new to firewalls

Discussion in 'Windows Desktop Systems' started by mike09, Mar 13, 2003.

  1. mike09

    mike09 Moderator

    Messages:
    531
    Location:
    Washingtonville , New York
    i just installed sygate pro and was wondering if anyone knew what these are?

    NT Kernal & System
    LSA Shell (Export Version)
    generic Host Processes for win32 services
    nwlink2 ipx protocol driver
    ndis user mode i/o driver


    i currently have these blocked until i know what they are. thanks in advance
     
  2. Enyo

    Enyo Moderator

    Messages:
    1,338
    All are fine to be allowed they are all part of the windows subsystem.

    The first three should be given local access (only applys if you are on a network)

    LSA does not need to be allowed out onto the internet, same goes for system it only requires access to local hosts.

    Generic Host Services may need internet access depeding on your setup, can you put it into monitor and create rules that way with sygate?

    The last two should be allowed to do as they please.
     
  3. ntguru50

    ntguru50 Guest

    some info on services

    Here's a useful site to see what should or shouldn't be running and if they need internet access
    http://www.blackviper.com/WinXP/servicecfg.htm

    Don't know if you're runing Home or Pro, but the standard services are the same. Don't know if you're planning on locking down your box, but you can also check NSA's site http://www.nsa.gov/snac/winxp/index.html for XP. I've used these inf's for work so I know they work fine. Actually very handy because if you hose up your security settings you can always import those .inf's and reset your security
     
  4. Enyo

    Enyo Moderator

    Messages:
    1,338
    The NSA guides tend to be a bit heavy for home users, they dont need to make use of half the security recommendations it would just become restrictive.

    http://www.uksecurityonline.com/ has good XP guides for the home.

    Black Vipers service config, household name :)

    Looking at what he posted he isnot going to want to turn them off, except for something that may be running under generic host services.

    Use tasklist -svc at the command line to see what services are running under GHS and disable them if needed.
     
  5. Gus K

    Gus K NTFS abuser

    Messages:
    380
    Location:
    USA
    This is what will keep your RPC port 135 open. This may be a problem.

    Some info here:
    http://www.ntfs.org/forum/showthread.php?s=&threadid=26123

    You should be able to simply block it, or you can write an advanced rule in Sygate. Mine blocks in and out TCP traffic on ports 135,136,137,139.