Firewall General Rules

JAGUARS
edited April 2012 in Firewall

What are purpose of the following rules in Firewall? Which rules should I allow or deny? And why?


1) DNS over UDP / TCP


2) Incoming ICMP / ICMPv6


3) Sending E-mails


4) Web Browsing HTTP


5) Incoming Remote Desktop Connections


6) Windows Explorer traffic on HTTP / FTP

Comments

  • rootkit
    rootkit ✭✭✭

    Hello :)


    Those are the default rules from our firewall module.


    You should leave those rules to default, they were created so you don't have to create them after the installation.


    Let me know if you have other questions.


    Take care.

  • I am a new learner to computer. So would you like to expatiate each rule one by one? Thanks :)

  • rootkit
    rootkit ✭✭✭

    Hello :)


    Here it goes:


    1. DNS is Domain Name Services. This is the system used by the Internet to transalate URLs into the physical address of the Machine. There are a bunch of DNS servers run by VeriSign across the net. Local ISPs will replicate with those services as needed. When you plug a URL into a browser, the browser first queries your local POC, then your ISP's DNS, then the root DNS servers until it finds a match for the URL and get the IP for it.


    The request is made by some software, usually a browser, but sometimes an FTP client or maybe just a ping. When the request is made the software making the request detects whether you are calling an IP address or a URL. If tis a URL, then it looks through the DNS system until it finds a match and returns an IP. The software calling the address, then starts pulling what it needs from that IP.


    UDP is generally used when small packets of data are sent. This is because that UDP, unlike TCP, can't breake the packets into smaller chunks and reassemble them.


    2. Bitdefender Firewall provides an implementation for ICPM and UDP protocols as they are not stateful like TCP. As a result, incoming UDP or ICMP packets are checked against the internal rules to determine if they should be allowed to pass through or not. Since these are incoming packets, no entry will exist in the list and the packet will be dropped.


    3. All known email clients are allowed to send emails by default.


    4. All know browsers can access the web without restrictions.


    5. The computer can be remotely controlled or can control another PC over the internet.


    6. All traffic made via HTTP or FTP by Windows Explorer is blocked because malware can use the process to connect to compromised servers.


    Have a great weekend!

  • JAGUARS
    edited April 2012

    Thanks for replying in detail. But I need some more information about the Rule 4 and 6, that what is the difference between "access the web by browser (Rule 4)" and "http or FTP traffic by Windows Explorer (Rule 6)"? And why do you create the separate rules for browser and windows explorer?

  • rootkit
    rootkit ✭✭✭

    Hello :)


    We need to start from the definitions. Please read this articles:


    http://en.wikipedia.org/wiki/Windows_Explorer


    http://en.wikipedia.org/wiki/Web_browser


    Windows Explorer is a file manager that can connect to the internet or FTP. Doing this via this manager, makes the system very vulnerable. malware injects into explorer.exe to access web servers. This leaves a backdoor in the system and the attacker can send remote commands via this. We created those rules in order to isolate the system and denying all web access via explorer.exe. This doesn't affect the user's activity and the system is overall more secure.


    Take care.

  • Does the option in the Antivirus "Scan web or http traffic" has some connection with the Rule 6? What are your recommended settings for these two? If I enable Rule 6 and also select Scan http or web traffic, what happen then?

  • rootkit
    rootkit ✭✭✭

    Hello :)


    No, it doesn't.


    Rule number 6 is special and applies only for Windows Explorer.


    I recommend you to leave those settings to default.


    Have a great weekend!

  • Good questions and follow up questions, JAGUARS. Nice job on your answers Christian, good info. and helpful links..I have this set to Track this topic for future reference. :)

  • Informative topic.

  • rootkit
    rootkit ✭✭✭

    Hi :)


    Yes, you can post here all the general questions about firewall rules.


    Have a great day!