Computer Protection Firewall rules and 0.0.0.0 addresses

Highlighted
F-Secure Product Manager

Computer Protection Firewall rules and 0.0.0.0 addresses

During migration of PSB Workstation profiles to Computer Protection, firewall rules using 0.0.0.0/0 were inadvertantly migrated as 0.0.0.0
 
[Before migration - PSB Workstation Firewall Profile]
  • Outbound TCP / UDP Traffic - Allow - Outbound - Remote IP Address: Any remote host (0.0.0.0/0)
[After migration - Computer Protection Firewall Profile]
  • Outbound TCP / UDP Traffic - Allow - Outbound - Remote IP Address: 0.0.0.0
 
With this setting in place, outbound communication can not be performed.
 
The correct value to use for "Any remote host" in Computer Protection is to change the "0.0.0.0" to an empty value in the Computer Protection firewall rule.
 
As the use of "Any remote host" can make the system open to the internet depending on the actual rule used, and F-Secure has no knowledge of the customer's intention for the rule, we will not change these rules in a programmatic way. We do not wish to be responsible for making a customer's environment insecure.
 
Customers are advised to review their own Computer Protection profiles, and make the appropriate changes to rules containing 0.0.0.0 to suit their environment and wishes. The use of "any remote host" in firewall rules should be carefully considered to ensure it is only used where absolutely necessary.
 
 
1 REPLY 1
Superuser

Re: Computer Protection Firewall rules and 0.0.0.0 addresses

Hello,

 

> As the use of "Any remote host" can make the system open to the internet depending on the actual rule used

 

If this only affects Outbound connections, as the examples you quoted show, then where is the risk? As far as I remember F-Secure PSB's default workstion profile actually allows all outbound connections going to all addresses.

 

Since this problem was centrally created, it should be fixed centrally and the PSB "Security as a Service" is about automation. I feel bad about the issue being shoveled onto end users. It would be better to set the missing /0 centrally and provide the affected customers with a po-up warning / explanation upon PSB portal account login.

 

Thanks for your attention, Best Regards:

Tamas Feher, Hungary.