BRAVO TECHNOLOGY CENTER

Bravo Checklist: Disable Firewall (and re-enable)

by  Sam C. Chan

 
First Published: November 2, 2005
Last Revised: September 21, 2006

Read NOTICE and Exceptions below first! Did you want to Create New Rules instead?

There are times when you wish to disable the firewall for testing or certain installation. Here're the steps on how to do it. Explicit instructions are given here for Kerio Personal Firewall 2.1.5 (KPF). Be advised: Even momentary disabling could cause serous security issues. You must accept that risk before proceeding.

PROCEDURE: Disable Firewall

  1. Disable:
    • At the system tray (bottom right of screen), right-click on the blue shield.
    • Select Administration.
    • Enter the password as prompted.
    • Uncheck the box "Firewall Enabled."
    • Click Apply. (do not click OK, leave the KPF panel open as a reminder)
    • Firewall is disabled, as confirmed by the "grey-out" shield.
  2. Perform the test/install you needed quickly.
  3. Re-enable:
    • Check the box "Firewall Enabled" (before any restart of system).
    • Click OK. (confirm blue shield re-appears)
    • Firewall is re-enabled.

NOTICE: Make sure you have proper authorization to perform this procedure. Unauthorized tampering of security settings (even only momentarily) is a serious violation of IT policies!

If you're the DIFA, you already received the proper training and briefing on this and have standing authority. Individual staff members might be granted specific conditional authority on a per-incident basis by IT personnel, just before they're instructed to contact software vendors directly.

Exceptions: If any of the following conditions apply, it is unacceptable to disable the host-based firewall (Kerio) under any circumstances (even momentarily).

  • You're in a small office with no firewall/gateway router, and your station is directly connected to the Internet.
  • Your system currently has known/suspected infection or compromises.
  • Your system has been declared "conditionally safe to use," pending further investigation and thorough clean-up. Often, during incident response, a "scoop and scoot" first-aid is performed on the station during business rush hours. The system is mostly stabilized, with major attacks averted and contained, but not completely eradicated. Any momentary disabling of safeguard could have serious consequences.
  • The host in question is a server, or designated mission-critical key workstation; in which case testing/installation must be administered by IT. Explicit waiver may be granted by IT to a specific staff, or by management in an emergency.

 

See also:

Copyright @2005-2006   Bravo Technology Center  *  Bravo:GO  *  Contact Us