|
Firewalls....which one to choose?
|
View this Thread in Original format
| b4k-oz |
I may have to do some revamping and need some input and recommendations for some very good firewalls.
Also...can anyone explain the pros and cons of partitioning if the o/s is xp.
Any input would be greatly appreciated. |
|
|
| amb_ |
She said "penetrated"...
hehehehehehehehehehehehe
;) |
|
|
| DJ El Kay Dee |
| quote: | Originally posted by amb_
She said "penetrated"...
hehehehehehehehehehehehe
;) |
*covers mouth and giggles like a little school girl too*
hehehehehehehhehe |
|
|
| b4k-oz |
ok guys....let me change it then to....
Can anyone name some good and bad firewalls.:p |
|
|
| DJ El Kay Dee |
| quote: | Originally posted by b4k-oz
ok guys....let me change it then to....
Can anyone name some good and bad fireballs.:p |
teeeehehehehe :D |
|
|
| SurrJRS |
| quote: | Originally posted by b4k-oz
Can anyone name some good and bad firewalls.:p |
Sure, a great firewall would be a Cisco PIX 535 :) |
|
|
| dallastar |
I dunno all that much about how much penetration a Firewall could get - but I would love all that and MUCH MUCH more!;)
:eyespop: j/k |
|
|
| St_Andrew |
| i want to know a good software one for windows... zonealarm is driving me nuts... esp with ics |
|
|
| rabbitjoker |
As posted here: http://www.tranceaddict.com/forums/...10&pagenumber=7
------------
If you’re all bonered-up about security here are your 3 best options (in order of quality):
a) build yourself a *nix box to act as your firewall / gateway, keep the box secure, manage frequent updates, etc, etc.
b) purchase a hardware firewall gateway/router/switch product
c) use some sort of software firewall (windows, Sygate, Zone Labs, Norton, etc)
Option A is best – but is a heck of a lot of work, as you have to maintain and update the machine quite a bit. If your machine is compromised – so is your security.
Option B is better than C (physically located separate from your machine), but not as good as A (since A provides more options, various software, etc). IMO it's better than A as well (if you buy a GOOD one) - due to the maintenance required for A.
Option C is the worst – simply because if your machine is compromised – so is your security.
====================
When I got broadband about 5 or 6 years ago I chose option B – to get a hardware security solution. I’ll share my experiences/knowledge about all this.
Many of these hubs or switches you buy nowadays usually have some basic security options built into them – however they aren’t that great (but better than nothing). They are basically a hubs/switches with a cheap firewall chip thrown on it. I’ll call them all-in-one units. The all-in-one units lack a number of the important tools to ensure that your computer is completely protected.
So the basic thing to be known is that all-in-one products with built-in firewall/network systems is that they can provide very simple basic security. However the all-in-one units do leave out quite a bit of customization and a number of security options what would truly make a system secure. To conclude this “all-in-one” unit bit – they do provide better protection that doing nothing at all and provide better protection than software (Sygate, Zone, BlackIC, Norton, etc) but NOT better than a focused hardware firewall (and the cost differences aren’t all that much either)
Most importantly there are a few hardware firewall products that do a VERY good job and are rated by ISCA Labs who is in the business of testing devices for security quality. (TrueSecure - who provides certification services which test resistance to security threats and risks; certification is awarded based on pass/fail scheme).
I have a ZyXel (http://www.zyxel.com) ZyWall 10W - Internet Security Gateway with Wireless Ready (see links below) with the wireless option installed.
The ZyWall 10W is certified by ISCA Labs as a firewall / IPSec product (meaning it met the high levels of standards for security set by ICSA)
The ZyWall 10W product gives me a full featured hardware firewall, stateful packet inspection, SUA/NAT, IPSec for VPN, DHCP Server/Gateway, content filtering, packet filter, static routing, UpnP, bandwidth utilization rules, and fair-over/ fail-back (so when the broadband goes down, it auto-connects to you dial-up, and back when the broadband is back up).
ZyWall 10W Link: http://www.zywall.com/products/mode...alue=1021873683
A marvel of engineering if you ask me!!
====================
The drawback with the ZyWall 10W is that it is not a hub, and it is not a switch – but it is a GATEWAY. Meaning it can handle the processes behind operating a switch/hub, but it doesn’t have the switch/hub ports. So to run more than one computer off the ZyWall 10W you’d have to buy a switch (stay the hell away from hubs – only buy switches).
Here’s a bit of a diagram to show the differences between setting up an actual hardware firewall (ZyWall) or “all-in-one” unit:
“All-in-one”: Computer -> [Hub/Firewall/Switch] -> modem -> world
Hardware Firewall: Computer -> [switch] -> [hardware firewall] -> modem -> world
So see – if you want to run more than one machine of the XyWall 10W – you need the switch. Get a 100 Mbps switch as the XyWall 10W supports 100 Mbps (the switch should cost less than $50 for a 5 port)
Wireless You Ask?
The ZyWall 10W supports G class wireless. You buy an upgrade card that slides into the back of the ZyWall 10W and you automatically have all the benefits of wireless built right into your product.
If you want to make the whole place wireless – just forget about the switch and make every machine in your place wireless (which is what I have done).
Anyway – this my setup – and I am uber-secure, windows or not.
Sorry for going too long with this – I’ll try to be shorter next time. |
|
|
| djdustx |
i use mcafee is pretty good...but every week u run into something
but there virus prog is ...mondo
for virus i use AVG Free Edition...i was previously using norton...and then tried mcafee. Once i installed this motha...it picked up 126 trojans that the others could not trace...so i recommend it
sebasano |
|
|
| MarkT |
| RJ's post gave me a headache...I plugged in a LinkSys router (not wireless) and called it a day :p |
|
|
|
|
