[escalader]

I just posted this thread at http://www.wilderssecurity.com/showt...734#post976734
if that is more convenient.
Hi Firewall Users.

I am not seeking a debate here just experienced views.

ZA Pro 7.0.337 is my current firewall. Even though I have 5 months to go in it's license I am not married to it at all! (or any other specific tool for that matter).

Here is a series of questions/requests for opinions pro and con and the technical rationale/ reasons for those opinions.

I have a list of 5 FW tools here and I'm likely to go with 1 of them in 5 months time.

1. COMODO
2. Look "n" Stop
3. ZA Pro
4. Outpost
5. PC Tools FW


What are the critical functions a FW must have? (I started it)

IN/OUT control
Program level rules
Trusted sites list
Ease of use with other security softwares
No known conflicts with other software
Effective Vendor support

What are the main (1-2?)Pros and Cons of each? What is the technical rationale/ reasons you have for the Pro's and Cons?

1. COMODO
2. Look "n" Stop
3. ZA Pro
4. Outpost
5. PC Tools FW


Some of you may feel a good FW is missing so add it in with same data!

When done I will be glad to summarize the results and provide it here!

Thank you in advance.

[Stoner]

Good morning

I'm using an NAT firewall router, Kerio 2.1.5 and to further filter incoming...Firefox with Adblock+, Flashblock and NoScript.
Seems to work well for me.
Naturally, I have other apps to stop malicious activity, but the above are what I use to filter incoming.

[hewee]

Lets not forget a good hosts file.

[escalader]

Hello:

Could you expand what is meant by "good" / "bad" on a host file within FW theme?

Take it easy!

[hewee]

A hosts file is used to block web sites. So is used to block ads, tracking sites, cookies etc and to block bad web sites.

See Blocking Unwanted Parasites with a Hosts File

So using it with a firewall just protects you even more. If your online then you can get to any website like this one that is good.
But you can stop the ads, tracking cookies and if there is a link that will take you to a bad site then it will keep you from going there so it protects you.

I block out almost 69,000 sites with my hosts file.

[lotuseclat79]

A firewall should not be leaky. Checkout the website http://www.firewallleaktester.com and read its web pages for more info and rankings of firewalls wrt Testing done by that website author.

How a firewall handles fragmented packets is important as there are techniques the crackers use to get past firewalls.

A good strategy (redundancy) is to use both a hardware and software firewall just in case the hardware firewall gets compromised or the hardware fails. A reasonable hardware firewall should do both NAT and SPI (network address translation and stateful packet inspection) and be easy to configure/reconfigure. Note: always change the default (mfgrs) hardware firewall password after you have configured it as this is one of the vector entry points of crackers.

-- Tom

[escalader]

Thanks Tom:
Yes, I agree, I have a Linksys Cable/DSL router with 2 PC's on it. In front of that I have an AlphaShield hardware firewall. So those are there when I don't have software FW running.

The leakage I am referring to is/was a feature of ZA Pro called MyVault which stores bank account numbers passwords, names and addresses etc. I asked a lot of questions on this and although the answers helped there is doubt about it being 100% leak proof when used under certain conditions and it doesn't cover all ports.

Thanks for the information on FW features. I'm summarizing it for later release on my forums.

[Rockn]

Why would you use any software product to store passwords, names and addresses? Seems like you are wanting to be compromised or lose the information.

While I agree that multiple layers of security are a good thing for businesses, the average home user with a NAT based router will have sufficient protection for inbound traffic. A software firewall and NAT still seems like overkill since most people wouldn't know how to configure one or intemperate what is going on in the first place.

I would challenge anyone with a NAT based router to disable the personal firewall and do an online scan and also scan it with the firewall enabled to see if there is any difference in protection.

All you need is a very good AV program, some basic spyware software and a NAT firewall.

[escalader]

Quote:

Originally Posted by Rockn

Why would you use any software product to store passwords, names and addresses? Seems like you are wanting to be compromised or lose the information.

.............

