Firewall questions

Similar Messages

• Two firewall questions...

  I went into my firewall to configure it for the World of Warcraft downloader (although it didn't appear that I needed to after the fact). Two questions...
  By default, is "Network Time" the only box that should be clicked?
  Is there any negative to operating in "Stealth Mode"? Particularly, it would seem that this mode should be the default, based on the use of programs like Zone Alarm.
  Thanks!

  1. yes
  2. no

• Coherence and iptable firewall Question

  We have Coherence deployment on 3 linux virtual servers running behind firewall. The deployment is as follows..
  Server 1 - 2 WKA Nodes (Cache Servers) and 7 Storage disabled application Nodes
  Server 2 - 1 Storage Disabled application Node
  Server 3 - 2 WKA Nodes (Cache Servers) and 1 Storage disable application node
  Now the Question is.. do we need to open up firewall for all the local ports. Is there a way to avoid opening up these many ports?

  my say on this one is if the router is working fine dont upgrade the firmware, because whenever you upgrade the firmware of a router there is a itty bitty chance of bricking the router and since you told me that it is about 3 years old its already out of warranty. but if you want to upgrade the firmware of the router you can get the firmware at linksys.com/download, if you are just using the router for basic internet access and you are not changing any advanced configuration i say stick with your current firmware esp if you are not having problems with the router.
  "Love your job but never love your company. Because you never know when your company stops loving you"

• Firewall question -pls help

  okay - so i was reading about system profiler today and opened it and clicked down through the various catogories then I come to Firewall- and it reads
  "Firewall Settings:
  Mode: Allow all incoming connections"
  Now this rings alarm bells - I thought my firewall was on. I go to system preferences and look in Internet& Network> Sharing as this is where (in previous operating systems) I remembered the firewall was set - except it isn't anymore. All the sharing boxes are unticked. I go into security and there is Firewall. "allow all incoming connections" is ticked.
  1) This is presumambly where i turn the firewall on or off, right?
  2) Allow Only Essential services? What does this mean - the firewall is on? what constitutes an essential service?
  3) Hypothetically could my computers privacy been compromised?
  4) Has my firewall potentially been like off since i upgraded to leopard?
  Am feeling a bit stupid right now. Any help graciously accepted!

  No such thing as stupid questions...
  -This will take you trough the basic settings done on a mac to secure it:
  In System preferences go to Security > Firewall, the default setting is "Allow all incoming", this does not compromise your privacy, only that Mac OS X will decide what it needs. I´d go for "allow only essential services" then press "Advanced", from the drop down choose "Enable Firewall Logging" and "Enable Stealth Mode".
  In the Sharing pane make sure no boxes are checked.
  Thats the basics, if you wanna secure your mac in such a way that it would make Fort Knox look like a 7/11 go here for further tips :
  http://www.macshadows.com/kb/index.php?title=HardeningMac_OSX
  ....but this might be a bit over the edge for the normal user
  Best o´luck

• Need Help on one Firewall Question

  Hi All,
  I am using cisco asa in my environment and which is connected to l2. One server and one router is also connected to L2. Now i want to access port 80 on my server from outside.
  How its possible if the server gateway is routers ip and i don't want to add static route in router or server towards the firewall. Nat and access List is done on firewall. what else i can do on firewall to access port 80 of my server from outside. Dont want to change anything on router/server.
  Below is the IP detail
  1. Firewall inside 192.168.1.1 & Outside 1.1.1.1
  2. Router IP - 192.168.1.2
  3. Server IP - 192.168.1.3 & GW - 192.168.1.2

  Hi,
  Well the only ways I could think that the connections could be gotten working would be
  Policy Based Routing on the Router that would forward the web servers traffic through the firewall instead of the routers default gateway (even just the return traffic for web connections)
  Configuring NAT on the ASA firewall so that all traffic from the Internet would be NATed to an internal IP address from the network 192.168.1.0/24. This would mean that the server would be sending the traffic to ASA instead of using its default gateway. And this is ofcourse because the server would be seeing all connections coming from its connected network and wouldnt have to use the default gateway.
  You havent mentioned what type of NAT you are doing on the ASA for the server Static PAT or Static NAT. Static PAT would be forwarding a single (or several ports) only while Static NAT would be dedicating a single public IP address for the server.
  I would imagine that you would have to configure 2 separate NAT statements
  Dynamic Policy PAT for the External hosts
  This should NAT all traffic coming from the Internet to the IP address of your ASAs "inside" interface WHEN the destination is the public IP address of your Web server.
  access-list POLICY-NAT-WEBSERVER remark NAT inbound web traffic to an internal IP address
  access-list POLICY-NAT-WEBSERVER permit tcp any host 1.1.1.1 eq 80
  nat (outside) 100 access-list POLICY-NAT-WEBSERVER
  global (inside) 100 interface
  Static NAT or Static PAT for Web server
  Either of these NAT configurations should forward the connections to your Web servers public IP address on port TCP/80 to the Web server.
  Together with the above NAT configuration the return traffic from the Web server should flow back through the ASA.
  static (inside,outside) 1.1.1.1 192.168.1.3 netmask 255.255.255.255
  or
  static (inside,outside) tcp 1.1.1.1 80 192.168.1.3 80 netmask 255.255.255.255
  If you are using the public IP address on the ASA "outside" interface then replace the 1.1.1.1 with "interface". The IP address 1.1.1.1 stands for a public IP address that you might use.
  Hope this helps
  Please do remember to mark a reply as the correct answer if it answered your question.
  Feel free to ask more if needed
  - Jouni

