BlackIce and file sharing

[Freddo]

Howdy,

I have BlackIce v3.6cbu (firewall) installed on my Windows XP computer.

Do you know of it? Help files therein are complicated to me.

Well BlackIce is preventing my friends etc to enter Www File Share Pro.

On the Tools / Edit settings / Firewall, should I drop down from Paranoid
and/or check Allow Internet file sharing?

What settings should I use to still allow protection?

By the way, I did Go Start / Settings / Network Connections / Advanced /
Settings and enter the port number 81 to use as File Share Pro Help said to
do.

Thanks everyone.

 

[Guest]

Hi Freddo,

I think you could better visit the BlackIce homepage for support for that
program. It is located at http://www.iss.net.
In the last part of your post you are talking about the Windows Firewall?
The settings you configured for that are probably right but if BlackIce is
blocking the traffic that port, the Windows Firewall doesn't even get the
chance to let it through.

 

[Lester Stiefel]

Howdy,

I have BlackIce v3.6cbu (firewall) installed on my Windows XP computer.

Do you know of it? Help files therein are complicated to me.

Well BlackIce is preventing my friends etc to enter Www File Share Pro.

On the Tools / Edit settings / Firewall, should I drop down from Paranoid
and/or check Allow Internet file sharing?

What settings should I use to still allow protection?

By the way, I did Go Start / Settings / Network Connections / Advanced /
Settings and enter the port number 81 to use as File Share Pro Help said to
do.

Thanks everyone.

Defintely go down a rank. Paranoid kills most traffic. Also
turn on the allow the internet filesharing. Check into
saving activity logs in the rules you create for the
specific program.

 

[Freddo]

Hi Freddo,

I think you could better visit the BlackIce homepage for support for that
program. It is located at http://www.iss.net.
In the last part of your post you are talking about the Windows Firewall?
The settings you configured for that are probably right but if BlackIce is
blocking the traffic that port, the Windows Firewall doesn't even get the
chance to let it through.

Thanks Abram,
Anyone know what BlackIce settings to use for Www File Share Pro (see
above)? Should I drop down from Paranoid and/or check Allow Internet file
sharing?

 

[Freddo]

Defintely go down a rank. Paranoid kills most traffic. Also
turn on the allow the internet filesharing. Check into
saving activity logs in the rules you create for the
specific program.

Lester,
Not sure what you mean by "Check into saving activity logs in the rules you
create for the specific program."

 

[Duane Arnold]

Lester,
Not sure what you mean by "Check into saving activity logs in the
rules you create for the specific program."

I suggest that you do not enable Internet File Sharing on BID, which will
open ports 137-138 UDP and 139/ (445 NT only) TCP the Windows Networking
Ports to the public Internet.

I suggest that you create a rule with the Advanced Firewall Setting in BI
for a specified inbound port you need opened on the BI firewall.

Name: My Port
IP: xxx.xxx.xxx.xxx or All IP(s)
Port: 81
Type: UDP or TCP
ACCEPT which enables the IDS on the port
Duration: time frame.

You should leave BID on its highest settings *Paranoid*.
You should set the rule to a REJECT rule when you are done.
You should enable BID's Logging and use VisualIce (free) BID logviwer to
view the logs.

You should secure the O/S from attack *harden* it.

http://www.uksecurityonline.com/index5.php

You should also use Active Ports free and put a short-cut in the Start
folder setting the Refresh Rate to High so that you can see inbound and
outbound connections on the machine as malware can circumvent and defeat
any 3rd party PFW solution. You should use Active Ports on a routine
basis and look around from time to time.

http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and
_Rootkit_Tools_in_a_Windows_Environment.html

Duane

 

[Freddo]

I suggest that you do not enable Internet File Sharing on BID, which will
open ports 137-138 UDP and 139/ (445 NT only) TCP the Windows Networking
Ports to the public Internet.

I suggest that you create a rule with the Advanced Firewall Setting in BI
for a specified inbound port you need opened on the BI firewall.

Name: My Port
IP: xxx.xxx.xxx.xxx or All IP(s)
Port: 81
Type: UDP or TCP
ACCEPT which enables the IDS on the port
Duration: time frame.

You should leave BID on its highest settings *Paranoid*.
You should set the rule to a REJECT rule when you are done.
You should enable BID's Logging and use VisualIce (free) BID logviwer to
view the logs.

You should secure the O/S from attack *harden* it.

http://www.uksecurityonline.com/index5.php

You should also use Active Ports free and put a short-cut in the Start
folder setting the Refresh Rate to High so that you can see inbound and
outbound connections on the machine as malware can circumvent and defeat
any 3rd party PFW solution. You should use Active Ports on a routine
basis and look around from time to time.

http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and
_Rootkit_Tools_in_a_Windows_Environment.html

Duane

Wow Duane, that's invaluable information.
I have been enlightened by reading some of the two security sites you
mention.
I have installed Active Ports and VisualIce, so interesting.
I have the file sharing program start up when windows starts so people can
share. Therefore I shall leave the above B-Ice setting on ACCEPT and
duration on FOREVER, hey.
Cheers and all the best.

And thanks to everyone who replied.