SG Broadband Community

I have a question for the high end security masters in here.

This question is simple: What is the BEST Firewall out there ?

And please don't answer ZoneAlarm

Sygate hands down!

Well first answer what you need to protect....and what your budget is.

Because "The Best Firewall"...besides the obvious of simply unplugging your computer....we can get into some pretty high end solutions here. ISA2000 and on up!

I don't really care of the budget as long as it is a software solution

Sygate for a software firewall.

Outpost Firewall by Agnitum

Keep Your Files out of Hacker Hands
With hacker attacks, data theft and privacy violations rampant on the Internet you need a comprehensive solution to safeguard your PC. With Outpost Firewall Pro, you get award-winning firewall software that takes care of your online security needs by:

Hiding your computer identity from hackers;
Stopping hacker attacks automatically;
Blocking private data from being transmitted;
Preventing mass-mailed worm infections; and
Removing ads and pop-ups.

Much, Much More--->
http://www.agnitum.com/
A great forum also--->
http://www.outpostfirewall.com/forum/index.php?s=

[quote="KyRoN"]I have a question for the high end security masters in here.

This question is simple: What is the BEST Firewall out there ?

And please don't answer ZoneAlarm ]
Sorry, but I've used many of the firewalls out there, and IMO Zonealarm is the best. Sorry that's not what you wanted to hear, but it is the best IMO.

KyRoN wrote:I don't really care of the budget as long as it is a software solution

OK, software solution, here ya go! Microsoft ISA2000 Internet Security and Acceleration Server
http://www.microsoft.com/isaserver/

Fully ISCA certified! Can be a handful to learn though. And the 2004 version is out soon. Can't wait to upgrade mine.

Personally I prefer hardware solutions and NAT for basic home setups.

"ISA Server 2000 Enterprise Edition" Is that what u mean, and is it compatible with XP & especially 2003 ?

What do u think of Kerio WinRoute Firewall 6 and Tiny Personal Firewall ?

Oh and, do u have some kind of screenshot for ISA Server, just to see what it looks like

Sygate has a free version available... it works thats what matters! Why argue with free/works??

Again Sygate Hands down!

hayc59 wrote:
Outpost Firewall by Agnitum

Much, Much More--->
http://www.agnitum.com/
A great forum also--->
http://www.outpostfirewall.com/forum/index.php?s=

I downloaded the latest version yesterday and it crashed my system (STOP screen) twice when I logged onto this site. Hence I've uninstalled it and am now looking for a replacement.
Maybe I could mess around with the settings to get it to operate reliably, but who needs the hassle?

Personally I use ZA Pro as a software firewall and have a router for hardware firewall.

I like sygate the best like markII to said outpost is good but you do have to toy with it to get to work right..

Take a look at checkpionts firewall-1, only rival it has is Cisco pix, but the cisco is a mess to configure.

I myself got the Checkpoint Express for the company I work for. I investigated differant firewalls for a long time and ended up with this. I am really happy with my investigation, I love everything about it, and there is nothing that I havent been able to do.

I'd also plump for hardware/software rather than running a firewall on your own machine. I have used both IPCop (http://www.ipcop.org) and smoothwall (http://www.smoothwall.org/) in the past, and to be honest I wouldn't trust any software solution that would run on an insecure OS (woo, a whole new debate ;p).

If money isn't an object you might even find it worthwhile forking out for a little 'puter to install a firewall on, and for either of the above two (or any similar ones) you don't need much to do it... p100 and 64MB RAM is fine unless you want to run a decent sized proxy, for which I'd recommend 128MB or more, and maybe a p2 class system.

there are linux based firewall distro's that will boot from cd/floppy (boot from cd, store config's on a floppy and then write protect it!) for really minimal systems.

you could also build a mini-itx system that boots from flash rom if you fancy something small and quiet.

If you have a small network and are not running many services behind it, don't waste your money on mentally expensive software (or hardware) a half-decent router that does NAT should work fine.

as for zonealarm, can't say I rate it at all (and yes, I know loads of people love it)

Are you trying to shield a single system, or are you playing with lots of client 'puters and a server or two?

There is no single perfect solution for every set of circumstances, so if you want any further feedback you should really say what kind of network you are running at home

Bitdefender fast and save

Kerio 2.1.5

The mans firewall.

ZOneAlarm PRO
and Linksys Router

Well what about the best software only, free firewall? I'm also using kerio 2.1.5. And so far only a few days, its better than the so called paid for Bullguard. I used a free 6 month full trial.

I've got a dead PC in the corner and keep thinking about setting up a little hardware firewall for me self, but just dont get round to it.