• More 10.5.1 firewall questions

  Well, I confess I do not have Leopard installed yet. But I am planning on upgrading soon, and I've been reading about the firewall fuss with great interest, and I'm too curious to wait until I actually have it installed to ask some questions about it. I think I have absorbed most of the discussions and controversies and what 10.5.1 has addressed, but I do have a few points of confusion:
  1) From this article <http://docs.info.apple.com/article.html?artnum=307004-en> and this article <http://www.heise-security.co.uk/news/99104>, it sounds like in "Allow only essential" mode, any root services except the few listed are blocked, but in "Set Access" mode, they are all by default allowed incoming connections, unless explicity blocked (which assumes that you have knowledge of their existence). What could the possible rationale of this be? Why shoudn't there be a "Allow only essential, with these few exceptions that I am granting" mode?
  2) Does "Allow only essential" now really mean that? Can we take that literally now? Does that mean in this mode, only those few listed services will accept incoming connections? No signed applications, either signed by Apple, or previously signed by user authorization while in "Set Access" mode?
  3) Does the signature of an "auththorized" app carry over if it is copied to another machine? If I make a copy of a signed app and copy it onto my friend's computer, will it still be signed and sneak through the explicit authorization process? Or is the signature machine-specific?
  4) On this page <http://www.macworld.com/article/131116/2007/12/firewall.html> is a screenshot showing a sample list of "authorized" applications-- on this list are apps like Safari and Cyberduck. I don't understand-- these are not server apps, why would you have to authorize incoming connections for them? Shouldn't these apps work even in "Block all connections" mode?
  5) On the firewall screen is the statement "Mac OS X normally determines which programs are allowed incoming connections. Select this option if you want to allow or block incoming connections for specific programs." I guess I don't understand what it implies and why it is there. Does "normally" mean in "Allow all incoming connections" mode? In that case Mac OS X isn't doing squat, it's simply allowing everything through. Does it mean in "Essential" mode? In that case Mac OS X isn't really applying any brain power either, it's just blocking (mostly) everything. To me, that statement sounds like it's trying to say "Mac OS X does a pretty good job of figuring stuff out on its own, but if you really want to be picky...", when in reality, Mac OS X "normally" isn't really determining anything. Am I missing something?
  Thanks for satisfying my curiosity...
  -dave

  Leopard "stealth" is for squat. I just switched from a failing motorola router to the airport extreme with the extra ethernet ports in back. The moto had a firewall and a stealth button.
  https://www.grc.com/x/ne.dll?bh0bkyd2 scans your computer and is quite handy.
  With the moto router and no mac firewall / stealth enabled, every square was green (stealthed), I was completely invisible. Shields Up, that link, called that an uncommon and very good situation.
  With the airport extreme and mac's firewall enabled for essential services and stealth selected, I've got 7 stealthed ports, and 1,048 ports reporting back to the test as closed, and none open. No change from no fire wall, no stealth in preferences/security/firewall. My computer acknowledges itself to outside probes now. Not the best state of affairs.
  I don't see anywhere in the airport utility where one can enable a firewall upstream from the computer. It's nice with the AE that everything plays together easily, but as for stealth.... squatola. Anybody can see you, so use modern encryption, like a previous reply said; WPA2/WPA2-Personal.
  Maybe X.5.2 will beef up the security a little. Maybe X.5.2 will fix iCal's custom repeating event no show bug too. Doubt it though.
  Anyway, Mac still rules. All your bases are belong to us.

• How do u creat BIOS recovery disk + nvidia firewall question.

