|
Posted by SteviE on November 29, 2004, 10:27 pm
If you were Registered and logged in, you could reply and use other advanced thread options
I have a dsl connection, with an 'always on' router running with NAT
enabled.
I have installed on my PCs Zonealarm, 2 free editions and one runs the
security suite.
I've lately been persuing the idea of a seperate firewall, rather than
a (software) firewall on the PCs I'm trying to protect.
To this end I've got myself an old P2 400 Mhz and stuck smoothwall on
it. Its not yet in the system, need a switch etc.
Assuming I manage to get this firewall up and running, between my
switch within my LAN and my router is there any point in continuing to
run Zonealarm, other than for the virus protection?
I'm assuming that the smoothwall is better because its a direct
barrier in the connection.
Any thoughts on this appreciated.
|
|
Posted by SteviE on November 29, 2004, 10:32 pm
If you were Registered and logged in, you could reply and use other advanced thread options
wrote:
>I have a dsl connection, with an 'always on' router running with NAT
>enabled.
>I have installed on my PCs Zonealarm, 2 free editions and one runs the
>security suite.
>I've lately been persuing the idea of a seperate firewall, rather than
>a (software) firewall on the PCs I'm trying to protect.
>To this end I've got myself an old P2 400 Mhz and stuck smoothwall on
>it. Its not yet in the system, need a switch etc.
>
>Assuming I manage to get this firewall up and running, between my
>switch within my LAN and my router is there any point in continuing to
>run Zonealarm, other than for the virus protection?
>I'm assuming that the smoothwall is better because its a direct
>barrier in the connection.
>Any thoughts on this appreciated.
Sorry forgot to say I've checked with the shields up site,
http://www.grc.com/x/ne.dll?rh1dkyd2
and all service ports up to 1055 are in stealth mode.
When I shut down Zone alarm they remain in stealth mode.
Is it worth keeping ZA to indicate, and consent, to new programs
accessing the internet?
|
|
Posted by Dave English on November 30, 2004, 11:12 am
If you were Registered and logged in, you could reply and use other advanced thread options >I have a dsl connection, with an 'always on' router running with NAT
>enabled.
>I have installed on my PCs Zonealarm, 2 free editions and one runs the
>security suite.
>I've lately been persuing the idea of a seperate firewall, rather than
>a (software) firewall on the PCs I'm trying to protect.
>To this end I've got myself an old P2 400 Mhz and stuck smoothwall on
>it. Its not yet in the system, need a switch etc.
>
>Assuming I manage to get this firewall up and running, between my
>switch within my LAN and my router is there any point in continuing to
>run Zonealarm, other than for the virus protection?
>I'm assuming that the smoothwall is better because its a direct
>barrier in the connection.
>Any thoughts on this appreciated.
Software firewalls can be better for understanding and controlling
outgoing connections. That is because they can often tell which
application program is trying to connect. That means both that you can
often make rules specific to a particular application program and that
you can more easily diagnose new unexpected outgoing connection
attempts.
Regards
--
Dave English Senior Software & Systems Engineer
Internet Platform Development, Thus plc
|
|
Posted by SteviE on November 30, 2004, 11:39 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>I have a dsl connection, with an 'always on' router running with NAT
>enabled.
>I have installed on my PCs Zonealarm, 2 free editions and one runs the
>security suite.
>I've lately been persuing the idea of a seperate firewall, rather than
>a (software) firewall on the PCs I'm trying to protect.
>To this end I've got myself an old P2 400 Mhz and stuck smoothwall on
>it. Its not yet in the system, need a switch etc.
>
>Assuming I manage to get this firewall up and running, between my
>switch within my LAN and my router is there any point in continuing to
>run Zonealarm, other than for the virus protection?
>I'm assuming that the smoothwall is better because its a direct
>barrier in the connection.
>Any thoughts on this appreciated.
Just to let you know I'll keep everything running.
My router will remain NAT. I've also got it set up with a DMZ pointing
to a non existent IP - I have no intention of running any public
servers.
The Smoothwall will be put between this and my LAN.
My pcs will continue to run ZA, since as I thought it will allow me to
monitor programs attempting internet access.
Thanks for the responses, I'd say a software firewall is a poor
solution on its own?
|
|
Posted by E. on December 1, 2004, 8:46 am
If you were Registered and logged in, you could reply and use other advanced thread options
> I have a dsl connection, with an 'always on' router running with NAT
> enabled.
> I have installed on my PCs Zonealarm, 2 free editions and one runs the
> security suite.
> I've lately been persuing the idea of a seperate firewall, rather than
> a (software) firewall on the PCs I'm trying to protect.
> To this end I've got myself an old P2 400 Mhz and stuck smoothwall on
> it. Its not yet in the system, need a switch etc.
>
> Assuming I manage to get this firewall up and running, between my
> switch within my LAN and my router is there any point in continuing to
> run Zonealarm, other than for the virus protection?
yes. It will alert you after you have been buggered, and give you reason
to examine what is going on.
> I'm assuming that the smoothwall is better because its a direct
> barrier in the connection.
Smoothwall will allow anything out that wants out if you leave it in the
default config. It is better than relying on a PFW tho. Play with it.
> Any thoughts on this appreciated.
re: all this thread... funny ... here's me thinking that security was
about the intelligent application of *layers* of security.
PFW's can be a very useful part of an overall security strategy. Their
main purpose is to stop inbound connections and to alert you when an app
tries to talk. If you are in the situation where malware can get to your
desktop in the first place then there is something seriously wrong with
how your defences are layered.
Most touted hardware firewalls allow everything out by default. This
includes almost every NAT based widget on the market, smoothwall, IPCop
and other Linux based fwalls.
Smoothwall, IPcop, linux based and 'real' firewalls will allow you to
create unlimited outbound rules, block sites, filter content, reduce DOS
attacks(in theory), check the contents of packets etc whereas NAT based
and PFWs usually don't. NAT boxes often have bugger all memory and will
only allow you to create 10-15 outbound rules. I'm yet to see one that
has an implicit Deny any any/Deny all rule for outbound either.
Just my $0.02
E.
P.S Zonelarm can stop most email borne malware as it can be configured
to rename attachments. (vbs, exe, scr, pif etc)
|
| Similar Threads | Posted | | Firewalls | November 12, 2004, 12:58 pm |
| Firewalls | November 12, 2004, 6:37 pm |
| Win XP SP2 & Firewalls | November 22, 2004, 12:33 pm |
| DSM-320 & firewalls | November 26, 2004, 12:57 am |
| Too much firewalls? | February 23, 2005, 8:29 pm |
| firewalls | March 21, 2005, 11:52 am |
| Pix and ISA firewalls | May 18, 2005, 6:55 pm |
| Firewalls and AOL | August 20, 2005, 3:02 pm |
| Too many firewalls? | November 12, 2005, 5:06 pm |
| 2 firewalls in 1 PC? | January 17, 2006, 5:40 pm |
|
XML site map