How about a robust packet filter CHX-I v 2.8.2 it's free for home use after you register with them but you will have to configure the rules yourself to suit your own setup.

here's a couple of links where you can download it and another site where you will find all the information you need to get started.

http://www.idrci.net/idrci_products.htm

http://members.shaw.ca/BIND-PE_and_ICS/chxi.htm

I'm using the beta version 3 at the moment with a Router and Look n Stop as an application filter, I disabled the firewall in LnS so no conflicts running both together.

The other software firewall I use is 8signs with LnS or I use CHX-I with Kerio v2.1.5 all the information to set it up is at the link above.

If you don't like writing rules you would be better of with one of the mainstream firewalls mentioned earlier.

pclook

I think Kerio is the best firewall.. It's very good.

No one mentioned Black Ice Defender. I like it alot...very low resource use and runs silently in the background. Sygate is pretty good too, though the popup for outbound traffic approvals annoys the hell outta me.

This should answer all your questions---
Outpost Firewall Pro 2.7 (build 484/412) Released

On 31st May 2005, Agnitum released version Outpost 2.7. This includes the much-requested ability to set exceptions for the Hidden Process and Open Process control security features that were added in 2.5.

Following is a list of new features:

• List of exclusions for Hidden Process Control
• List of exclusions for Process Memory Control
• GINA module for tracking user logon/logoff processes
• Automatic rules configuration for servers with multiple IP addresses
• Data transfer using DNS requests
• Automatic smart rule naming

Following is a list of issues that were fixed (only major listed):

• Issue with opening of renamed attachments in TheBat!
• Windows Server 2003 SP1 issue showing up in inability to receive mail using TheBat!
• Processing of fragmented packets (all fragments were processed according to the rules for the first fragment)

Product Info: Outpost Firewall
Download: Outpost Firewall PRO v.2.7
Please also review the Outpost 2.7 - what to expect for upgrade/install recommendations and other known issues.

Zulan wrote:Take a look at checkpionts firewall-1, only rival it has is Cisco pix, but the cisco is a mess to configure.

I myself got the Checkpoint Express for the company I work for. I investigated differant firewalls for a long time and ended up with this. I am really happy with my investigation, I love everything about it, and there is nothing that I havent been able to do.

Only 'real' benefit CheckPoint's FW-1 has over Cisco is the ability to install it on a linux distro giving you a wide range of troubleshooting commands like fwmonitor and tcpdump. Our network uses several versions of Check point going back to the early fw-1 and up to the latest NG with AI. It's more difficult to manage than any pix in a large environment. In all honesty a pix is much easier to configure than cp.

However, NG w/ AI has some really interesting logic capabilities that allow it to do somewhat advanced deep packet inspections. Allowing you to block traffic based on trend while not having to restrict by port or ip address. This is useful for p2p/torrent blocking etc. It is no substitute for a solid IDS system though.

Small pluses:
SmartTracker log gui based log (only logs rules set to log)
SmartMonitor for real time analysis on network traffic

In any case, buy a pos computer and run a live version of Devil Linux. Cheap and secure.

ZA ,the best firewall

feiyunzaitian wrote: ZA ,the best firewall

Its funny but I see all the time ZA is called rubbish and some people here even advocate its removal to amke your Connection faster? I have used the net (I have Cable) with and without ZA fitted, next to nothing difference? Tried Agnitum and didnt like it, too much tinkering.

I still think ZAP is the best, no matter how many people Laugh about it. Check out GRC.com and see HIS recommendations?

fathom0200 wrote:Well what about the best software only, free firewall? I'm also using kerio 2.1.5. And so far only a few days, its better than the so called paid for Bullguard. I used a free 6 month full trial. I've got a dead PC in the corner and keep thinking about setting up a little hardware firewall for me self, but just dont get round to it.

For all of you whom feel that your (free|paid) software firewall is the best, here's a set of 15 firewall leak tests with which to test your firewall.
http://www.firewallleaktester.com/ [You can learn a lot at this site!]
Note: Before taking the test, checkout how some of the supposedly top rated firewalls did in the testing by clicking on the Tests link in the left-hand panel-
Testing results are from Oct 13, 2004, so not necessarily up-to-date, and not all that you would guess are represented, and Look'n'Stop beats Outpost Pro.

When you get done testing post your results here, and post the version of your firewall release.

After you are done with testing your current firewall, checkout the Free for Personal Use Jetico Personal Firewall v1.0.1.59 at:

http://www.jetico.com released on 12 May, 2005

which now appears to pass all of the tests which v1.0.1.21 did not last Oct.

Note: Configuration may require you uninstall your current firewall, and hopefully you are fully cognizant of your trusted software as configuring it, is a bit repetitive, but probably well worth it, if you decide to stay with it.

