Set up the Firewall for Maximum Security and Usability
Note: The firewall is already configured to provide total security. This section is only for advanced users who wish to tweak the settings even further. |
Stealth Ports Settings
Port stealthing is a security feature whereby ports on an internet connected PC are hidden from sight, sending no response to opportunistic port scans.
- Click the 'Tasks' button on the XCS home screen
- Click 'Firewall Tasks' > 'Stealth Ports'
- Select 'Block Incoming Connections' to make computer's ports are invisible to all networks
Network Zones Settings
'Network Zones' settings let you configure connections for a router/home network. Note - this is usually done automatically for you.
- Click 'Settings' on the top left to open the 'Advanced Settings' pane
- Click 'Firewall' > 'Network Zones'
- Click the 'Network Zones' tab from the 'Network Zones' interface
- Inspect the Loopback zone and Local Area Network #1 by clicking the '+' button beside the zone name.
- In most cases, the loopback zone IP address should be 127.0.01/255.0.0.0
- In most cases, the IP address of the auto detected Network zone should be 10.nnn.nnn.nnn/255.255.255.0
- Click 'OK'.
Firewall Settings
Firewall settings let you configure the protection level for your internet connection and the frequency of alerts.
- Click 'Settings' at the top of the XCS home screen
- Click 'Firewall' > 'Firewall Settings'
- Enable Firewall - Leave this option enabled to activate firewall and choose 'Safe mode' from the drop-down beside it.
Safe Mode: The firewall will automatically create rules that allow all traffic for applications certified as 'Safe' by Xcitium. For non-certified new applications, you will receive an alert whenever that application attempts to access the network. Should you choose, you can grant that application internet access by choosing 'Treat this application as a Trusted Application' at the alert. This will deploy the predefined firewall policy 'Trusted Application' onto the application. |
Alert Settings
- Do not show popup alerts - Deselect the option to get notified when the firewall encounters a request for network access.
- Set alert frequency level - Enable and choose 'Low' from the drop-down. At the 'Low' setting, the firewall shows alerts for outgoing and incoming connection requests for an application. This is the setting recommended by Xcitium and is suitable for the majority of users.
Advanced Settings
When launching a denial of service or 'flood' attack, an attacker bombards a target machine with so many connection requests that your computer is unable to accept legitimate connections, effectively shutting down your web, email, FTP or VPN server. To protect from such attacks, make the following settings under 'Advanced' in the 'Firewall Settings' interface:
- Filter loopback traffic:
Loopback connections refer to the internal communications within your PC. Any data transmitted by your computer through a loopback connection is immediately received by it. This involves no connection outside your computer to the internet or a local network. The IP address of the loopback network is 127.0.0.1, which you might have heard referred to by its domain name of 'http://localhost'. This is the address of your computer. Loopback channel attacks can be used to flood your computer with TCP and/or UDP requests which can smash your IP stack or crash your computer.
- Leave this option enabled for the firewall to filter traffic sent through this channel.
-
Block fragmented traffic:
When a connection is opened between two computers, they must agree on a Maximum Transmission Unit (MTU). IP datagram fragmentation occurs when data passes through a router with an MTU less than the MTU you are using. When a datagram is larger than the MTU of the network over which it must be sent, it is divided into smaller 'fragments' which are each sent separately. Fragmented IP packets can create threats similar to a DOS attack. Moreover, fragmentation can double the amount of time it takes to send a single packet and slow down your download time.
- Enable this option for the firewall to bar fragmented IP traffic
-
Do Protocol Analysis:
Protocol Analysis is key to the detection of fake packets used in denial of service attacks.
- Enable this option for the firewall to check that every packet conforms to that protocols standards. If not, then the packets are blocked.
- Click 'OK' for your settings to take effect.
Set-up Application Rules, Global Rules and Predefined Firewall Rulesets
You can configure and deploy
traffic filtering rules on an application-specific and a global
basis. You can also create and deploy predefined firewall rule-sets.
Application Rules
- Click 'Settings' on the top left to open the 'Advanced Settings' pane
- Click 'Firewall' > 'Application Rules'
- Use this interface to add, edit, enable/disable or remove internet connection rules for specific applications.
- See https://help.xcitium.com/topic-463-1-1033-15925-Application-Rules.html for more help on this.
Global Rules
- Click 'Settings' at the top of the XCS home screen
- Click 'Firewall' > 'Global Rules'
- Use this interface to add, edit, enable/disable or remove global rules which apply to all traffic
- See https://help.xcitium.com/topic-463-1-1033-15926-Global-Rules.html for more help on this.
Predefined Firewall rulesets
- Click 'Settings' at the top of the XCS home screen
- Click 'Firewall' > 'Rulesets'
- Use this interface to add, edit, enable/disable or remove firewall rulesets
- See https://help.xcitium.com/topic-463-1-1033-15927-Firewall-Rule-Sets.html for more help on this.