  WooooHOoOOO....
  after re-formating a dozen times, busted SCSI config, messed up driver install, I FINALLY GOT this board working at 100%!!!
  This mobo powered through my entire DOOM 3 Odyssey to Hell NON-STOP without a SINGLE CRASH!! Definitely a good testament to this board's quality.
  Now for the final few noob question, how do I create a bios recovery disk just in case things happened.
  lastly... how do you properly setup the NV Firewall? After enabling it, none of the other computers in my network can see this computer with the MSI Board, so file and printer sharing all stops when the firewall is enabled.
  Anyone here has a walkthrough on the firewall?
  ONCE AGAIN...thanks to all who helped me!!!

  i havent got my nvidia firewall to work imma wait until they release better drivers for it but for creating the bios recovery disk i think if u use msi's live update it will ask u if u want to create one or not.

• Virus Protection and Firewall Question

  I just switched from a PC to a Mac. Should I download virus protection and if so which one is best for a Mac? Also, I believe my computer came with the firewall turned off... should I turn that on?

  Should I download virus protection...
  No. The OS has built-in recognition of known Mac malware in files downloaded from the Internet. All commercial "anti-virus" products for the Mac are worse than useless. Do not install any of them.
  ...and if so which one is best for a Mac?
  Your mind. All Mac malware takes the form of trojans, which depend on the victim's ignorance to be installed. Don't be ignorant.
  Also, I believe my computer came with the firewall turned off... should I turn that on?
  Not unless you are on an untrusted network, such as a public hotspot, and have services enabled in the Sharing preference pane. Under any other circumstances, the firewall should be left off.

• Mac OS X Server 10.5.8 firewall question

  Hello,
  I'm a network administrator in a company, and we use Mac OS X server 10.5.8, with Mac clients.
  I have a problem with the adaptative firewall : when someone wants to connect to the server (by using the finder, and "connect as"), if the password is not correct, the adaptative firewall just cut the access of the client for all (It's a DHCP and DNS server, so there is no access anymore to the LAN and the web).
  I would like to know if there is a way to make the client blacklisted after 3 bad login attempts, not just only one. I used the afctl command, but it's apparently not possible to manage this problem with that (just the time of blacklisting).
  Thanks a lot in advance.

  I don't have a solution for you. But I do remember reading about this one. Apparently what happens is that beneath the surface, the connection attempt is repeated on failure, using differnet authentication protocols. And so one user login attempt with a bad password, leads to three attempts beneath the surface, and "the boot". But unfortunately I don't remember what the solution is, as I was researching for a completely different issue when I read this.

• General OS X Firewall questions

  Hi everyone. Hope someone can provide some info on OS X Firewall stuff.
  (Wanted to post a screen shot, but it looks like I can only post text...)
  1. There are discrepancies between what System Profiler says about Firewall and what the Firewall Preferences panel says. E.g. "Stealth Mode": Pref panel = ON, Profiler shows it as "OFF". Who's right?
  2. What is the "????" app set to allow all connections that's at the top of the list in the Profiler info? How can I get rid of it? It's not anywhere in the editable list in the Pref Panel.
  3. How do I turn on FW logging?
  Thanks for any info!
  Message was edited by: nsn-rwc

  I took a look at the com.apple.alf.plist file in /Library/Preferences/ and it indicates that Logging is enabled and stealth mode is enabled, although both of those indicate off in the System Profiler. My only guess is that System Profiler is not looking at the right info for those states.
  My list of firewall apps was correct, though.
  Initially, system profiler had an app that wasn't in the list in system prefs. I deleted an item from the list and then re-ran system profiler and the missing app disappeared from System Profiler. In my case, it was an app that I had deleted. So, the plist might still hold the file signature, but when you open the System Pref, it validates the signature against the app to display the correct name. That may be what happened with your '????' app.

• Mac iChat to PC AOL AIM AV: PC firewall questions

  I've got a PowerBook G4 with 10.3.9 and iChat 2.1 (v 153). Unfortunately most of my relatives use PCs. For the last few Christmas' and Hanukkah's my wife and I have bought our family web cams so we could AV chat.
  However, only my sister has had any luck using her webcam and that was only after she had a friend come over and set it all up for her. The usual snag seems to be the firewall on the PC end (both the Windows firewall and the Norton and/or MacAfee firewalls).
  Is there a set of instructions somewhere (for novice PC users) that gives instructions on what ports to open and how to do it for PCs? If so, could someone post a link here or give me a set of instructions that I can forward to my relatives?
  Thanks.
  PowerBook G4   Mac OS X (10.3.9)  