Well, of course no one would and I don't. However, have a look at this product's features:
My OLB allows up to 32 position psws and no one can remember those so they are on a USB stick encrypted when needed then removed physically.

I wanted ZA Pro to prevent persoanal ID stuff in an outbound sense. I'm not sure it is possible to have overkill in this world when security of your id is in doubt. But that is just my view. You may have another! C'est la vie!

Roboform is the top-rated Password Manager and Web Form Filler that completely automates password entering and form filling.
RoboForm was named PC Magazine Editor's Choice, and CNET Download.com's Software of the Year. RoboForm:
Memorizes your passwords and Logs You In automatically.
Fills long registration and checkout forms with one click.
Encrypts your passwords to achieve complete security.
Generates random passwords that hackers cannot guess.
Fights Phishing by filling passwords only on matching web sites.
Defeats Keyloggers by not using keyboard to type passwords.
Backs up your passwords, Copies them between computers.
Synchronizes passwords between computers using GoodSync.
Searches for keywords in your passwords, notes and Internet.
Portable: RoboForm2Go runs from USB key, no install needed.
PDA-friendly: sync your passwords to Pocket PC and Palm.
Neutral: works with Internet Explorer, AOL/MSN, Firefox.
IE 7 and Vista are now supported.

[Rockn]

In my opinion the more software you rely on to store your personal information the more likely it is that one of them will be compromised. What happens if you lose of forget your master password?

I don't save passwords anywhere or keep personal or identifying information on my computer, period...no worries.

[escalader]

Quote:

Originally Posted by Rockn

In my opinion the more software you rely on to store your personal information the more likely it is that one of them will be compromised.

Answer= I agree with the more you have the more likely one will be compromised concept. However, given we store personal information on computers and and take the less software is safer route then it follows that ALL personal information is in one place!

What happens if you lose of forget your master password?

Answer= then my friend you are dead in the water! Sort of like a home safe, if you can't find or remember the combination!

I don't save passwords anywhere or keep personal or identifying information on my computer, period...no worries. This is your statement and I respect it. There can be no reply to it!

My statement is; " I do use my computer for OLB, income tax, email purchasing things on occasion, so I don't and can't void the PC of all personal information."

Thus my thread on firewalls, I want to minimize the chance of one or more of my applications leaking information to the bad guys whoever we may think "they" are.

So for me, IN/OUT FW is minimal protection.


If I use a PC for entertainment only games etc and surfing about then I don't need any protection ever! If an intruder crashed my party, I can wipe the PC , reinstall every thing and be back in business, or just keep a clean OS image and restore in minutes!

[hewee]

Guess now days if you use a PC for things like taxes, paying bills and email purchasing etc then to protect yourself the best is have a 2nd PC to use so your only online with that PC a short time. Still have what needs to be done to protect your PC but you will not need to be going all over the web with that PC where you could pick up something that gets on your PC and gets all your personal information.

[escalader]

Quote:

Originally Posted by hewee

Guess now days if you use a PC for things like taxes, paying bills and email purchasing etc then to protect yourself the best is have a 2nd PC to use so your only online with that PC a short time. Still have what needs to be done to protect your PC but you will not need to be going all over the web with that PC where you could pick up something that gets on your PC and gets all your personal information.

Yes, I agree with that idea completely! It is my dream to have the second one to do that.

[hewee]

Quote:

Originally Posted by escalader

Yes, I agree with that idea completely! It is my dream to have the second one to do that.

I don't use my PC for anything like this but if I ever did I would just get a cheap PC for the online dealings so it's online only a short time to do what needs to be done.

[Stoner]

I don't do any online financial activity so there is no reason for me to have any account #'s in my main computer.
All my family concerns, financial and tax records go into an older Dell Optiplex 110 P3 800 with a new hard drive in it. It never goes online. Anything off the internet I need put into that comp I transfer with a USB flash drive from my 'surfing' box..
I bought it at a business auction for ~$35 and added a USB2 card for fast scanning.

Before that, I was using a P200 for the same and still would if I could have found a USB2 card to work with that old of a processor

You don't really need much for an 'office' like setting.