Sign in to follow this  
masterfly

Trusted / Unknown or Not-Trusted

Recommended Posts

Hello, I have got a couple of small questions about what the most safe setup is for the Interface tab and Computers tab.

Atm, I have my Interfaces setup as trusted. And in the Computers tab, I have my Gateway(router) as unknown. Same for the rest of the computers in that tab.

Is there any need to set my Gateway as Trusted or Not-Trusted? I also have a NAS that I have setup as unknown. Same question for my NAS.

Everything is working just fine btw. Only wondering if there's anything that I can change to make my network more secured.

Share this post


Link to post
Share on other sites

You wouldn't want to set your gateway to Not Trusted as doing so will cause you to lose internet access :) At the moment, as you have your interface set to Trusted, any connections for the computers/devices in the Computers tab will be allowed and rules created, as "Unknown" in the Computers tab just means that the Interface's Trust status will be applied.

If you use a wireless network you will want to untrust your interface to prevent intruders from accessing your computer. If you use file and print sharing though, you'll then need to Trust the individual computers that you want to share with. You can read more about these usage scenarios and setups here http://www.online-armor.com/webhelp3/HomeOffice.html :)

Share this post


Link to post
Share on other sites

You might un-trust your network interface and trust both individual computers in your network (if you need it), and your NAS...

So, your saying that I should set my Gateway(router) to trusted aswell? I've un-trusted my interface btw.

Share this post


Link to post
Share on other sites

So, your saying that I should set my Gateway(router) to trusted aswell? I've un-trusted my interface btw.

As explained by Catprincess, setting your gateway to not trusted will cause you to lose Internet access - so you should definitely set your gateway to trusted.

Regards,

N.

Share this post


Link to post
Share on other sites

so you should definitely set your gateway to trusted.

EDIT - Sorry, I was wrong:

My network interface is set to "Not Trusted". My Gateway (Router) is set to "Unknown". I can access the Internet normally.

Try setting your Gateway to "Unknown" instead of "Trust".

N.

Share this post


Link to post
Share on other sites

@Catprincess, Network interface set to "Not Trusted". Gateway (Router) set to "Unknown". Full access to the Internet. Is it normal? Why?

N.

Share this post


Link to post
Share on other sites

Firstly, this link http://www.online-armor.com/webhelp3/FWAdv.html#interfaces and this link http://www.online-armor.com/webhelp3/FWAdv.html#complist are the references to the respective tabs.

As I understand them, they apply to your LAN (local subnet). They are used in conjunction with the Restricted Ports list (http://www.online-armor.com/webhelp3/FWAdv.html#restricted). It is important to understand the difference between LAN (typically, home network) and WAN (typically, the internet): it is also important to understand that your local subnet may be different from your DHCP server's address range. In the picture on the Interface help, the address is 192.168.002.166 with a mask 255.255.255.000. What this means it that the local subnet is the address range 192.168.002.000-192.168.002.255.

The Computers help section describes each of the alternatives for classifying a computer. The important points in that section are how restricted ports are applied to each classification and how they are affected by the Interfaces tab. They apply to anything in the local subnet (address range).

Elsewhere in the OA help pages, there are recommendations about whether or not to trust an interface, as referenced at post#2. If you trust everything that could connect to the local subnet, the interface can be trusted; if not, don't trust.

Extending the above to questions asked in this thread:

1. If the interface is not trusted and the gateway (router) is unknown, you are able to connect to the Internet because the endpoint (remote address) is not in the local subnet and the (remote) port is not in the restricted ports list. You can 'experiment' by adding, say, port 80 to the restricted ports list and using your browser with the Interface trusted and not trusted (don't forget to delete the port afterward).

2. If your interface is trusted, there is no need to trust any device connected to your LAN (unless there are specific problems). If the Interface is not trusted, you may need to trust individual devices (computers, printers, NAS) if there are connection problems with the device.

PS: In afterthought, I was too simplistic. I believe the restricted ports apply to all traffic (not just local subnet traffic). The Interfaces and Computers tabs modify the restrictions (blocked ports) as explained in the help pages. For devices on the LAN, the above is believed to be correct.

Share this post


Link to post
Share on other sites

I believe the restricted ports apply to all traffic (not just local subnet traffic). The Interfaces and Computers tabs modify the restrictions (blocked ports) as explained in the help pages. For devices on the LAN, the above is believed to be correct.

You are right. Restricted ports do apply to Internet connections in general and to local connections depending on the status of both the interface and individual computers. By the way, I just noticed that these references in the Web Help have been updated (now the Computers List section shows notes on Restricted Ports).

Anyway, my question was about the reason why an "unknown" Gateway (Router) can connect to my LAN through an "un-trusted" Network Interface,

I thought that the connection should be denied if the gateway connects to my computer through a network interface that is Not-Trusted.

However, I had not thought that perhaps it can connect to my computer without any restrictions just because it only uses port 80, which is obviously not restricted... Am I wrong on this?

N.

Share this post


Link to post
Share on other sites

Anyway, my question was about the reason why an "unknown" Gateway (Router) can connect to my LAN through an "un-trusted" Network Interface,

I thought that the connection should be denied if the gateway connects to my computer through a network interface that is Not-Trusted.

However, I had not thought that perhaps it can connect to my computer without any restrictions just because it only uses port 80, which is obviously not restricted... Am I wrong on this?

Untrusting the network interface just restricts NETBIOS (and other restricted ports) access to the nodes in the Computer's list. So the router would not be able to connect to your computer using one of these ports.

If you wanted to completely block your router from making any connections to your computer, you'd need to "distrust" it in the Computer's tab (it will then be highlighted red and your internet connection would be blocked).

Share this post


Link to post
Share on other sites

Untrusting the network interface just restricts NETBIOS (and other restricted ports) access to the nodes in the Computer's list. So the router would not be able to connect to your computer using one of these ports.

Thanks a lot, Catprincess. Just another question. Considering Internet performance and security, should I trust the Gateway (Router) or should I simply leave it as Unknown (through an "un-trusted" Network Interface)?

I don't use Netbios - and XP NetBIOS Helper Service is also disabled.

N.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.