how-to block ads
|
|
Share Topic
 |
 |
|
ghost16825Use security metricsPremium
join:2003-08-26
1 edit | reply to Steve_M
Re: [Kerio 2.x] Kerio 2.2 Features (request) said by Steve_M:
An option to save rules to a file that is easily edited by hand.
Don't know if this is necessary, especially if a GUI interface exists to mix and match rule selections.
said by Steve_M:
Programs that have been uninstalled are automatically removed from MD5 tab.
Hmmm, this could be a bit tricky in that we also have to monitor exes instead of just traffic. One idea could be an option to remove MD5s if the app had not been used for X days. On the Xth day not used the firewall could perform a simple check that the present hash was the same as that stored, than remove the stored hash.
said by Steve_M:
A better log viewer. Something similar to TinyLogger would be great.
But should this app be separate from the firewall component or included? I think such an app should be separate. The power, I think in Kerio 2.15 is that the log is in a relatively raw, simply format.
said by Steve_M:
Some control over the warning popups. Weather or not to show them, and/or weather or not to show them for a particular IP. This way you could temporarily, or always disable them when doing a scan on your system.
From your follow-up post I think you mean an option like the following:
When confronted by multiple rule creation prompts/alert windows click a button to deny all open/close all open. This is a good idea. The problem is how to implement it in a way that doesn't confuse first time users, which could be a bit tricky. | | |
|
Steve_M
join:2004-09-14
Schenectady, NY | said by ghost16825: said by Steve_M:
An option to save rules to a file that is easily edited by hand.
Don't know if this is necessary, especially if a GUI interface exists to mix and match rule selections. True, if the ability to mix and match was there, sounds good.
said by ghost16825:said by Steve_M:
Programs that have been uninstalled are automatically removed from MD5 tab.
Hmmm, this could be a bit tricky in that we also have to monitor exes instead of just traffic. One idea could be an option to remove MD5s if the app had not been used for X days. On the Xth day not used the firewall could perform a simple check that the present hash was the same as that stored, than remove the stored hash. Or maybe just and option to remove unused MD5's. But that's pretty much already there.
said by ghost16825:said by Steve_M:
A better log viewer. Something similar to TinyLogger would be great.
But should this app be separate from the firewall component or included? I think such an app should be separate. The power, I think in Kerio 2.15 is that the log is in a relatively raw, simply format. Separate would be good. Maybe offer it as a plugin. That would help reduce the bulk of the application.
said by ghost16825:said by Steve_M:
Some control over the warning popups. Weather or not to show them, and/or weather or not to show them for a particular IP. This way you could temporarily, or always disable them when doing a scan on your system.
From your follow-up post I think you mean an option like the following: When confronted by multiple rule creation prompts/alert windows click a button to deny all open/close all open. This is a good idea. The problem is how to implement it in a way that doesn't confuse first time users, which could be a bit tricky. Maybe something like a check box on the popup that says, "Do not warn for this site" and make it a per session option. This certainly would not be very high on my to do list. It's more of a convenience, than anything else. | |
| reply to ghost16825
said by ghost16825:When confronted by multiple rule creation prompts/alert windows click a button to deny all open/close all open. This is a good idea. The problem is how to implement it in a way that doesn't confuse first time users, which could be a bit tricky. One idea would be to maintain and display a queue of connection requests/traffic/etc., possibly sorted/filtered on a per-app, or really, any particular arbitrary attribute, and additionally allow the user to, with a single click, define a rule around that attribute, whether it be app, IP, port, protocol, or what. Possibly there could be a "rule-creation palette" area below the prompt-queue display, and by clicking attributes in turn, it would further specify attributes to be applied to the rule being formed, and then click to create the rule.
One thing that definately should be added, is a rule-creation timestamp, or perhaps logging the rule creations, such that it would be possible to "undo" them, or otherwise roll-back the ruleset, possibly on a filtered basis. | |
| reply to Steve_M
said by Steve_M:Maybe something like a check box on the popup that says, "Do not warn for this site" and make it a per session option. This certainly would not be very high on my to do list. It's more of a convenience, than anything else. Yes, that's something that I've wanted for a long time, per-session rules. (Kind of like "session" vs. "permanent" cookies in browsers.)
A few other questions/ideas - should application/process-control be implemented? At what granularity? Should OS kernel components attempting network communications or listening be monitored? What about LSPs? | |
|
