Best firewall for home out of these...
20 September 2003, 01:03 PM
#1
Guest
Posts: n/a
Tiny Personal Firewall v2 (been using it for a few years as its free and spent hours configuring it in great detail and know it well - dont like the last free version, was a nightmare to use which is why I still have v2)
Sygate Personal Firewall
IPCOP
The last two I have never seen or used but know a few on here use them. So what would you say was the best and why?
[Edited by ************** - 9/20/2003 3:34:56 PM]
Sygate Personal Firewall
IPCOP
The last two I have never seen or used but know a few on here use them. So what would you say was the best and why?
[Edited by ************** - 9/20/2003 3:34:56 PM]
20 September 2003, 02:14 PM
#3
Guest
Posts: n/a
Sorry but hate Zonealarm, in my opinion its poor. Thats why I wanted to know about the 3 I mentioned. Like I say I highly rate Tiny Software's product but its a bit dated so wanted to know from those who use Sygate and IPCOP and to find out if they are worth changing to.
[Edited by ************** - 9/20/2003 3:34:38 PM]
[Edited by ************** - 9/20/2003 3:34:38 PM]
20 September 2003, 04:46 PM
#5
Guest
Posts: n/a
Have you read the title you tw@t 
it specifically says "out of these" and then I list the three I want others opinions on, not just my own Learn to read!
Who do you think you are coming on here to give me abuse over a simple question? Go and abuse someone elses thread [img]images/smilies/mad.gif[/img]
it specifically says "out of these" and then I list the three I want others opinions on, not just my own Learn to read!Who do you think you are coming on here to give me abuse over a simple question? Go and abuse someone elses thread [img]images/smilies/mad.gif[/img]
20 September 2003, 05:49 PM
#6
Scooby Regular
Join Date: May 2001
Location: Oxford
Posts: 137
Likes: 0
Received 0 Likes
on
0 Posts
I'm running Sygate, simple and easy to setup, seems to do the job very well. I've had no problems with it.
I downloaded it off the Sygate website after hearing and reading some good reviews about it. Give it a shot and see how you get on with it.
I downloaded it off the Sygate website after hearing and reading some good reviews about it. Give it a shot and see how you get on with it.
20 September 2003, 05:50 PM
#7
Scooby Regular
Join Date: Apr 2002
Location: elsewhere
Posts: 1,212
Likes: 0
Received 0 Likes
on
0 Posts
Trending Topics
20 September 2003, 05:57 PM
#8
Guest
Posts: n/a
Thanks guys.
Am just testing Sygate now and looks very good. Ran the tests from their website on my gateway pc with Tiny Software firewall and it passed all the tests so at least I had got my config right
Will use sygate on my xp box and play about with it.
IPCOP looks a little more complicated to say the least. I take it this is actually working as a hardware firewall and takes quite a bit of configuring? I could have done a similar thing using Checkpoint as I went on an acreditation course and also have the software but was put off by having to setup an individual box for it.
Would you say having an individual box between the connection and the network is the way to go then at home instead of a client for every single pc running on internet connection sharing?
Am just testing Sygate now and looks very good. Ran the tests from their website on my gateway pc with Tiny Software firewall and it passed all the tests so at least I had got my config right
Will use sygate on my xp box and play about with it.
IPCOP looks a little more complicated to say the least. I take it this is actually working as a hardware firewall and takes quite a bit of configuring? I could have done a similar thing using Checkpoint as I went on an acreditation course and also have the software but was put off by having to setup an individual box for it.
Would you say having an individual box between the connection and the network is the way to go then at home instead of a client for every single pc running on internet connection sharing?
20 September 2003, 06:58 PM
#9
Scooby Regular
Join Date: Apr 2000
Location: www.mrcookie.co.uk
Posts: 5,757
Likes: 0
Received 0 Likes
on
0 Posts
Bravo
I know you specifically asked for those threee but had you looked at kerio, it's free and i find it very good doesn't hog system and gives useful info
http://www.kerio.com
Si
Ps feel free to ignore my post
I know you specifically asked for those threee but had you looked at kerio, it's free and i find it very good doesn't hog system and gives useful info
http://www.kerio.com
Si
Ps feel free to ignore my post
20 September 2003, 07:41 PM
#10
Scooby Regular
Join Date: Apr 2002
Posts: 303
Likes: 0
Received 0 Likes
on
0 Posts
I manage a number of commercial firewalls based around the globe.
