Firewall for Home Network

[Dave]

I'm making the jump from dial-up to ADSL broadband and wondering if I
need to change my security programs. Right now I have one desktop
running AVG Free,Kerio 2.1.5 and the free Ad-Aware+Spy-Bot for malware.
New setup will be one desktop and one laptop(wireless connection).
The ISP is providing a Westell modem +router unit.(NAT)
My question..stick with AVG and Kerio?? or something else for the home
network.

Dave

 

[David]

I'm making the jump from dial-up to ADSL broadband and wondering if I
need to change my security programs. Right now I have one desktop
running AVG Free,Kerio 2.1.5 and the free Ad-Aware+Spy-Bot for malware.
New setup will be one desktop and one laptop(wireless connection).
The ISP is providing a Westell modem +router unit.(NAT)
My question..stick with AVG and Kerio?? or something else for the home
network.

Dave

Stick with what you've got. I'm on ADSL and I use AVG plus an early
version of ZoneAlarm, the latest version is too bloated, simply to
handle outgoing attempts. I have an inbound firewall in the ADSL modem
and a further firewall in a Smoothwall box.

Make sure that your Wireless system is not open to the world by using
encryption or you may find someone freeloading on it. Personally I
will not use wireless as I do not consider it to be secure.

 

[John]

Stick with what you've got. I'm on ADSL and I use AVG plus an early
version of ZoneAlarm, the latest version is too bloated, simply to
handle outgoing attempts. I have an inbound firewall in the ADSL modem
and a further firewall in a Smoothwall box.

Make sure that your Wireless system is not open to the world by using
encryption or you may find someone freeloading on it. Personally I
will not use wireless as I do not consider it to be secure.

Any ideas as to where to download the earlier version of Zone Alarm please.

Thanks in advance,
John.

 

[Dave]

Any ideas as to where to download the earlier version of Zone Alarm please.

Thanks in advance,
John.

All the older versions are at http://www.oldversion.com/
but I thought I heard somewhere that the free zonealarm progs didn't do
network traffic?

Dave

 

[John]

All the older versions are at http://www.oldversion.com/
but I thought I heard somewhere that the free zonealarm progs didn't do
network traffic?

Dave

Thanks for the link Dave, but which version would you suggest please?

Regards,
John.

 

[jmatt]

Here are some tips for Kerio.
Disallow all ICMP, IGMP, UDL, then write specific allow rules for your
trusted sites.
There is one rule, that needs to be at the very bottom of any Kerio
ruleset.
Block All - protocols, all ports, all everything. That catches anything
that gets by the other rules. Always set that to Alert status, so you
know if anything triggers that rule.

Or, another good firewall.

SensiveGuard
http://www.snapfiles.com/get/SensiveGuard.html
http://www.sensiveguard.com/download.html
SensiveGuard combines an application firewall and real-time file-guard
into a network security tool, that allows you to control which programs
are accessing the Internet, and/or delete files on your computer.
Whenever network activity occurs that is not allowed by any existing
rule, the program prompts you for approval before allowing the
activity. It offers inbound and outbound network filtering via
TCP,UDP/IP, as well as customizable options to protect files from being
written, deleted, or copied. The program can distinguish between user
initiated action (from the keyboard) or other actions, that could be
triggered by malicious applications. Additional features include
digital fingerprinting of programs, self protection, detailed logging
and more.

 

[David]

Any ideas as to where to download the earlier version of Zone Alarm please.

Thanks in advance,
John.

I had it on some early magazine disks. I'd be very cautious about
downloading it from somewher on the web at the moment. I'm not sure if
early versions are permitted to be shared.

 

[David]

All the older versions are at http://www.oldversion.com/
but I thought I heard somewhere that the free zonealarm progs didn't do
network traffic?

Dave

They will handle network traffic but, like many free firewalls, object
if M$ Internet Connection Sharing is enabled. I get around this
limitation by using a SmoothWall box as my gateway so that ICS is not
activated or needed.

 

[David]

Thanks for the link Dave, but which version would you suggest please?

Regards,
John.