  So far I don't have any solid answers, but for anyone interested, I got this reply from my sister about what she thinks was done to her PC's firewalls:
  OK - for the audio - go into the camera icon and to the camera control panel and under audio make sure the microphone is selected and is the default. That's also where to control the volume.
  Firewalls - open the fire wall information - I clicked on Fire Walls at the bottom and go to exceptions and make sure the camera is checked as an exception.
  Then there's this link I found amoung this Discussion board that gives some information on what to do to firewalls
  * http://www.aptr36.dsl.pipex.com/page12.html
  Specifically this part:
  What to do with AIM on a PC to get it working
  First of all find out if the PC has been upgrade with the SP2 Service Pack.
  Service Pack 2 is a recent major system software update to Windows XP Home and Windows XP Professional.
  Updating a Windows XP computer to SP2 may cause Mac iChat AV to AIM 5.5/5.9 PC video and audio connections to fail because, by default, the firewall created by SP2 blocks UPnP communications from the Internet.
  If the SP2 firewall is enabled:
  1. Go to Start>Control Panel>Security Center>Manage security settings for: Windows Firewall>Exceptions tab> add or check UPnP Framework as an Exception.
  1. You can go straight to the Firewall Control Panel [Start>Control Panels>Firewall]
  2. Use the Add Button and Add the AIM appliction.
  2. Select UPnP Framework and click the Edit... button.
  3. Be sure that both the TCP 2869 and UDP 1900 ports are checked and listed as 'Any' under Scope.
  4. If the Scope of each port is listed as 'Subnet,' click the Change scope... button, and select the 'Any computer (Including those on the Internet)' radio button. Do this for both ports, and then save the changes by clicking the OK buttons.
  This is another link that has some information:
  * http://discussions.apple.com/thread.jspa?threadID=121845
  Any other help is welcome. Thanks.

• K8N Neo2 nVidia firewall question - Please help!

  Dear all,
  Installed XP, then SP1, then the drivers from MSI CD. But I didn't see any pop up telling me it will install nVidia Firewall, is that correct?
  OK, anyway, now I have both nVidia and Realtek Gbit LAN port available. But if I connect my ADSL router to nVidia port, I won't be able to see any website!!! If I connect to Realtek port, everything is fine. What happened?
  Is it due to nVidia firewall? How do I configure nVidia firewall?
  Many thanks!

  Not sure about your connection but you probably have not got the firewall installed. Browse the MSI cd that came with your system. Go to \nVidia\System\CK8S\Win2K-XP\Ethernet\NRM and run setup to install the firewall. Then activate it by clicking on the Nvidia web-based interface icon on the desktop and select a setting and apply.

• Help needed please (Port forwarding/Firewall Question)

  So im hooked up thru my router so if I want to play a game I have to port forward so im told.
  Ok, I im at my port forwarding menu and its asking for the following info...some of this info I know and some I have no idea what it means or where I can get it from. Heres the parts im asked to enter that I have no idea what to enter......
  Source IP Address:
  Destination IP Address
  Source Netmask:
  Destination Port Map
  Where do I find out these things!?...Im a COMPLETE novice when it comes to routers and im so confused.

  Hello,
  Unfortunately, that information is going to have to come from the people who are providing you the online game.
  The settings you need are going to depend on what their program requires, and how they communicate with your computer.
  All of this is different for each service you are trying to use.
  Here are some articles to get you familiarized with the concept though:
  http://en.wikipedia.org/wiki/Port_forwarding
  http://forums.furthurnet.org/viewtopic.php?p=3821
  http://www.boutell.com/newfaq/creating/forwardports.html
  http://panasonic.co.jp/pcc/products/en/netwkcam/technic/port_fwrd.html
  http://p2p.weblogsinc.com/2005/04/24/how-to-configure-your-router-to-allow-fast- bittorrent-downloads/
  While they all discuss doing it with different routers, the principals and ideas are the same.
  But, the actual configuration is going to depend on the specific needs of the service you are trying to use (the particular online game).
  I hope this helps.

• Apple firewall askt every time for network acsecc KAV (kaspersky)

  I use kaspersky for mac with my iMAC. During start up i receive a massage: the program KAV will get income Network (firewall massage) Agree oder disagree... When I press agree the apple-firewall should save the permission
  When i start my Mac the next time the same firewall-question is on my screen!
  How can I solve that problem?

  I agree that, for a knowledgeable and careful person in sole control of his/her Mac, it's extremely unlikely for AV software to be needed in any way, and is thus "unnecessary medicine."
  However, I've encountered a few people this year who somehow got malware (verified with ClamXav) and didn't know how. One in particular had RSPlug... he was quite willing to talk and not offended by the (carefully worded) question about whether pirated software or video plugins from p0rn sites were involved (they weren't). In his case, either he got one of the variants of RSPlug that aren't overtly questionable or his teenage son did something and wouldn't admit to it. What would you suggest I tell people like this? Education can't always be the cure because of things like those rare RSPlug variants and because of disobedient teenagers.
  Also, note that ClamXav is quite well-behaved and only scans when and what you tell it to. If you say that AV software is harmful, I'd have to say you haven't actually tried that one.