There's not much between the different personal firewalls - they all work pretty much the same way and are subject to the same strengths and weaknesses.
I've tried most of the free personal firewalls available and my personal choice for home is Sygate, it's as simple or complex as you need, for a single PC. Out of the box it's very sensible - especially it's active capabilities - ie. autmoatically responding to port scans and any other suspect behaviour by blocking the attacker.
Cheers
Chris
There's not much between the different personal firewalls - they all work pretty much the same way and are subject to the same strengths and weaknesses.
I've tried most of the free personal firewalls available and my personal choice for home is Sygate, it's as simple or complex as you need, for a single PC. Out of the box it's very sensible - especially it's active capabilities - ie. autmoatically responding to port scans and any other suspect behaviour by blocking the attacker.
Cheers
Chris
20 September 2003, 07:48 PM
#11
Scooby Regular
Join Date: Apr 2002
Posts: 303
Likes: 0
Received 0 Likes
on
0 Posts
As for running the firewall on a seperate box. This is a bad solution for home or uncontrolled desktop environment.
I like to know what software has access to the internet.
When my firewall informs me that realplayer is still trying to access the internet - even though I uninstalled it, I want to know. With a seperate firewall solution this traffic would slip straight out.
Cheers
Chris
I like to know what software has access to the internet.
When my firewall informs me that realplayer is still trying to access the internet - even though I uninstalled it, I want to know. With a seperate firewall solution this traffic would slip straight out.
Cheers
Chris
20 September 2003, 08:16 PM
#12
Scooby Regular
iTrader: (7)
Join Date: Jun 2001
Location: Stalking Kate Beckinsale
Posts: 4,265
Likes: 0
Received 0 Likes
on
0 Posts
Well done Feathers. Once again another user showing the new intelligence level and attitude of the average joiner of these forums nowadays..........
20 September 2003, 09:30 PM
#13
Scooby Regular
Join Date: Apr 2002
Location: elsewhere
Posts: 1,212
Likes: 0
Received 0 Likes
on
0 Posts
A firewall on a seperate, dedicated box with a different operating system to your desktop box is much better IMHO. Assuming your desktop is Windows, what's to stop an OS, IE or Outlook hole allowing a trojan in to circumvent your firewall or even change its settings?
If you wish to monitor inbound/outbound connections, install one of the "personal" firewalls but use an external one as well.
IPCOP/Smoothwall do require a little configuration but better to learn a little about the subject and know why things happen, rather than just having blind faith in a solution.
If you wish to monitor inbound/outbound connections, install one of the "personal" firewalls but use an external one as well.
IPCOP/Smoothwall do require a little configuration but better to learn a little about the subject and know why things happen, rather than just having blind faith in a solution.
20 September 2003, 10:08 PM
#14
Scooby Regular
Join Date: May 2000
Location: MY00,MY01,RX-8, Alfa 147 & Focus ST :-)
Posts: 10,371
Likes: 0
Received 0 Likes
on
0 Posts
Another vote for Sygate. In terms of its effectiveness, I doubt it is much different to ZoneAlarm or any other software firewall. However, it has always struck me as a well designed and well written program. It is considerably smaller than ZA and faster. It was very noticable on my old PC, which was one of the main reasons for me changing.
Just putting my IT Security hat on for a moment - as everyone should know, firewalls are only part of the protection you should be using. Obviously anti virus is important, but it is also worth considering some of the other tools that are out there. Steve Gibson's page is a very good place to start.
Cheers
Chris
Just putting my IT Security hat on for a moment - as everyone should know, firewalls are only part of the protection you should be using. Obviously anti virus is important, but it is also worth considering some of the other tools that are out there. Steve Gibson's page is a very good place to start.
Cheers
Chris
20 September 2003, 10:08 PM
#15
Guest
Posts: n/a
Thanks very much for the constructive replies 
Si I will have a look and see what its like.
