Firewall to use with NOD32?

[newswatcher]

Hello folks,

What would be the best low-resource but comprehensive FW to use with
NOD32? I believe NOD's site recommends Outpost. I know different
people have their prefs, but I've been looking at "Look 'n Stop" or
"Outpost" or some other. Thanks for your input!

 

[Ernie B.]

Hello folks,

What would be the best low-resource but comprehensive FW to use with
NOD32? I believe NOD's site recommends Outpost. I know different
people have their prefs, but I've been looking at "Look 'n Stop" or
"Outpost" or some other. Thanks for your input!

I like ZoneAlarm free, <http://tinyurl.com/kzq>. It uses 2,760K memory and
zero CPU cycles in the monitoring mode.

 

[Duane Arnold]

Hello folks,

What would be the best low-resource but comprehensive FW to use with
NOD32? I believe NOD's site recommends Outpost. I know different
people have their prefs, but I've been looking at "Look 'n Stop" or
"Outpost" or some other. Thanks for your input!

A packet filtering FW router that can stop outbound. The router doesn't
use any resources, since it's a standalone device that doesn't run with
the O/S. A host based packet filter such as Outpost or others are not
FW(s) as they don't separate two networks. The network it's protecting
from usually that Internet and the network it's protecting the LAN.

Duane

 

[optikl]

Hello folks,

What would be the best low-resource but comprehensive FW to use with
NOD32? I believe NOD's site recommends Outpost. I know different
people have their prefs, but I've been looking at "Look 'n Stop" or
"Outpost" or some other. Thanks for your input!

Outpost has become bloated, multi-module product. Are you using a laptop
or desktop? What operating system?

 

[newswatcher]

Outpost has become bloated, multi-module product. Are you using a laptop
or desktop? What operating system?

Desktop, XP Home, SP2. I'm trying to get away from bloated...

 

[David H. Lipman]

From: "newswatcher" <[email protected]>


|
| Desktop, XP Home, SP2. I'm trying to get away from bloated...

Then follow Duane's suggestion of a FireWall appliance. The only drawbacks; the extra
power consumed by the device and the extra hop inserted into the routing path.

 

[newswatcher]

So specifically what would be a "packet filtering FW router" app?
I'm just investigating so I don't know all the terms.

Thanks! Duane

 

[newswatcher]

I might mention I'm not on broadband, dialup (yes, I know,
archaic...)...

 

[optikl]

So specifically what would be a "packet filtering FW router" app?
I'm just investigating so I don't know all the terms.

For example, I have a Check Point 500W UTM. It sits between my modem and
my computers. It's highly configurable and protects my systems from
unauthorized intrusions.

 

[Duane Arnold]

So specifically what would be a "packet filtering FW router" app?
I'm just investigating so I don't know all the terms.

It's a NAT router in your case. You should get one that's ICSA certified
that has a syslog that you can use something like Wallwatcher (free) or
Kwiw Syslog Daemon (free) so you can watch traffic. It should be able to
stop outbound traffic from a machine by setting packet filtering rules
for inbound or outbound traffic, if you find a dubious remote IP being
contacted you can stop the traffic to the remote Internet/IP.

http://www.homenethelp.com/web/explain/about-NAT.asp

Netgear makes a ICSA certified packet filtering FW router, which you can
get for under $100 or less than that with rebate.

If you want to know more about FW(s) host based or appliances -- not
personal FW(s) or personal packet filters, then here you go.

http://www.firewall-software.com/firewall_faqs/what_is_a_firewall.html
http://www.more.net/technical/netserv/tcpip/firewalls/

Duane

 

[Duane Arnold]

I might mention I'm not on broadband, dialup (yes, I know,
archaic...)...

Dial-up NAT routers are rare. In your case, someone will have to
recommend a PFW/machine level packet filter solution to you. I am forced
to use one on this XP laptop while on the road as I am using on dial-up
right now. But I cannot recommend a PFW/machine level packet filter
solution to you -- none.

Sorry!

Duane

 

[newswatcher]

Dial-up NAT routers are rare. In your case, someone will have to
recommend a PFW/machine level packet filter solution to you. I am forced
to use one on this XP laptop while on the road as I am using on dial-up
right now. But I cannot recommend a PFW/machine level packet filter
solution to you -- none.

