BRAVO TECHNOLOGY CENTER

Bravo Checklist: Create Firewall Rules

by  Sam C. Chan

 
First Published: November 2, 2005
Last Revised: September 21, 2006

Whenever a program is newly installed (or upgraded), new firewall rules must be created, in order for that program to be allowed to access the Internet. Explicit instructions are given here for Kerio Personal Firewall 2.1.5 (KPF). Intended for trained admins only.

PROCEDURE: Create New Firewall Rules

  1. Switch to "prompting" mode:
    • At the system tray (bottom right of screen), right-click on the blue shield.
    • Select Administration.
    • Enter the password as prompted.
    • Drag the slider to the middle setting: Ask Me First
    • Click Apply. (do not click OK, leave the KPF panel open as a reminder)
  2. Create new rule(s):
    • Perform the process in your program which will trigger firewall prompts.
    • Confirm the source and nature of the prompts are as expected.
    • Check the box: Create appropriate filter rules and don't ask me again
    • Click Permit.
    • Repeat this process as necessary, until all parts of the program are working. You might need to restart the program each time.
  3. Return to "normal" mode:
    • From previously opened Kerio Personal Firewall panel:
    • Drag the slider to the top setting: Deny Unknown
    • Click OK. (confirm blue shield in system tray)

NOTICE: Make sure you have proper authorization to perform this procedure. Unauthorized tampering of security settings (even only momentarily) is a serious violation of IT policies of your firm!

If you're the DIFA, you already received the proper training and briefing on this and have standing authority. Individual staff members might be granted specific conditional authority on a per-incident basis by IT personnel, just before they're instructed to contact software vendors directly.

The procedure listed above is a simplified version. For maximum security, rules must be customized.

Exceptions: If any of the following conditions apply, it is unacceptable to disable the host-based firewall (Kerio) under any circumstances (even momentarily).

  • You're in a small office with no firewall/gateway router, and your station is directly connected to the Internet.
  • Your system currently has known/suspected infection or compromises.
  • Your system has been declared "conditionally safe to use," pending further investigation and thorough clean-up. Often, during incident response, a "scoop and scoot" first-aid is performed on the station during business rush hours. The system is mostly stabilized, with major attacks averted and contained, but not completely eradicated. Any momentary disabling of safeguard could have serious consequences.
  • The host in question is a server, or designated mission-critical key workstation; in which case testing/installation must be administered by IT. Explicit waiver may be granted by IT to a specific staff, or by management in an emergency.

 

See also:

Copyright @2005-2006   Bravo Technology Center  *  Bravo:GO  *  Contact Us