As for Sygate well I have been having a good look at it and it looks very good. I like the way it gives me a lot more detail of the specific address the application is trying to get to like mac address etc and I can go into as much depth as I want configuring ports like I can with Tinys firewall.
I am going to try the seperate box as well, its time I did put some effort into it at home as Firewalls are my preferred area to get into from doing 1st/2nd and 3rd line support now and I like having my home network as secure as possible. I have already done the Checkpoint course but not used it yet so need to read through the course material again. Will also try IPCOP as I have a number of old pcs sitting around doing nothing.
Will leave Tiny's firewall on my internet gateway pc as it seems to work very well, have done all the Sygate tests and it passed, have tried port and network scanners and it seemed pretty resilient so wont fix/change something that works. Will use Sygate and maybe try Tinys latest version on my other desktops.
Some questions on IPCOP, if I install this on a seperate box do I assume that it actually needs to go through a router or does it support the adsl alcatel modems which unfortunately I am running currently.
Plus how would you seat the firewall box between the lan and the adsl line as the adsl has to come in via either the adsl modem or an adsl router. The modem I can understand as everything goes in and out through a single nic as the modem brings the line in through USB. If its a router then all pcs including the firewall plug into the front of the router with the adsl into the back of the router. How do you make the lan pcs go through the firewall if everything is all plugged directly into the router like a hub? Or do you have two nics on the firewall where the adsl line goes to the router which then conects to the 1st nic on firewall box, then 2nd nic on firewall box to a hub with all lan pcs plugged into?
PS no smart **** comments about just get a router with a built in firewall
(dont know how to program a router plus want to do it through specific firewall software)
Sorry for such a long post as I know it may be a boring subject to most but I spend ages on this stuff at home as I like trying to stop attacks on my home pcs and try to get as much info on traffic as possible to see who is doing what and then take the appropriate action
Si I will have a look and see what its like.
As for Sygate well I have been having a good look at it and it looks very good. I like the way it gives me a lot more detail of the specific address the application is trying to get to like mac address etc and I can go into as much depth as I want configuring ports like I can with Tinys firewall.
I am going to try the seperate box as well, its time I did put some effort into it at home as Firewalls are my preferred area to get into from doing 1st/2nd and 3rd line support now and I like having my home network as secure as possible. I have already done the Checkpoint course but not used it yet so need to read through the course material again. Will also try IPCOP as I have a number of old pcs sitting around doing nothing.
Will leave Tiny's firewall on my internet gateway pc as it seems to work very well, have done all the Sygate tests and it passed, have tried port and network scanners and it seemed pretty resilient so wont fix/change something that works. Will use Sygate and maybe try Tinys latest version on my other desktops.
Some questions on IPCOP, if I install this on a seperate box do I assume that it actually needs to go through a router or does it support the adsl alcatel modems which unfortunately I am running currently.
Plus how would you seat the firewall box between the lan and the adsl line as the adsl has to come in via either the adsl modem or an adsl router. The modem I can understand as everything goes in and out through a single nic as the modem brings the line in through USB. If its a router then all pcs including the firewall plug into the front of the router with the adsl into the back of the router. How do you make the lan pcs go through the firewall if everything is all plugged directly into the router like a hub? Or do you have two nics on the firewall where the adsl line goes to the router which then conects to the 1st nic on firewall box, then 2nd nic on firewall box to a hub with all lan pcs plugged into?
PS no smart **** comments about just get a router with a built in firewall
(dont know how to program a router plus want to do it through specific firewall software)Sorry for such a long post as I know it may be a boring subject to most but I spend ages on this stuff at home as I like trying to stop attacks on my home pcs and try to get as much info on traffic as possible to see who is doing what and then take the appropriate action
20 September 2003, 10:18 PM
#16
Guest
Posts: n/a
Thanks for the link Chris, will have a read of that tomorrow as its time to sink a few beers now and get my security hat off
Oh and yeah I 2nd the AV thing, I run av on all home pcs as well as personal firewalls.
Perhaps the next thing to look at is putting in Proxies!
Oh and if anyone wants the old version of Tiny Software (v2) then let me know. It is a free product, well was when it was on their website. New versions you now have to pay for but I can't see it being illegal for anyone to still pass on their old versions which were free.
Oh and yeah I 2nd the AV thing, I run av on all home pcs as well as personal firewalls.
Perhaps the next thing to look at is putting in Proxies!
Oh and if anyone wants the old version of Tiny Software (v2) then let me know. It is a free product, well was when it was on their website. New versions you now have to pay for but I can't see it being illegal for anyone to still pass on their old versions which were free.
21 September 2003, 01:25 AM
#17
Scooby Regular
Join Date: Apr 2002
Location: elsewhere
Posts: 1,212
Likes: 0
Received 0 Likes
on
0 Posts
Wiring the firewall, assuming external Ethernet ADSL modem
ADSL modem/router -> Firewall NIC 1
Internal network -> Firewall NIC 2
Add nmap to your security toolkit. Go here
[Edited by class_A - 9/21/2003 1:27:14 AM]
ADSL modem/router -> Firewall NIC 1
Internal network -> Firewall NIC 2
Add nmap to your security toolkit. Go here
[Edited by class_A - 9/21/2003 1:27:14 AM]
21 September 2003, 10:56 PM
#19
Scooby Regular
Join Date: May 2000
Location: MY00,MY01,RX-8, Alfa 147 & Focus ST :-)
Posts: 10,371
Likes: 0
Received 0 Likes
on
0 Posts
Yep - nmap is very good. You could also get Snort, but it's a bitch to get running correctly under Windows and this is probably getting a little too IT geeky!
Hopefully, I should be trying a Netscreen hardware firewall soon too.
Chris
Hopefully, I should be trying a Netscreen hardware firewall soon too.
Chris
26 September 2003, 08:31 PM
#20
Guest
Posts: n/a
Just don't like it. Also heard it does the job to an extent but has weaknesses (ok poor was over the top and I take it back). Colleague at work found it much better when using NAT with Zonealarm. When reading through Warez sites Tiny was commonly talked about about being the most secure with no holes, Nortons was allegedly the worst. This was a few years ago though so that why I was asking about what more recent products were like.
The sygate one I am very impressed with. I am going to test IPCOP this weekend though and also try FW1 but like the firewall guy at work says, its a bit over the top for home use. Still want to brush up on what I was taught on my course though.
[Edited by ************** - 9/26/2003 8:32:46 PM]
The sygate one I am very impressed with. I am going to test IPCOP this weekend though and also try FW1 but like the firewall guy at work says, its a bit over the top for home use. Still want to brush up on what I was taught on my course though.
[Edited by ************** - 9/26/2003 8:32:46 PM]
27 September 2003, 01:02 PM
#23
Scooby Regular
Join Date: Jun 2000
Posts: 13,735
Likes: 0
Received 0 Likes
on
0 Posts
Hi
I'm running IPCop. It might appear daunting, but it's a piece of **** to set up!
it supports some USB ADSL modems, such as the Speedtouch 330 USB, and they auto detect.
It acts as the router, gateway and firewall. The ADSL modem is called the "red" interface, and the ethernet is "green".
I would recommend running a software firewall too, as this alerts you when programs are connecting out. I use Zonealarm, as it alerts me when something connects out.
Any ipcop stuff drop me a mail. I'm not at all up there with the firewall gurus on here, but I'm running it successfully.
Cheers,
Nick.
I'm running IPCop. It might appear daunting, but it's a piece of **** to set up!
it supports some USB ADSL modems, such as the Speedtouch 330 USB, and they auto detect.
It acts as the router, gateway and firewall. The ADSL modem is called the "red" interface, and the ethernet is "green".
I would recommend running a software firewall too, as this alerts you when programs are connecting out. I use Zonealarm, as it alerts me when something connects out.
Any ipcop stuff drop me a mail. I'm not at all up there with the firewall gurus on here, but I'm running it successfully.
Cheers,
Nick.
27 September 2003, 01:08 PM
#24
Guest
Posts: n/a
Hi Nick
you may get a reply or two this afternoon!
The thing I got to find out is if the old 486 I am going to use and the 2 old nics will be of any good, especially with drivers for the cards on IPCOP.
Plan is to have adls line -> router -> ipcop box with 2 nics -> to hub with all pcs running off it.
Is this a similar/same setup as you have? How old is the hardware you are using? I have a p200 mmx I could use but was saving that for Checkpoint testing and was hoping to get away with a 486 for IPCOP.
you may get a reply or two this afternoon!
The thing I got to find out is if the old 486 I am going to use and the 2 old nics will be of any good, especially with drivers for the cards on IPCOP.
Plan is to have adls line -> router -> ipcop box with 2 nics -> to hub with all pcs running off it.
Is this a similar/same setup as you have? How old is the hardware you are using? I have a p200 mmx I could use but was saving that for Checkpoint testing and was hoping to get away with a 486 for IPCOP.
27 September 2003, 03:34 PM
#25
Scooby Regular
Join Date: Jun 2000
Posts: 13,735
Likes: 0
Received 0 Likes
on
0 Posts
Anything that the linux kernel supports as a network card will be fine. That includes ISA based cards upwards, which is cool. I'm running a realtek 8139 (?) and an ISA based one too...
My setup is based on a P233 with 64MB of ram. It does run fine in 32MB, but will not install in less. It cost me a fiver to take it to 64, so I thought it was worthwhile
I'm actually using a USB interface as my internet connection rather than ethernet, if you see what I mean... So it's USB ADSL -> IPCop -> 100mbps switch. I also have another Ethernet interface on the box which I'll be using for a DMZ, but that's beside the point.
Cheers,
Nick.
My setup is based on a P233 with 64MB of ram. It does run fine in 32MB, but will not install in less. It cost me a fiver to take it to 64, so I thought it was worthwhile
I'm actually using a USB interface as my internet connection rather than ethernet, if you see what I mean... So it's USB ADSL -> IPCop -> 100mbps switch. I also have another Ethernet interface on the box which I'll be using for a DMZ, but that's beside the point.
Cheers,
Nick.
27 September 2003, 05:07 PM
#26
Guest
Posts: n/a
OK here we go
Green nic is for network - what do I set this ip to assuming I am running internal network on the 192.168 range? Just any address that I want to declare as the gateway ip?
Red nic is for connection to adsl router - what address do i set this to? I assume the router is going to hold the live internet address so not sure what to set the nic to
Should know this but have confused myself thinking about it - think I need a reboot
Green nic is for network - what do I set this ip to assuming I am running internal network on the 192.168 range? Just any address that I want to declare as the gateway ip?
Red nic is for connection to adsl router - what address do i set this to? I assume the router is going to hold the live internet address so not sure what to set the nic to
Should know this but have confused myself thinking about it
- think I need a reboot
28 September 2003, 12:53 AM
#27
Guest
Posts: n/a
Well I can't get it working at all. If I take the IPCOP box out the network I go out through the router fine.
If I put the ipcop box back in, I can ping both nics on the ipcop box but can not access/ping the router Totally doing my head in
Have no idea why I can not get to the router when can ping both nics.
If I put the ipcop box back in, I can ping both nics on the ipcop box but can not access/ping the router
Totally doing my head in Have no idea why I can not get to the router when can ping both nics.
28 September 2003, 12:04 PM
#28
Scooby Regular
Join Date: Dec 2002
Posts: 448
Likes: 0
Received 0 Likes
on
0 Posts
You could also try...
http://www.nsa.gov/selinux/index.html
or
www.astaro.com
Stand alone firewall is by far a better solution. If you are willing to spend a little money you could always go for a Cisco 500 series PIX Firewall. PIX 501 should be ok.
For home use I run the NSA Linux Firewall. Used to run Firewall 1.
http://www.nsa.gov/selinux/index.html
or
www.astaro.com
Stand alone firewall is by far a better solution. If you are willing to spend a little money you could always go for a Cisco 500 series PIX Firewall. PIX 501 should be ok.
For home use I run the NSA Linux Firewall. Used to run Firewall 1.
Thread
Thread Starter
Forum
Replies
Last Post