Free hard drive encryption - Download a trial of SafeGuard Easy
Sophos Client Firewall: security implications of configuring applications
The Applications tabbed page in the Sophos Client firewall configuration program, Sophos Client Firewall Configuration Editor, allows you to edit the configuration for applications.
The following basic Windows networking applications are given access to the network through the Sophos Client Firewall by default:
- alg.exe
- lsass.exe
- services.exe
- svchost.exe
- userinit.exe
- winlogon.exe
A knowledgebase article lists the default settings for these applications.
Applications tabbed page
In the Applications tabbed page, you can specify a particular application, and then say whether you want to trust it, block it, or a create a new custom rule for it.
It is easiest to set up a basic configuration for a new application on a sample computer in interactive mode. You can then customize rules and other settings manually.
Note: When you first select an application in non-interactive mode, by default it is trusted.
Checking settings for an application
Once you have allowed access for an application in the firewall either interactively, or non-interactively, you should check the settings for that application.
1. Checksums
Select the 'Checksums' tabbed page, and ensure that the application is listed there. If it is not, and should be, check your settings in the 'General' tabbed page.
2. Using presets
The Sophos Client Firewall can use presets for known product types, e.g. browsers, email and instant messaging clients. To view the available presets, select the dropdown arrow by the 'Custom' icon.
The presets you can select from are:
- Browser
Web browsers, for example Internet Explorer. - Database client
Web database administration client, for example SQL Server Web Data Administrator. - Email client
Email programs, for example Outlook.
If you need only one of POP or IMAP, you can use a rule to disable the other. - FTP client
File Transfer Protocol (FTP) client, for example WS FTP or CuteFTP. - IM client
Instant messaging programs, for example MSN Messenger or Skype.
You can use a rule to specify ports, etc. - Network client
Network clients such as the Novell Client. The Microsoft networking client is allowed by default. - Remote access client
Remote access software such as Virtual Private Network (VPN) clients. - Time synchroniser
Synchtime, atom clock, programs using NTP (network time protocol).
Note: Any outstanding Sophos Client Firewall alerts about a previously untrusted application on the local computer will not go away automatically when that application is added to the configuration dialog as trusted. You will have to clear such alerts manually from the Log tabbed page. Once those alerts have been cleared, no more will be generated.
How the firewall handles application access
When an application requests access to the network or internet, the firewall checks this request in three stages:
- Checksum list
- Application list
- Global rules.
1. Checksum list
The first check ascertains if the application requesting access to the network has a checksum (MD5 hash) matching one in the list.
- If the checksum is not in the list, the application is blocked.
- If the checksum is in the list, the application name is checked.
Note: If checksums are turned off, this step is missed out.
2. Application list
The next check ascertains if the application has a rule set up for it. This will be listed under the application name in the Application tabbed page.
- If there is a rule set for the application, then it will be used in preference to the global rules.
- If there is no rule set for that application, the global rules are used to define how it can act within the network.
3. Global rules
The global rules list is checked last. As these are usually the rules that will be used for anything that lacks specific rules, but needs limitations on network access, these rules should lock down the system the most severely.
Other Sophos Client Firewall pages
Further knowledgebase articles describe the security implications of changing other options:
If you need more information or guidance, then please contact technical support.
- Article ID: 14199
- Created: 16 Dec 2005
- Last updated: 23 Jul 2009
Free hard drive encryption
- Protect sensitive data from unauthorized use
- Encrypt data, hard drives and removable media
- Work uninterrupted with encryption on demand