• Firewall messages

  Hi All,
  I'm really new to firewalls, I have configured one using CCP and the basic firewall wizard with medium security. I just have my laptop plugged into the LAN port and I noticed a couple weird logs that I want to ask about when surfing the web, and retrieving outlook emails.
  I'm getting 4 main messages:
  004528: Jul  6 11:26:46.528 MDT: %APPFW-4-HTTP_DEOBFUSCATION: Deobfuscation signature (15) detected - session 192.168.0.2:64657 74.125.225.121:80 on zone-pair ccp-zp-in-out class ccp-protocol-http appl-class ccp-http-blockparam
  004620: Jul  6 11:30:21.596 MDT: %APPFW-4-HTTP_DEOBFUSCATION: Deobfuscation signature (16) detected - session 192.168.0.2:64640 74.125.225.121:80 on zone-pair ccp-zp-in-out class ccp-protocol-http appl-class ccp-http-blockparam
  004603: Jul  6 11:27:08.164 MDT: %APPFW-4-HTTP_PROTOCOL_VIOLATION: HTTP protocol violation (0) detected - session 208.38.45.167:80 192.168.0.2:64852 on zone-pair ccp-zp-in-out class ccp-protocol-http appl-class ccp-http-blockparam
  When using Send/Receive in Outlook i get:
  004630: Jul  6 11:33:39.980 MDT: %FW-5-POP3_INVALID_COMMAND: (target:class)-(ccp-zp-in-out:ccp-protocol-pop3):Invalid POP3 command from initiator (192.168.0.2:64993): Invalid verb
  Everything seems to work fine, I can send and receive emails, I can surf websites and google with no issues. Is this just logging or should I be worried about any of these messages?
  Thanks!!!
  -Chris
  More Info
  #show policy-map type inspect http
    Policy Map type inspect http ccp-action-app-http
      Class ccp-http-blockparam
        Log
        Allow
      Class ccp-app-httpmethods
        Log
        Reset
      Class ccp-http-allowparam
        Log
        Allow
  #show class-map type inspect http
  Class Map type inspect http match-any ccp-app-httpmethods (id 8)
     Match  request method bcopy
     Match  request method bdelete
     Match  request method bmove
     Match  request method bpropfind
     Match  request method bproppatch
     Match  request method connect
     Match  request method copy
     Match  request method delete
     Match  request method edit
     Match  request method getattribute
     Match  request method getattributenames
     Match  request method getproperties
     Match  request method index
     Match  request method lock
     Match  request method mkcol
     Match  request method mkdir
     Match  request method move
     Match  request method notify
     Match  request method options
     Match  request method poll
     Match  request method propfind
     Match  request method proppatch
     Match  request method put
     Match  request method revadd
     Match  request method revlabel
     Match  request method revlog
     Match  request method revnum
     Match  request method save
     Match  request method search
     Match  request method setattribute
     Match  request method startrev
     Match  request method stoprev
     Match  request method subscribe
     Match  request method trace
     Match  request method unedit
     Match  request method unlock
     Match  request method unsubscribe
  Class Map type inspect http match-any ccp-http-blockparam (id 15)
     Match  request port-misuse im
     Match  request port-misuse p2p
     Match  req-resp protocol-violation
  Class Map type inspect http match-any ccp-http-allowparam (id 4)
     Match  request port-misuse tunneling

  WAMP!
  Hi Chris, Mike here. I see the problem there. We have a section ask the expert where Julio Carvajal is answering Firewalling questions in IOS devices.
  Going back to the question, I see where the problem is. Many Websites on the internet are not HTTP compliant, what you are doing with the configuration you did with CCP is creating this AGGRESSIVE inspection in layer 7 inspection for web traffic, meaning, the traffic on HTTP may slow down or have Random connectivity issues. This is mainly because of the service policy configured inside of the HTTP inspection.
  As I can see is not only HTTP but it is extending to other protocols as well, my best advice for you is, if you are sure where attack may come from, apply a deep packet inspection to it. I dont particularly like wizzards so if you wanna get deep to a protocol it would be better if you know what you want to match.
  Leave the protocols without layer 7 inspection, they will still look at the form of the packet and make sure it is RFC compliant, custom commands (POP and SMTP) custom Methods (HTTP) may get dropped as you can see.
  Hope it helps!!!
  Mike