-- Tom

P.S. I have been using a combination of PC-Cillin Internet Security 2005 AV which comes with its own rule-based firewall and ZoneAlarm Free for some while, ZA to stealth the ports - which is a must for all firewalls - test yours at http://scan.sygate.com to see if all of your ports are blocked.

P.P.S. My AV blocks the download of the Copycat.exe test, so expect that your AV might do the same.

P.P.P.S. I am currently getting ready to run all of the tests I was able to download after I uninstall ZoneAlarm, and test the stealthedness of port blocking at the sygate scanning site with the Jetico firewall.

Here's the results of the ZoneAlarm Free/PC-Cillin rule-based firewall tests I ran:

ZoneAlarm Free v5.5.094 leaktest(15) results w/o AV & Email capabilities, with PC-Cillin Internet Security 2005 AV running:
passed 4 test]http://www.dll-files.com/dllindex/index.shtml[/url]
11) WallBreaker: failed; window IE successful
12) PCAudit2: too complicated to execute
13) Ghost: failed
14) DNStester: passed; caught by firewall
15) Surfer: failed; Surfer test page downloaded

Has anyone tried LightSpeed Systems? The firewall at my school works pretty damned well and I can't remember where the heck it came from, but just search for it and you should find it.

Sygate Personal Firewall

Ashdaw wrote:Its funny but I see all the time ZA is called rubbish and some people here even advocate its removal to amke your Connection faster? I have used the net (I have Cable) with and without ZA fitted, next to nothing difference? Tried Agnitum and didnt like it, too much tinkering.

I still think ZAP is the best, no matter how many people Laugh about it. Check out GRC.com and see HIS recommendations?

Look at grcsucks.com and remember that Leo Laporte says you dont even need a firewall... I guess if you totally trust your operating system. Sorry I dont trust Steves opinion.

Personally I use Kerio 2.15. I know I S people that dont trust any of em...

I think's ISA 2004

ereryone friends ,i from in china
english is not't good
I think your's teach english ,thanks
msn:qzdmail@hotmail.com

All of the software fire walls do a fair job of hiding your ports. Using a hard ware firewall plus your favorite software firewall is the best combo. I'm currently using McAfee. it does a fair job of stopping outbound traffic and the inbound is stoped by the hardware firewall. Not that i sware by McAfee, but it does a good job. I've also used ZoneAlarm and it does a good job, also Nortons. just pick one you like and use a good hardware firewall to cover your ports.

I have tried several firewalls. Everytime I install one I test them using sites like hackers.org. to find out how secure my pc is. The results were always the same with all of them. Port 25 smtp was open. None of them told me how I could secure it.
The only firewall that secured that port was Bitdefender security suite 9.
It is good

Zone Alarm hands down is the absolute best. You cannot compare to it's tech. support or it's security. Unless u unplug your compu.

zmike wrote:Zone Alarm hands down is the absolute best. You cannot compare to it's tech. support or it's security. Unless u unplug your compu.

ZA is horrendous, it slows your pc and connection down tremendously.

Hi Forum,

I am a Security Specialist, I have been using ZoneAlarm for along time. Till
now! At this point I think all software has holes and doors that the creators
can access anytime. Microsoft is a prime example with over 4 million lines of code for XP how many unfound bugs do you think they have? I guess thats why Vista is coming! it should be called Mista or Pista because were all getting Fista from the big MS.

Hope this Helps!
Blastfire

A Perfect Spy? It seems that ZoneAlarm Security Suite has been phoning home, even when told not to. Last fall, InfoWorld Senior Contributing Editor James Borck discovered ZA 6.0 was surreptitiously sending encrypted data back to four different servers, despite disabling all of the suite’s communications options. Zone Labs denied the flaw for nearly two months, then eventually chalked it up to a “bug” in the software -- even though instructions to contact the servers were set out in the program’s XML code. A company spokesmodel says a fix for the flaw will be coming soon and worried users can get around the bug by modifying their Host file settings. However, there’s no truth to the rumor that the NSA used ZoneAlarm to spy on U.S. citizens.

http://www.trimmail.com/news/elsewhere/ ... 076936.86/

I'm trying out Kerio right now, I think I like it the most so far

Kerio firewall is the best hands down, Easy as hell to use and is small and fast. It comes free with Cyberscrub anti-virus another great product. Five years of protection for fifty dollars. Bolth programs have no affect on speed. If you call Cyberscrub or Kerio you may catch the guys at home or eating lunch but they will still help you out with any problems (with no charge i may add), Now that to me is worth its weight in gold.