Firewalls -- Your recommendations please
Xyphus
South Bend, Indiana
Okay... In preperation for my upcoming DSL service, I went out and purchased a D-Link DI-704P Firewall/Router/PrintServer.
Now I know that the router has a built-in hardware firewall, and in most respects it should do me just fine. (has the ability to block/allow ports, set the network as "un-pingable", uses NAT, etc.)
However, as an extra precatution I was considering a software firewall as well. I have been looking into either ZoneAlarm Pro 4.0, or the Sygate Pro 5.1 firewalls.
Which, in your opinion, is the better choice? Do they both offer the same features and bang for your buck?
Now I know that the router has a built-in hardware firewall, and in most respects it should do me just fine. (has the ability to block/allow ports, set the network as "un-pingable", uses NAT, etc.)
However, as an extra precatution I was considering a software firewall as well. I have been looking into either ZoneAlarm Pro 4.0, or the Sygate Pro 5.1 firewalls.
Which, in your opinion, is the better choice? Do they both offer the same features and bang for your buck?
0
Comments
I have never used the sygate or symantec personal firewalls so I can not comment on how well they compare to zonealarm. If they do the same as zonealrm at protecting your computer I'd go with the cheapest out of them.
Edit://
https://grc.com
This site is a great security site. They have a secure online program called Sheilds up which will attempt, in a secure zone, to connect with ports on your computer. Your firewall should block the sites attempts to gain access to these ports. After it tests your firewall it will give you a summary of what ports if any it was able to contact.
I have used various software firewall package's, and in my opinion this is the best of the bunch.
I agree with Bad_Karma, have a good look at http://grc.com Its a great site. It has some other applications that come in handy.
I used to use Zone Alarm (the free version) several years ago, but ran into a spell where on about every third boot I would lose all internet access.
I do use the XPpro firewall, too.
Am I OK, or just lucky?
Prof
I am paranoid about people getting into my PC, so I've got just about every program you could think of on there. Linky router to start, ZA 4.0, Norton AV, TrojanHunter, Ad-Aware, SpywareBlaster, Script Sentry, and Spybot S&D.
And well never been hacked never dos attacked, never been syn flooded etc..
Tek
We switched to the Linksys routers, and had no problems since. Meanwhile, the D-link 604's work great at 4 locations for another client...on a different cable ISP! So, the hardware at one ISP may be different from the next. Check with them before spending $50+ on a hardware router.
PS - I prefer the Linksys router anyways, so I recommend it if you wish to go the hardware route.
Dexter...
I disagree pretty strongly with this, Slick... Unprotected "home" PCs are usually the first to be attacked since they are the easiest/most vulnerable for the script kiddies to find. They'll scan a whole neighborhood's worth of IPs and find every unprotected computer they can, so they can install IRC zombies on there and use the poor computer as a platform for DDOS attacks. It happens way more often than you think.
Once in a while a customer brings in their home computer to me and I often find a trojan as a result of "home computer" syndrome.
I totally agree with Primesuspect, Slick. I just ran a quick scan on my cable subnet, and then picked 5 of the active computers on the subnet to run basic port scans. Even on the simple short scan, 3 of those 5 had open ports, even the obvious Windows networking 139 port open. I didn't bother trying to see if they had basic username security, and I bet if I did a full port scan (not approved by most ISP's, by the way...) there would be all kinds of open backdoors and trojan shares.
Don't kid yourself into thinking someone will only hack you if they have a grudge against you. There are all kinds of "kiddie hackers" out there these days who love to find open ports, set up a trojan, and then start using your computer to run their own FTP or download from from Peer-to-Peers on to your hard drive, eating up your bandwidth instead of paying for their own.
Broadband connection + no firewall = stupid. Plain and simple.
And yes, Prime' is right, basically anything plugged into the 'net is at risk. To go without a firewall in this day and age would be fool hardy to say the least.
Cheers
NS
To set up the trojan on the users system the server file needs to be executed. In my experiences (or my assumptions
Havnt run a Virus scanner or Firewall for years. Keep an AV installed to scan the occasional file though, just incase.
NS
Yes it is much better. Its Internet Vector Service doesn't quit for no reason anymore.
I've never been too fond of zonealarm, but i havent used that latest version either.