[BBLISA] Firewall question #2

Edward Ned Harvey eharvey at engim.com
Fri Mar 12 10:59:30 EST 2004 

So far, I have tried two free firewalls and one commercial trial.  Here
are my reviews:

------------------------------------
ZoneAlarm --

This has superior performance when you want to filter based on
application.  It does not allow complex access/filter rules.

This does not allow you to create more complex filter rules.  Your only
choice is to filter on application.

This product is not acceptable if your computer joins a domain.  Much of
domain traffic (login script, auto-map network drives, etc) gets blocked
by this firewall, and when you go to look at the program access lists,
the program is simply blank.  You cannot allow that traffic to pass
unless you create a "Trusted zone," such as "Allow all traffic between
here and 192.168.1.85" or something like that.

Not acceptable for domains.

------------------------------------
Sygate --

This has weaker performance if you are trying to filter based on
programs, but it's great if you want to create rules based on
type-of-traffic.

When you are filtering based on trusted programs, sygate starts
forgetting about decisions you've made in the past and things like that.
So that part of the firewall is buggy.

Sygate is great if you want to filter based on type-of-traffic.

For example, I would use sygate if I want this filter ruleset:
	- Deny all outbound NETBIOS traffic if it's going through the
router.
	- Allow all outbound TCP traffic (except above)
	- Allow inbound tcp traffic on port 22, if the source is
192.168.x
	- Deny all inbound tcp traffic (except above)


------------------------------------
Norton Personal Firewall --

Man, I give this a BIGTIME thumbs down.  You're presented with a
choice, "Do you want to allow such-n-such application access?"  So you
are unsure, and you choose Yes or No.  Then you realize you made the
wrong choice, and they give you no way to go back and review your
ruleset, or make modifications to your past decisions.  Bigtime thumbs
down.

------------------------------------


> -----Original Message-----
> From: bblisa-bounces at bblisa.org 
> [mailto:bblisa-bounces at bblisa.org] On Behalf Of Eric smith
> Sent: Friday, March 12, 2004 9:42 AM
> To: jco
> Cc: BBLISA; Edward Ned Harvey
> Subject: Re: [BBLISA] Firewall question #2
> 
> 
> Just as an aside to these points, I believe there already has been a 
> virus that altered the "allowed" software list for zonealarm. 
>  I believe 
> zonealarm now protects against this (probably 
> encrypts/checksums the list.)
> 
> Another reason to use a software firewall is when you VPN into work. 
> This will completely bypass your local hardware firewall.  
> We'd all like 
> to think that our networks safe, but one virus is all it takes.  It 
> spreads to someone who has vpn'ed in, and then comes back the 
> next time 
> they tunnel back in.  Personally, I have a hardware (netgear) and 
> software (zonealarm) firewall, along with anti-virus software.
> 
> I have had a few problem with zonealarm (stops certain programs from 
> connecting out no matter what) but an upgrade to the latest 
> version has 
> always solved it.
> 
> Eric
> 
> jco wrote:
> 
> > I know this isn't want you asked.  But I think you should really
> > encourage people to use Home Firewall/router hardware.  It's only a 
> > matter of time, if it hasn't happened already, before 
> someone write a PC 
> > virus that knows how to turn off Kernel IP filtering, or 
> even worst open 
> > the ports it needs/wants.
> > I'm a really big fan of the hardware ones they have nice Webbased 
> > management, they come in total stealth mode, don't allow anything 
> > inbound,  don't respond to ping on the WAN, NAT turned on, 
> and use the 
> > IP address of the first inside machine they see.   They have some 
> > bugs... and I'm really overworking mine, but they do work.   And at 
> > $60-70 RETAIL, they really can't be beat.  Yes you can pay 
> $100+ for 
> > them but then tend to have a lot of extra stuff like a WAP, and a 
> > printer port.
> > It's worth the money.  And if you have enough home users, 
> it might make 
> > sense for your company to buy bulk and just give the 
> suckers away with 
> > new laptops.  All the netgear ones are even remotely 
> manageable.  (not 
> > in a way I like, but it could be done.)
> > 
> > johno
> > 
> > Edward Ned Harvey wrote:
> > 
> >> I'm looking for a free software firewall that I can recommend for 
> >> people to use for home usage.
> >>
> >> In the past, the only one I tried was Sygate, and it 
> seemed ok, but 
> >> then it started crashing a lot and generally flaking out.
> >>
> >> So I'd like to hear if anybody's got a good recommendation 
> for a free 
> >> software firewall.
> >>
> >> Thanks #2!
> >> _______________________________________________
> >> bblisa mailing list
> >> bblisa at bblisa.org http://www.bblisa.org/mailman/listinfo/bblisa
> >>  
> >>
> > 
> > _______________________________________________
> > bblisa mailing list
> > bblisa at bblisa.org
> > http://www.bblisa.org/mailman/listinfo/bblisa
> > 
> 
> _______________________________________________
> bblisa mailing list
> bblisa at bblisa.org
> http://www.bblisa.org/mailman/listinfo/bblisa
>

More information about the bblisa mailing list