So ALL the FW apps out there are useless? Outpost, Kerio, ZoneAlarm,
i.e. ALL app based machine-based programs are defenseless and cannot
be used by PC users.

I am confused, sorry...

 

[kurt wismer]

So ALL the FW apps out there are useless? Outpost, Kerio, ZoneAlarm,
i.e. ALL app based machine-based programs are defenseless and cannot
be used by PC users.

I am confused, sorry...

let's set the record straight - duane pretty much refuses to call
anything a firewall unless it's an external hardware appliance (and
sometimes even then he's resistant)... those programs you reference are
not what he's talking about when he refers to routers (which are
hardware appliances) but rather they're what he's talking about when he
refers to PFW...

he can't recommend a (P)ersonal (F)ire(W)all to you because he isn't
familiar enough with them...

personally, i like kerio, although with your lack familiarity with the
subject you may wish to use zonealarm (it's often referred to as the AOL
of personal firewalls)... i don't think there's anything wrong with
starting with an easier program and working your way up if/when you need
something more...

 

[newswatcher]

Thanks for your advice, kurt. Appreciate it. I'm just a single PC
person, no network, and wanting a PFW.

 

[badgolferman]

Hello folks,

What would be the best low-resource but comprehensive FW to use with
NOD32? I believe NOD's site recommends Outpost. I know different
people have their prefs, but I've been looking at "Look 'n Stop" or
"Outpost" or some other. Thanks for your input!

You might get a better answer at comp.security.firewalls

 

[Art]

So ALL the FW apps out there are useless? Outpost, Kerio, ZoneAlarm,
i.e. ALL app based machine-based programs are defenseless and cannot
be used by PC users.

For your purpose, I suggest the free version of Sygate:

http://www.simtel.net/product.download.mirrors.php?id=53687

You should not find anything confusing or complicated about using it
in your situation. You will have no rules to set. It's a simple matter
to check "Allow" when your legit internet apps are invoked, and that's
it. Sygate has a terrific traffic log, which you might find
educational as well as useful.

Art
http://home.epix.net/~artnpeg

 

[Duane Arnold]

Thanks for your advice, kurt. Appreciate it. I'm just a single PC
person, no network, and wanting a PFW.

Well lets do set the record straight. I know a great deal about PFW's or
machine level packet filters running on the MS platform, as I have tried
them all at one point or another as they can easily be circumvented and
defeated, because it runs with the O/S. And because most users of the MS
O/S cannot even secure the NT based O/S, then that makes PFW(s) suspect
as they run with them too.

It's just that I don't recommend PFW(s) to anyone as I don't consider
them FW(s). I do consider them for the most part as software running a
lot of junk trying to protect you from *you*.

They can and do get taken out by malware. I saw that just the other day
in 24hours as malware hit the machine and took out the little PFW and
the AV and any online AV the OP tried to run, which I helped the poster
recover and save his machine as he was on the path to wiping out the NT
based machine.

I do recommend a host based network FW solution that uses two Network
Interface Cards one that faces the Internet connected to the modem and
one that's facing the LAN, with the O/S being secured.

Yes, my first choice would be to use a router as they are stand alone
devices and some routers. However, some routers are not FW solutions and
anyone with any FW expertise will tell you that it's plain and simple.
And if you can afford to get one, then I would recommend a FW appliance.

Neither one on the solutions run with the O/S and therefore, they cannot
be taken out like a PFW that runs with the O/S, which most home users
don't even know how to secure the NT based O/S.

What I will recommend for you to do with a machine that's running a PFW
and has a direct connection to the Internet is secure the NT based O/S
as much as possible, like removing MS File and Print Sharing off the
dialup interface and other such things on the NT based O/S and secure
the O/S.

http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm

What I will recommend that you do is supplement the PFW solution on the
machine with IPSec that can be used to supplement and protect the
machine in case the PFW solution is taken out. However, the XP Home
edition doesn't have the GUI like XP Pro or Win 2K but you can control
IPsec from the command line on XP Home.

