Hi All!
And here's a beta of the upcoming TPF 5
Get it here
And here goes the feature list
Now if you survived the latest KPF can you handle this ?!
Greetnx
And here's a beta of the upcoming TPF 5
Get it here
And here goes the feature list
- Tiny Personal Firewall 5.0 Fast Help
Compatibility:
IE6 (User interface). IE 5.5 should work as well.
OS: Windows 2000 (All versions), Windows XP, Windows 2003 Server (Firewall, IDS and File Acces for now)
User Interface Notes
TPF5's user interface uses web controls and as such it requires IE5+. You can easily create your own UI if you don't like ours. After that you can lock TPF5 using TPF5's security engine (set that access to rules has only TPF5's binaries - make sure you include those in \Program Files\Common Files\PFShared)
General Guideline
Use right click above the areas where you need the help. You may get context menu with the right choices.
Application Repository
Each application used in the rules must be defined in the Application Repository. The application is being defined by the combination of any of one ore more MD5 signatures, file name and path. Application may be member of one or several groups (for file or registry access, network communication etc.). The application and groups are present in the rules through their assigned names.
Application Enrollment
Applications are being enrolled into the Application Repository through Ask User dialogs or manually using the tools present in the Application Repository.
Binary Guard
Binary Guard inspects the integrity of defined application. The application inspected by binary guard should be defined by complete path and MD5 signature.
Common vs. Client Rules
TPF5 recognizes High and Low priority Common rules and Client rules. In general Administrator has the option to define High and Low priority Common rules and assign them to particular users. Users of unprivileged accounts cannot modify common rules. Placing the rules in High or Low priority group allows Administrator to build 'Supportive' or 'Restrictive' security policies in respect to other users. Administrator can create his own set of client/user rules which would not apply to other users and would be invisible to them.
Switching between the views of Client configurations (Admin only)
User with Admin account can view the rules created by nonprivileged users (if they are allowed to do so) and compare their rules with the Common rules. Client configurations are automatically created upon the first logon of the particular user on the computer.
Security Zones
TPF 5.0 filters out the traffic by interface. The interfaces may be in safe zone (192.168.1.x on your home network) or in dangerous zone (192.168.1.x on the airport).You can choose if you want to apply particular rules for the traffic received or sent through the interface when in the safe zone or in the dangerous zone.
Assignment
Each rule may be assigned to particular defined user on given computer or to all users or to system. When assigned to user(s) the rule would apply to all instances of given application running under the user account. When assigned to System the rule would apply to all instances of given application running under 'System' account and to all instances of ::System::, which is built-in definition for system kernel processes.
User vs. System Configuration
Combining the choices for User and System assignment you can achieve various configuration of (for example) network share privileges based on who is logged on the computer while you can still give these users their own private user configuration for regular processes/applications such as spreadsheet, browser, file swapping etc.
Network Options
Change Security Audit Level - determines what if anything would be displayed in the Activity Monitor when a module would be disabled and enabled.
Closed Port Access - specifies whether to monitor packets arriving at network interface when no application is listening on that port and protocol.
Prevent Closed Port Access - you can set this to show up ports not used, completely hide them so that the computer looks invisible including ICMP requests or you can choose ICS setting which would automatically drop unanswered TCP and UDP packets while the computer would be visible to certain ICMP requests.
Intrusion Detection and Prevention
Intrusion Detection System module monitors traffic arriving at the user interface and does not interfere with its flow in the real time. IDS module is not sensitive to a number of rules enabled in the configuration. Intrusion Prevention System module intercepts the network traffic in the real time. Therefore the number of rules enabled in IPS module may have the influence on the speed of the network traffic.
Hint: When defining the string signature click on the right hand side portion of the dialog. You will be able to specify string as a text which would automatically convert and display in hexadecimal format on the left hand side.
Files and Folders Access
TPF 5.0 allows to set Read, Write, Create and Delete access to files and folders including the network shares. Please note that setting up default rule as "Ask User" may produce considerable amount of dialogs and may make your user experience less convenient. In the near future Tiny Software will supply certain set of predefined conditions.
Hint: You can make your files and folders invisible selectively for certain applications by disabling 'Read' access of particular .exe to appropriate location. If you choose this for Explorer.exe particular location will disappear from your desktop and Windows Explorer! Naturally - by selecting "All applications" at the rule the particular location would disappear completely.
Windows Security Options
Change Security Audit Level - displays in Activity Monitor the change of status of enabled or disabled security module
Start/End Process Audit Level - displays the start/end of all processes in Activity Monitor
Alert when unknown application starts - displays alerts when the application starts which is not enrolled in the Application Repository. The application is not allowed to proceed further unless specified in the dialog. It is recommended to have this feature always 'On'.
Exceptions
The applications may be put on the exception list and you can specify what type of rules shall not apply to them. This is useful setting for the applications you trust completely and that you know cannot be misused by any malicious content (for example if you would know that your Internet Information Server could not go wild after the attacker would use unknown vulnerability in TCP stack).
Now if you survived the latest KPF can you handle this ?!
Greetnx