Personal Firewalls

Personal Firewalls
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Personal Firewalls johnj 08-19-2006
Posted by johnj on August 19, 2006, 4:29 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
This NG appears to be primarily professionals, but I'll ask anyway.

I've been asked to help support a set of computers at my church
(some new, some old) and get them connected onto a DSL line.
Unfortunately my experience has only been dial-up connection
and protected with an old version of ZoneAlarm on Win98SE & Win2K.

I need to install some firewall that's easy to use and maintain
as the support is all volunteers and not there during business
hours (except when there's a problem).

I have, in the past year, helped setup a new WinXP system for a
friend that came with Norton's security suite. What I saw
seemed a lot easier than my old version of ZoneAlarm because
it knows all the weird Windows services that pop up that I'm
not familiar with.

I've seen some negative comments about Norton/McAfee. But for
me are these Personal Firewalls a good choice? What other
options do I have?

TIA

Posted by on August 19, 2006, 9:20 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> This NG appears to be primarily professionals, but I'll ask anyway.
>
> I've been asked to help support a set of computers at my church
> (some new, some old) and get them connected onto a DSL line.
> Unfortunately my experience has only been dial-up connection
> and protected with an old version of ZoneAlarm on Win98SE & Win2K.
>
> I need to install some firewall that's easy to use and maintain
> as the support is all volunteers and not there during business
> hours (except when there's a problem).
>
> I have, in the past year, helped setup a new WinXP system for a
> friend that came with Norton's security suite. What I saw
> seemed a lot easier than my old version of ZoneAlarm because
> it knows all the weird Windows services that pop up that I'm
> not familiar with.
>
> I've seen some negative comments about Norton/McAfee. But for
> me are these Personal Firewalls a good choice? What other
> options do I have?
>
> TIA

You could install a computer running a standalone firewall with
multiple ethernet connections for the individual computers. But
this arrangement may be too complicated for your technical support.
One advantage is that one firewall would protect all the computers.

--
Using OpenBSD with or without X & KDE?
http://dfeustel.home.mindspring.com

Posted by xpyttl on August 20, 2006, 10:03 am
If you were  Registered and logged in, you could reply and use other advanced thread options
>
> You could install a computer running a standalone firewall with
> multiple ethernet connections for the individual computers. But

This is good, but not sufficient. For your situation, "Speechless"
suggestion of a router is not a bad choice (although I would prefer Linksys
simply because it is more common and thus more supportable). Personally, I
prefer the bastion to be a dedicated (i.e. no applications) Linux system
since the superior logging gives you a leg up, and it is much more
configurable than the packaged router. But it is also substantially more
difficult to configure.

But the bastion firewall and the so-called personal firewall each have
different strengths. You really do want both. You also want some sort of
spyware protection such as Spybot Search and Destroy.

The bastion firewall serves several purposes. First, it makes it difficult
for an attacker to even see your computers, let alone probe them. Secondly,
it can deny external connections with virtually no chance of a worm changing
those settings on you. Many attacks arrive via email or the web, that is,
connections that are perfectly legitimate. They then disable the
protections on the box. Unfortunately, most Windows users run as
administrator which enables this sort of thing. By not giving users
administrator privileges on the PC a lot of this sort of problem can be
avoided. With XP this is possible, but it still isn't very clean, so
setting it up so it is actually useable can be a chore.

The personal firewall is better at controlling outbound connections.
Certain connections you are perfectly happy with FOR SOME PROGRAMS, but not
for other programs. The personal firewall can tell what program is
attempting to make the connection, something the bastion firewall cannot.

Unfortunately, the choices of personal firewall are not good. Windows
firewall is decent, and at least well behaved. But it is the first thing
attackers go after. McAfee, if you can possibly get it installed, will
trash your system sometime in the future, almost guaranteed. Norton seems
to be working hard to make each release of their products more unfriendly
than the previous. All of these products need to be upgraded frequently to
keep up with the latest attacks, and most need a major upgrade once a year,
so you can count on a big annual headache.

So if you want to be reasonably secure, do both, but don't expect it to be a
picnic.

..



Posted by on August 20, 2006, 12:08 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Excellent Commentary! I was thinking of OpenBSD running only pf
as the bastion computer. Use a ($90) Soekris 4-port ethernet
card to get router/switch capabilities with dhcp and you have total
control over traffic.

--
Using OpenBSD with or without X & KDE?
http://dfeustel.home.mindspring.com

Posted by Speechless on August 19, 2006, 11:42 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

>This NG appears to be primarily professionals, but I'll ask anyway.
>
>I've been asked to help support a set of computers at my church
>(some new, some old) and get them connected onto a DSL line.

Use a router, such as NETGEAR FVS114 (4 port) or FVS318 (8 port),
depending on how many computers you have. You need 1 port per
computer. Just plug them in.

>Unfortunately my experience has only been dial-up connection
>and protected with an old version of ZoneAlarm on Win98SE & Win2K.
>
>I need to install some firewall that's easy to use and maintain
>as the support is all volunteers and not there during business
>hours (except when there's a problem).
>
>I have, in the past year, helped setup a new WinXP system for a
>friend that came with Norton's security suite. What I saw
>seemed a lot easier than my old version of ZoneAlarm because
>it knows all the weird Windows services that pop up that I'm
>not familiar with.
>
>I've seen some negative comments about Norton/McAfee. But for
>me are these Personal Firewalls a good choice? What other
>options do I have?
>
>TIA


Similar ThreadsPosted
Firewalls November 12, 2004, 12:58 pm
Firewalls November 12, 2004, 6:38 pm
Is Comodo firewall really good in comparison to other firewalls (e.g. ZoneAlarm)? September 22, 2006, 1:57 pm
Novice Questions: Non-Standard Service Listening on Port/Firewalls August 18, 2004, 2:12 pm
Personal Information (PI) Detection September 25, 2007, 3:49 pm
My personal DNSSEC key distribution November 27, 2007, 6:45 am
Thawte personal email certificates July 4, 2007, 11:26 pm
Local Governments Can Sell Your Personal Information August 2, 2006, 11:11 pm
Configuring Norton Personal Firewall assistance requested March 24, 2006, 8:21 am
Fraudsters stealing personal details from discarded computers August 18, 2006, 8:28 am

The site map in XML format XML site map

Contact Us | Privacy Policy