I like IPsec very much and use it to supplement the PFW on this laptop I
am using on the dial-up connection right now.

http://www.petri.co.il/block_ping_traffic_with_ipsec.htm
http://www.analogx.com/contents/articles/ipsec.htm
http://support.microsoft.com/kb/813878

I just love it when someone will try to make some kind of comment on
others as to what they think someone knows or doesn't know, which only
happens in lunatic and troll heaven 24hours and this NG that *clowns*
usually out of Europe run around trying to make comments about others,
when they don't know. ;-)

Duane

 

[Duane Arnold]

let's set the record straight - duane pretty much refuses to call
anything a firewall unless it's an external hardware appliance (and
sometimes even then he's resistant)... those programs you reference are
not what he's talking about when he refers to routers (which are
hardware appliances) but rather they're what he's talking about when he
refers to PFW...

he can't recommend a (P)ersonal (F)ire(W)all to you because he isn't
familiar enough with them...

I had some respect for you but you have blown up the bridge again and
now you are trash again.

Duane

 

[edgewalker]

So ALL the FW apps out there are useless?

Not useless, but they aren't really firewalls because they don't sit
"between" two networks thus compartmentalizing them. They have
the feature set of some firewalls (sans firewalling) which can still be
useful to you for controlling traffic such as control of what applications
you want to allow to access the internet.

Outpost, Kerio, ZoneAlarm,
i.e. ALL app based machine-based programs are defenseless and cannot
be used by PC users.

The PFW can't see traffic that isn't already on the machine and thus cannot hope
to prevent that traffic from reaching the machine. It's like having an armed guard
to prevent intruders from entering your home - stationed in the upstairs bathroom.

I am confused, sorry...

You think you're confused now, wait until the PFW you end up with
starts alerting you to the presence of internet noise attacks. )

 

[newswatcher]

Thanks, Duane. I do appreciate your time, advice, and links.
Best....

Thanks for your advice, kurt. Appreciate it. I'm just a single PC
person, no network, and wanting a PFW.

Well lets do set the record straight. I know a great deal about PFW's or
machine level packet filters running on the MS platform, as I have tried
them all at one point or another as they can easily be circumvented and
defeated, because it runs with the O/S. And because most users of the MS
O/S cannot even secure the NT based O/S, then that makes PFW(s) suspect
as they run with them too.

It's just that I don't recommend PFW(s) to anyone as I don't consider
them FW(s). I do consider them for the most part as software running a
lot of junk trying to protect you from *you*.

They can and do get taken out by malware. I saw that just the other day
in 24hours as malware hit the machine and took out the little PFW and
the AV and any online AV the OP tried to run, which I helped the poster
recover and save his machine as he was on the path to wiping out the NT
based machine.

I do recommend a host based network FW solution that uses two Network
Interface Cards one that faces the Internet connected to the modem and
one that's facing the LAN, with the O/S being secured.

Yes, my first choice would be to use a router as they are stand alone
devices and some routers. However, some routers are not FW solutions and
anyone with any FW expertise will tell you that it's plain and simple.
And if you can afford to get one, then I would recommend a FW appliance.

Neither one on the solutions run with the O/S and therefore, they cannot
be taken out like a PFW that runs with the O/S, which most home users
don't even know how to secure the NT based O/S.

What I will recommend for you to do with a machine that's running a PFW
and has a direct connection to the Internet is secure the NT based O/S
as much as possible, like removing MS File and Print Sharing off the
dialup interface and other such things on the NT based O/S and secure
the O/S.

http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm

What I will recommend that you do is supplement the PFW solution on the
machine with IPSec that can be used to supplement and protect the
machine in case the PFW solution is taken out. However, the XP Home
edition doesn't have the GUI like XP Pro or Win 2K but you can control
IPsec from the command line on XP Home.

I like IPsec very much and use it to supplement the PFW on this laptop I
am using on the dial-up connection right now.

http://www.petri.co.il/block_ping_traffic_with_ipsec.htm
http://www.analogx.com/contents/articles/ipsec.htm
http://support.microsoft.com/kb/813878

I just love it when someone will try to make some kind of comment on
others as to what they think someone knows or doesn't know, which only
happens in lunatic and troll heaven 24hours and this NG that *clowns*
usually out of Europe run around trying to make comments about others,
when they don't know. ;-)

Duane