of medics for the next "Patch Tuesday".

This section is is about customizing level of security particularly for the so-called "Active Content". Although most of active content contained in webpages is safe, some pages contain active content that can potentially cause security problems on your computer. For example, an ActiveX control that runs automatically when you load a particular Web page might damage your data or cause your computer to become infected with a virus. Internet Explorer uses safety levels for active content to help preventing that kind of situations from occurring. To modify the safety level for active content you must first go to Tools in Internet Explorer menu, or go to Control Panel in either one choose/click Internet Options and then go to the Security tab. Then just select one of the available zones and move the slider to the setting you want. Further, you can customize all the detailed settings by clicking on "Custom Level..." button, though this is meant only for experienced users. If you don't see this button, click first on "Default Level", apply the changes, and then you that other button will appear. Finally click on OK button until you return to Internet Explorer or Control Panel.

First short explanation of the available pre-set safety levels for active content in Internet Options applet, Security tab.:

- High (the most secure one) ... it excludes the content that could damage your computer.

- Medium (quite secure) ...it warns you before running potentially dangerous content.

- Medium-Low (same as Medium) ... without prompting before running potentially dangerous content.

- Low (the less secure one) ... minimal restrictions and warnings, most of the content is downloaded and/or run without prompts.

- Custom Level (for experienced users) ... you choose all the security settings by yourself.

And here bellow there are few examples, of few options/features, one can set/configure ("enable", "disable", "prompt"), under Internet Options. Particularly on how to go through disabling parts of Active Content in Internet Explorer step by step, i.e. content such as Java programs and ActiveX scripts/controls; be specially aware of drive-by download ActiveX control/exploit. In Internet Explorer, the term "Active scripting" or "ActiveX scripting" refers to both Microsoft JScript scripting and Microsoft Visual Basic Scripting Edition. When you complete this procedure, you disable both types of scripts.

I made examples for setting of Internet Explorer programs versions above 5.0 (5.0, 5.01, 5.5, 6), since I am familiar only with these, and also because there are very few people out there still using older 3.x, 4.x versions, so I omitted examples for those "out-dated" versions. Also note that the functionality of many Web sites on the Internet will be affected ater applying these changes.

Configure Internet Explorer so that it does not run Active scripts automatically:

On the Tools menu, click Internet Options, click the security tab, click the Internet Web content zone, and then click Custom

In the Settings box, go to the Scripting section, and choose the Disable check-box under "Active scripting" and "Scripting of Java applets".

Click OK, and then click OK again.

Configure Internet Explorer so that it does not run Java programs automatically:

On the Tools menu, click Internet Options, go to the security tab, click the Internet Web content zone, change the setting to Custom Level.

Settings box, click "Disable Java" under Permissions, click OK twice to close both pop-up windows.

Configure Internet Explorer to not automatically use items that show active content (animations, marquees):

On the Tools menu, click Internet Options, click the security tab, click the Internet Web content zone, and then click Custom Level.

In the Settings box, click Disable under Download signed ActiveX controls, Download unsigned ActiveX controls, Initialize and script ActiveX controls not marked as safe, Run ActiveX controls and plugins, and Script ActiveX controls marked safe for scripting.

Click OK, and then click OK again.



NAVIGATE:  previous --> config1.html








tos | policy | disclaimer | copyright | contact | label | xmlinfo | author | xhtml | css

Copyright © Tadej Persic. Some Rights Reserved.


Disclaimer: The opinions expressed on my website and in my files are mine, or belong to other individuals/entities where so specified. Each product or service is a trademark of their respective company. All the registered copyrights and trademarks ( and ) referred in this site retain the property of their respective owners. All information is provided as opinions only. Please, also see the more complete version of it on "disclaimer.html" and "policy.html" pages.

All the pages on this website are labeled with the ICRA label.  ICRA label
The website is maintained solely by its author and is best viewed with a standards-compliant browser.


index -- intro -- rules1 -- principles1 -- tweaks -- hints1 -- articles1 -- software1 -- links1 -- config -- glossary -- projects -- diverse -- events16 -- about -- sitemap



[ Return to top ]



The Internet Traffic Report monitors the flow of data around the world. It then displays a value between zero and 100. Higher values indicate faster and more reliable connections.