First Published: |
November 2, 2005 |
Last Revised: |
September 21, 2006 |
Read NOTICE and Exceptions below first! Did you want to
Create New Rules instead?
There are times when you wish to disable the firewall for testing or
certain installation. Here're the steps on how to do it. Explicit
instructions are given here for
Kerio
Personal Firewall 2.1.5 (KPF). Be advised:
Even momentary disabling could cause serous security issues. You must
accept that risk before proceeding.
PROCEDURE: Disable Firewall
- Disable:
- At the system tray (bottom right of screen), right-click on the
blue
shield.
- Select Administration.
- Enter the password as prompted.
- Uncheck the box "Firewall Enabled."
- Click Apply. (do not click OK, leave the KPF panel open as a
reminder)
- Firewall is disabled, as confirmed by the
"grey-out"
shield.
- Perform the test/install you needed quickly.
- Re-enable:
- Check the box "Firewall Enabled" (before any restart of
system).
- Click OK. (confirm blue shield re-appears)
- Firewall is re-enabled.
|
NOTICE: Make sure you have proper
authorization to perform this procedure. Unauthorized tampering of
security settings (even only momentarily) is a serious violation of IT
policies!
If you're the DIFA, you already received the proper training and
briefing on this and have standing authority. Individual staff members
might be granted specific conditional authority on a per-incident
basis by IT personnel, just before they're instructed to contact
software vendors directly.
Exceptions: If any of the
following conditions apply, it is unacceptable to disable the
host-based firewall (Kerio) under any circumstances (even
momentarily).
- You're in a small office with no firewall/gateway router, and
your station is directly
connected to the Internet.
- Your system currently has known/suspected infection or
compromises.
- Your system has been declared "conditionally
safe to use," pending further investigation and thorough
clean-up. Often, during incident response, a "scoop and scoot"
first-aid is performed on the station during business rush hours.
The system is mostly stabilized, with major attacks averted and
contained, but not completely eradicated. Any momentary disabling of
safeguard could have serious consequences.
- The host in question is a server, or designated mission-critical
key workstation; in which case testing/installation must be
administered by IT. Explicit waiver may be granted by IT to a
specific staff, or by management in an emergency.
See also:
|