Sophos and a Draconian Firewall

As I said previously, I am going to talk more about Sophos and my adventures with it.

The first part that I need to address is Sophos’ firewall. It’s beyond awesome. But the phrase “draconian” is an absolutely accurate description. During the initial setup wizard, Sophos ask you what services you want to allow by default. The default services it configures Remote Access (RDP, VNC, etc), Instant Messaging, VoIP, Email and Web Surfing. You can select any combination of these services.

As I said previously, I am going to talk more about Sophos and my adventures with it.

The first part that I need to address is Sophos’ firewall. It’s beyond awesome. But the phrase “draconian” is an absolutely accurate description. During the initial setup wizard, Sophos ask you what services you want to allow by default. The default services it configures Remote Access (RDP, VNC, etc), Instant Messaging, VoIP, Email and Web Surfing. You can select any combination of these services

Firewall Wizard

 

And for the most part, these are all you need for normal usage. It allows normal web traffic. Namely browsing and email. For a commercial/corporate network, this is ideal and all you would want. No unknown traffic will be allowed basically. That means no games, to torrents, no nothing. If it isn’t explicitly allowed, it gets dropped. There are ways around this, but VPN traffic isn’t allowed by default.

Now, if you don’t understand why this is good, then just think about this: what happens if a virus infects your network? First thing they tend to do is to phone home. If it uses a non-standard port to communicate, then it won’t be allowed. That’s great for data mining malware. Just let that sink in for a minute.

However, that’s not a fool proof system. The firewall is only a port based firewall. Well, it’s a bit more complicated than that, but you get the idea. However, by default Sophos also includes and uses an inline proxy. I believe it uses Squid, but I am not sure. However, it filters the web traffic automatically. You can use this to prevent access to all sorts of websites. Such as blocking access to drug/porn/etc websites. And force “SafeSearch” on Google, Bing and Yahoo. Great for a household with a teenager! Especially as you can allow exceptions.

URL Filtering

 

 

Additionally, Sophos includes built in Malware protection/inline virus scanning. This means that your browsing is that safer. And it uses Avira and Sophos for the antivirus scanning. You can choose one or both solutions. But enabling both is more resource intensive. It also allows you to filter out file extensions and mime types. And you can strip out ActiveX, Java, Flash, and disable Javascript, which are all common attack vectors.

Malware Filtering

 

So, as you can see, Sophos is incredibly powerful, and fairly simple to use. And this is all included in the Free/Home license. Doesn’t get better than that.

Well, as I mentioned above, the firewall blocks all unknown traffic. This means that unless you explicitly allow other traffic, it won’t get through. It means that if you have any games that you play, they will not connect. Or any servers or applications that require an outgoing connection on a “normal” port (such as uTorrent, TeamViewer, etc). That is great for controlling the traffic on your network. However, it can make things inconvenient. To regain usage of these applications, you will need to manually allow each of these services through the firewall. This is incredibly secure, but now you may see what I mean by “draconian”.

In the next post, I’ll be going over how to allow access through this firewall.

 

 

Author: Drashna Jael're

Drashna Jael're

4 thoughts on “Sophos and a Draconian Firewall”

    1. I’m not sure what you mean.

      If you plan on keeping it in a VM, then you need to have two external network adapters. Connect one to the internet, and one to a network switch to which the rest of the network is connected to.

      Otherwise, get a computer that has at least 2 network adapters.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.