Choosing a firewall

[catachresis]

8 Signs Firewall is, apparently, the creator-marketed version of the rebranded Visnetic Firewall. It is tiny (under 1 meg) and light on resources. I've been fooling with it and it seems very impressive. No crashes (unlike look'n'stop) and GRC 'shields-up' says it's fine. I'd be curious to know if anyone else has tried it.

http://www.ccsoftware.ca/8signs/

 

[LTR12101B]

On broadband, a router makes a good "outer layer" firewall, even if you don't have multiple machines.

You still need a software firewall to control application outgoing access, but a router generally gives protection against unrequested incomings, equal to or better than the first WinXP connection firewall. If your router keeps a log, it's interesting to see just how much junk it's discarded.

And unlike software firewalls, a router generally never crashes or drops it's guard during updates, so it's a good layered strategy - just DON'T expect to see usable logs for reporting from your software firewall, if the router is discarding the probes for proxy and RAT ports.

 

[incognitu]

I think I've designed a good security design for my computer (call me paranoid). I plan to use the following scheme:

- Sandbox (SSM)
- Software Firewall (Controling Outgoing Data, Allowing Incoming Data)
- NAT Router (Controlling Incoming Data, Allowing Outgoing Data)
- Software Proxy Filter (Proxomitron)
- Spyware Control (AdAware, SpyBotSD, SpySweeper & SpywareBlaster)

For those of you who don't fully undestand my firewall policy, I'll try to explain: the NAT router, by default, blocks all incoming connections who are not direct responses to outgoing connections made from my computer (the only exception is if you have a server - which I don't. In that case, you need to explicitly configure the router); as such, harmful connections are never made to my computer EXCEPT, if I have some spyware/virus connecting to the outside! Here enters the software firewall controlling the outgoing connections made from my computer; by default I allow all incoming traffic on this firewall, because I blindly believe that no unknown connections we're made from my computer and, as such, all incoming traffic is trusted.

The only thing lacking here, is what software firewall to choose? An application control firewall, or a packet control one? If I choose the application path, I know what applications are connected; on the other hand, a packet control firewall seems more efficient, because I only need a small set of rules (for example, many apps use HTTP to connect obtain updates and, instead of defining a rule that allows this type of data for every application, I define a simple rule that simply allows outgoing HTTP traffic).

I need your help here. Should I choose an application or packet control firewall? And what are the ondes you recommend for each approach?

At the moment, I'm trying Outpost, and I'me quite satisfied with it, but I want to have a high security environment as well as an efficient one.

Your opinion matters!

Thanks!

 

[VIPER_1069]

im using OUTPOST too and have been for over a month or so now and never had any problems as i monitor ALL outgoing traffic and incomming alterts me as and when

and so far so good nothing bad has got through

 

[big_gie]

I also highly recommend Outpost; I'm using the same configuration as you incognito, except for the sandbox as the computer is for the family and I don't want things to be too complicated

I would recommend a application based firewall for controling outgoin traffic as you can see what is accessing the web. For exemple, if you let the computer communicate via http, then any trojan/virus/spyware can call home via http and you wont notice... Outpost is really nice for this.

 

[incognitu]

Thanks guys!

You've been really helpfull!

I'm sticking with outpost for now, I've been using it for a while now, and it seems good. No crashes or problemas what so ever.

Bye!

 

[dx]

At scarecrow's suggestion, I've been evaluating Look'n'Stop. I must say, I'm very pleased with it so far. Small footprint like Kerio used to have, but still very effective. No hardware conflicts thus far.

Only annoying thing is that it does not recognize the avast.setup as a proper application. It recognizes .exe files just fine, but not .setup... which is admittedly a little unusual. So it keeps asking me if I want to authorize it connecting to the net (to update the program and definitions). Just an extra click in the end... one that I can live with.

Other than that... it's a great alternative to the once great Kerio Personal Firewall (my previous firewall of choice).