[Date Prev][Date
Next][Thread Prev][Thread Next][Date
Index][Thread Index]
RE: Firewalls?
- To: <ukha_d@xxxxxxx>
- Subject: RE: Firewalls?
- From: "Mark Hetherington (egroups)" <mark.egroups@xxxxxxx>
- Date: Sun, 23 Sep 2001 21:46:50 +0100
- Delivered-to: mailing list ukha_d@xxxxxxx
- Mailing-list: list ukha_d@xxxxxxx; contact
ukha_d-owner@xxxxxxx
- Reply-to: ukha_d@xxxxxxx
It has been a while since I actually did the investigation (a little over
12
months) but fom what I have heard from some people not much is likely to
have been changed.
I first began seriously looking at firewall software for my home PC while
using the BT Internet Freephone number and then later Surftime sue to the
increased online time and increasing number of attacks. I tried various
options as detailed below:
Black Ice Defender
Quite poor. Alarm triggers for non events. A DCC chat in IRC would triger
multiple alarms. Blocks some trojans but many security holes. No stealth
capabilities. Log files difficult to parse and require an add on package.
No
application specific rulesets.
LockDown 2000
A more comprehensive solution that was less prone to false alarms. A neat
inbuilt utitily to track offending IP addresses back to their source and
automatically generate complaints. Limited stealth capabilities. Poort
Trojan protection. Does not protect completely so I originally used this in
conjunction with BlackIce Defender. Lockdown was a good way to detect BID
false alarms. No application specific rulesets.
Zone Alarm
Limited stealth capabilities. Lack of configurability. Not extremenly
compehrensive protection. Preferable to either BID or LD2K but syill had a
number of false alarms. I belove later versions addressed some or all of
these but reports I have seen from people online seem to indicate there is
still a problem with false alarms.
AtGuard
Finally one that came up to scratch. Very configurable with full rule sets
and stealth. False alarms are practically zero once the rulesets are
created. Built in log viewing and a number of handy statistics. Just before
Symantec bought the technology, there was a full release of this product
that was originally targetted to existing customers as a final upgrade but
all copy security and registration removed so it soon propgated the net.
The
company eventually allowed it to be treated as abandonware without any
support or updates. I ran this for a long time but a few things I was
missing were filled in by the soon to come NIS which I originally looked at
purely because of the AtGuard hiding inside.
Norton Internet Security 2001 (possibly 2K also)
AtGuard repackaged with a few bells and whistles thrown in including newer
AtGuard features which never made it into AtGuard releases before the buy
out of technology. I recently moved from AtGuard to NIS2001 for the
updates.
The interface is not as efficient as the AtGuard one, but with my AtGuard
version refusing to run under newer incarnations of Windows, the only real
upgrade path without doing a new investigation. Definitely recommended with
my only gripe being the interface. Some of the original AtGuard functions
are quite well hidden but once you find them you are back to the original
AtGuard interface. This is inconsistent with the front end that was bolted
on. Well worth the trial download and once you are used to it, registering.
It is a shame that they did not release a cut down version for free without
some of the extras that are not always useful but still gets my vote over
the others. Suitable as a firewall for a network but only configurable from
the host.
Linux
Assuming you want to put a machine between you and the net or move to the
OS, Linux offers a cheap (as in free) way to setup a firewall. It is the
most complex of solutions since a default linux install is not particularly
secure. Some knowledge of the OS and a lot of reading to work out what's
what is required to create a suitable firewall machine although newer
distributions have tried to create an easier interface to do this. Not
recommended unless you know the OS or have a patient friend to teach one or
a trustworthy one to go in and set up for you. You would also need to move
the DUN connection to Linux and install IP Masquearding and Port Forwarding
to perform an ICS type sharing of the connection. It is suitable as a
firewall for a network. Could be configured from the host PC or through a
suitably secured telnet SSH1/2 shell to the host from a client.
A hardware firewall is obviously the better bet in more secure
environments,
but IME the NIS and previous AtGuard have been more thna enough for my
needs. Zone Alarm gets many recommendations but my personal experience
leads
me to not concur with this recommendation. Out of those I have used and
tried, NIS is my winner. There were some others I tried briefly but they
either failed to install or had run time problems so I have ignored them
here.
HTH
Mark.
Home |
Main Index |
Thread Index
|