lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed Jan 18 02:00:02 2006
From: me at n33t.org (Nick Hyatt)
Subject: PC Firewall Choices

Given the choice between one of those selections and a standard Linksys
router / firewall combo, wouldn't it be safer to go with the hardware
firewall? I find the configuration options to be quite a bit more in-depth,
and the hardware firewall doesn't get itself as stuck in the system as say,
ZA does.

Nick Hyatt
me@...t.org
  

-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Nic Werner
Sent: Tuesday, January 17, 2006 4:05 PM
To: Steven
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] PC Firewall Choices

ZoneAlarm - gets in the way, and hard to diagnose problems. You end up
turning it off because it never remembers your settings and you can't trust
it.

Kerio - I liked the best, but the GUI would crash when trying to display all
your packets. This is a known bug. Allows you to create rules, and to see
how they are applied in comparison to the system-generated rules. Definitely
try.

8Signs - Said it had stateful packet inspection, but didn't. I gave up
trying to poke a hole for TFTP.

I haven't tried Tiny, its next on my list. The toughest part about these
firewalls (for me) is determining how/when a packet is filtered.
Does it hit the internal rules first or does it check against yours?
If one time you hit Permit on a pop-up window, can you go into the program
and find rule?


On 1/17/06, Steven <steven@...ebug.org> wrote:
> I am looking at supplementing the Windows XP (Pro) SP2 Firewall with a 
> third party product on a bunch of Windows machines.  I am trying to 
> determine what product to go with and wanted to solicit some opinions 
> from this mailing list.  The four that I really come across and have 
> used in some cases are ZoneAlarm, Sygate, Norton, Kerio, and Tiny.  My 
> understanding is that Norton has actually acquired Sygate and that the 
> Sygate Personal Firewall probably wouldn't be the best choice of these 
> now.  With that in mind I am looking for a product that easy to setup, 
> easy to use, works well, and does not take up too much in terms of 
> system resources or harddrive space ( I also don't want it to add 20
minutes to the boot process either).
>
> I am not looking for e-mail protection, anitivrus, or any other 
> non-firewall type services to be included.  I do however want it to be 
> able to manage applications and their internet usage.  (i.e. if they 
> install something new that tries to access the web (trojans included) 
> they will get a popup telling them something is doing this).
>
> Any suggestions and opinions on the above products and any others that 
> I might not have mentioned are welcomed.
>
> Also -- on top of this if someone knows of software/hardware that can 
> scan these machines and verify whether or not both the SP2 FW and/or 
> the 3rd part FW -- and perhaps prevent them network access if they are 
> not running -- please let me know. [I am not sure what security 
> products have these capabilities]
>
> Thanks
>
> Steven
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


--
- Nic
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists