Tiny Personal Firewall v2 (been using it for a few years as its free and spent hours configuring it in great detail and know it well - dont like the last free version, was a nightmare to use which is why I still have v2)

Sygate Personal Firewall

IPCOP

The last two I have never seen or used but know a few on here use them. So what would you say was the best and why?

[Edited by ************** - 9/20/2003 3:34:56 PM]

Can only comment on ZoneAlarm, i know people slate fire walls for being easy to get round but lets face it you HAVE to have one.

Have found ZoneAlarm is to use and seems to do the job.

Sorry but hate Zonealarm, in my opinion its poor. Thats why I wanted to know about the 3 I mentioned. Like I say I highly rate Tiny Software's product but its a bit dated so wanted to know from those who use Sygate and IPCOP and to find out if they are worth changing to.

[Edited by ************** - 9/20/2003 3:34:38 PM]

So why didn't you phrase your question correctly in the place?

Get off your fat arse and do some research yourself.

Have you read the title you tw@t :rolleyes: it specifically says "out of these" and then I list the three I want others opinions on, not just my own :rolleyes: Learn to read!

Who do you think you are coming on here to give me abuse over a simple question? Go and abuse someone elses thread [img]images/smilies/mad.gif[/img]

I'm running Sygate, simple and easy to setup, seems to do the job very well. I've had no problems with it.

I downloaded it off the Sygate website after hearing and reading some good reviews about it. Give it a shot and see how you get on with it.

Run Smoothwall or IPCOP on a seperate box. An old P90 should be all you need.

Thanks guys.

Am just testing Sygate now and looks very good. Ran the tests from their website on my gateway pc with Tiny Software firewall and it passed all the tests so at least I had got my config right :D

Will use sygate on my xp box and play about with it.

IPCOP looks a little more complicated to say the least. I take it this is actually working as a hardware firewall and takes quite a bit of configuring? I could have done a similar thing using Checkpoint as I went on an acreditation course and also have the software but was put off by having to setup an individual box for it.

Would you say having an individual box between the connection and the network is the way to go then at home instead of a client for every single pc running on internet connection sharing?

Bravo

I know you specifically asked for those threee but had you looked at kerio, it's free and i find it very good doesn't hog system and gives useful info

http://www.kerio.com

Si
Ps feel free to ignore my post ;)

I manage a number of commercial firewalls based around the globe.

There's not much between the different personal firewalls - they all work pretty much the same way and are subject to the same strengths and weaknesses.

I've tried most of the free personal firewalls available and my personal choice for home is Sygate, it's as simple or complex as you need, for a single PC. Out of the box it's very sensible - especially it's active capabilities - ie. autmoatically responding to port scans and any other suspect behaviour by blocking the attacker.

Cheers

Chris

As for running the firewall on a seperate box. This is a bad solution for home or uncontrolled desktop environment.

I like to know what software has access to the internet.

When my firewall informs me that realplayer is still trying to access the internet - even though I uninstalled it, I want to know. With a seperate firewall solution this traffic would slip straight out.

Cheers

Chris

Well done Feathers. Once again another user showing the new intelligence level and attitude of the average joiner of these forums nowadays..........:rolleyes:

A firewall on a seperate, dedicated box with a different operating system to your desktop box is much better IMHO. Assuming your desktop is Windows, what's to stop an OS, IE or Outlook hole allowing a trojan in to circumvent your firewall or even change its settings?

If you wish to monitor inbound/outbound connections, install one of the "personal" firewalls but use an external one as well.

IPCOP/Smoothwall do require a little configuration but better to learn a little about the subject and know why things happen, rather than just having blind faith in a solution.

Another vote for Sygate. In terms of its effectiveness, I doubt it is much different to ZoneAlarm or any other software firewall. However, it has always struck me as a well designed and well written program. It is considerably smaller than ZA and faster. It was very noticable on my old PC, which was one of the main reasons for me changing.

Just putting my IT Security hat on for a moment - as everyone should know, firewalls are only part of the protection you should be using. Obviously anti virus is important, but it is also worth considering some of the other tools that are out there. Steve Gibson's page is a very good place to start.

Cheers
Chris

Thanks very much for the constructive replies :)

Si I will have a look and see what its like.

As for Sygate well I have been having a good look at it and it looks very good. I like the way it gives me a lot more detail of the specific address the application is trying to get to like mac address etc and I can go into as much depth as I want configuring ports like I can with Tinys firewall.

I am going to try the seperate box as well, its time I did put some effort into it at home as Firewalls are my preferred area to get into from doing 1st/2nd and 3rd line support now and I like having my home network as secure as possible. I have already done the Checkpoint course but not used it yet so need to read through the course material again. Will also try IPCOP as I have a number of old pcs sitting around doing nothing.

Will leave Tiny's firewall on my internet gateway pc as it seems to work very well, have done all the Sygate tests and it passed, have tried port and network scanners and it seemed pretty resilient so wont fix/change something that works. Will use Sygate and maybe try Tinys latest version on my other desktops.

Some questions on IPCOP, if I install this on a seperate box do I assume that it actually needs to go through a router or does it support the adsl alcatel modems which unfortunately I am running currently.

Plus how would you seat the firewall box between the lan and the adsl line as the adsl has to come in via either the adsl modem or an adsl router. The modem I can understand as everything goes in and out through a single nic as the modem brings the line in through USB. If its a router then all pcs including the firewall plug into the front of the router with the adsl into the back of the router. How do you make the lan pcs go through the firewall if everything is all plugged directly into the router like a hub? Or do you have two nics on the firewall where the adsl line goes to the router which then conects to the 1st nic on firewall box, then 2nd nic on firewall box to a hub with all lan pcs plugged into?

PS no smart arse comments about just get a router with a built in firewall :p (dont know how to program a router plus want to do it through specific firewall software)

Sorry for such a long post as I know it may be a boring subject to most but I spend ages on this stuff at home as I like trying to stop attacks on my home pcs and try to get as much info on traffic as possible to see who is doing what and then take the appropriate action :D

Thanks for the link Chris, will have a read of that tomorrow as its time to sink a few beers now and get my security hat off :D

Oh and yeah I 2nd the AV thing, I run av on all home pcs as well as personal firewalls.

Perhaps the next thing to look at is putting in Proxies! ;)

Oh and if anyone wants the old version of Tiny Software (v2) then let me know. It is a free product, well was when it was on their website. New versions you now have to pay for but I can't see it being illegal for anyone to still pass on their old versions which were free.

Wiring the firewall, assuming external Ethernet ADSL modem

ADSL modem/router -> Firewall NIC 1
Internal network -> Firewall NIC 2

Add nmap to your security toolkit. Go here



[Edited by class_A - 9/21/2003 1:27:14 AM]

Cheers class_A, that looks a great bit of software. Downloading it now :D

Yep - nmap is very good. You could also get Snort, but it's a bitch to get running correctly under Windows and this is probably getting a little too IT geeky! :)

Hopefully, I should be trying a Netscreen hardware firewall soon too.

Chris

Just don't like it. Also heard it does the job to an extent but has weaknesses (ok poor was over the top and I take it back). Colleague at work found it much better when using NAT with Zonealarm. When reading through Warez sites Tiny was commonly talked about about being the most secure with no holes, Nortons was allegedly the worst. This was a few years ago though so that why I was asking about what more recent products were like.

The sygate one I am very impressed with. I am going to test IPCOP this weekend though and also try FW1 but like the firewall guy at work says, its a bit over the top for home use. Still want to brush up on what I was taught on my course though.

[Edited by ************** - 9/26/2003 8:32:46 PM]

Zonealarm:
1. A Toy
2. Built like lego
3. Easy to hack

Tiny Personal Firewall:
- none of the above but a bugger to set up!

SJ depends what version m8. I'm still on v2 and its sweet as a nut but doesnt work on xp. The version they bought out for xp is a nightmare which is why i run sygate on the xp boxes and tiny on the 2k machines.

Hi

I'm running IPCop. It might appear daunting, but it's a piece of piss to set up!

it supports some USB ADSL modems, such as the Speedtouch 330 USB, and they auto detect.

It acts as the router, gateway and firewall. The ADSL modem is called the "red" interface, and the ethernet is "green".

I would recommend running a software firewall too, as this alerts you when programs are connecting out. I use Zonealarm, as it alerts me when something connects out.

Any ipcop stuff drop me a mail. I'm not at all up there with the firewall gurus on here, but I'm running it successfully.
Cheers,
Nick.

Hi Nick

you may get a reply or two this afternoon! ;)

The thing I got to find out is if the old 486 I am going to use and the 2 old nics will be of any good, especially with drivers for the cards on IPCOP.

Plan is to have adls line -> router -> ipcop box with 2 nics -> to hub with all pcs running off it.

Is this a similar/same setup as you have? How old is the hardware you are using? I have a p200 mmx I could use but was saving that for Checkpoint testing and was hoping to get away with a 486 for IPCOP.

Anything that the linux kernel supports as a network card will be fine. That includes ISA based cards upwards, which is cool. I'm running a realtek 8139 (?) and an ISA based one too...

My setup is based on a P233 with 64MB of ram. It does run fine in 32MB, but will not install in less. It cost me a fiver to take it to 64, so I thought it was worthwhile :D

I'm actually using a USB interface as my internet connection rather than ethernet, if you see what I mean... So it's USB ADSL -> IPCop -> 100mbps switch. I also have another Ethernet interface on the box which I'll be using for a DMZ, but that's beside the point.

Cheers,
Nick.

OK here we go :D

Green nic is for network - what do I set this ip to assuming I am running internal network on the 192.168 range? Just any address that I want to declare as the gateway ip?

Red nic is for connection to adsl router - what address do i set this to? I assume the router is going to hold the live internet address so not sure what to set the nic to :confused:

Should know this but have confused myself thinking about it :rolleyes: - think I need a reboot :D

Well I can't get it working at all. If I take the IPCOP box out the network I go out through the router fine.

If I put the ipcop box back in, I can ping both nics on the ipcop box but can not access/ping the router :confused: Totally doing my head in :rolleyes:

Have no idea why I can not get to the router when can ping both nics.

You could also try...
http://www.nsa.gov/selinux/index.html

or

www.astaro.com

Stand alone firewall is by far a better solution. If you are willing to spend a little money you could always go for a Cisco 500 series PIX Firewall. PIX 501 should be ok.

For home use I run the NSA Linux Firewall. Used to run Firewall 1.

which one has the best/easiest to use trace prog so you can see who are the scum hacking into you?