I'm using V2.6 But most of the versions up to Version 5 were
reasonable. It's only the latest version which has become such a
bloated behemoth.

The trick for networks is to get your zones working correctly.

 

[David]

Here are some tips for Kerio.
Disallow all ICMP, IGMP, UDL, then write specific allow rules for your
trusted sites.
There is one rule, that needs to be at the very bottom of any Kerio
ruleset.
Block All - protocols, all ports, all everything. That catches anything
that gets by the other rules. Always set that to Alert status, so you
know if anything triggers that rule.

Or, another good firewall.

SensiveGuard
http://www.snapfiles.com/get/SensiveGuard.html
http://www.sensiveguard.com/download.html
SensiveGuard combines an application firewall and real-time file-guard
into a network security tool, that allows you to control which programs
are accessing the Internet, and/or delete files on your computer.
Whenever network activity occurs that is not allowed by any existing
rule, the program prompts you for approval before allowing the
activity. It offers inbound and outbound network filtering via
TCP,UDP/IP, as well as customizable options to protect files from being
written, deleted, or copied. The program can distinguish between user
initiated action (from the keyboard) or other actions, that could be
triggered by malicious applications. Additional features include
digital fingerprinting of programs, self protection, detailed logging
and more.

2000/XP only. Win9x don't bother.

 

[Mark Warner]

John typed

I had it on some early magazine disks. I'd be very cautious about
downloading it from somewher on the web at the moment. I'm not sure if
early versions are permitted to be shared.

Version 4.5.594 (my preference) is still available directly from Zone
Labs:

http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html

I also have the installer for v3.7.211 if anyone is interested.

 

[Franklin]

Stick with what you've got. I'm on ADSL and I use AVG plus an
early version of ZoneAlarm, the latest version is too bloated,
simply to handle outgoing attempts. I have an inbound firewall
in the ADSL modem and a further firewall in a Smoothwall box.

Make sure that your Wireless system is not open to the world by
using encryption or you may find someone freeloading on it.
Personally I will not use wireless as I do not consider it to be
secure.

I guess you are referring to something like ZA 2.6 or maybe even
ZA 3.

But don't later versions of ZA plug holes found in these earlier
version?

 

[Dave]

They will handle network traffic but, like many free firewalls, object
if M$ Internet Connection Sharing is enabled. I get around this
limitation by using a SmoothWall box as my gateway so that ICS is not
activated or needed.

Thanks for all the suggestions folks.I might try Sensive or an older
Zonealarm for the heck of it even though I like Kerio.Hey,that's what
imaging software is for,can change your mind easy and revert back.Thx again

Dave

 

[Dave]

2000/XP only. Win9x don't bother.

I got a ruleset for Kerio 2.1.5 to use as a starting point here
http://www.dslreports.com/forum/remark,8023708~mode=flat
and yes Block All is at the bottom.

Dave

 

[Peter Seiler]

John - 25.02.2006 09:32 :

Dave wrote:

Thanks for the link Dave, but which version would you suggest please?

John, would'nt it be enough quoting only the certain paragraph (see
above) you are answering instead of fullquoting again?

 

[John]

John - 25.02.2006 09:32 :




John, would'nt it be enough quoting only the certain paragraph (see
above) you are answering instead of fullquoting again?

I agree Peter and I'll try and remember that in future, thanks.

Regards,
John.

 

[David]

I guess you are referring to something like ZA 2.6 or maybe even
ZA 3.

2.6 actually.

But don't later versions of ZA plug holes found in these earlier
version?

While I believe that may be true to some extent most of the
alterations are to the user interface and to advertising their -Pro
version. The latest version V6.x.x even seems to include a video
pushing the Pro version. That is what I object to. The bloat saw the
program size rise from 2.5MB for version 2.6 to just over 10MB for
version 6. This is _not_ just plugging holes.

I did suggest that any version up to about 5.5 would be OK but that I
cannot recommend any version 6 or later. Version 6 slowed my system
down dramatically, wasted resources and did not seem to add any
additional benefits beyond a fancier user interface and other bloat,
such as e-mail attachment blocking without giving _me_ the option to
deal with it myself. Often I get attachments from friends in the form
of .pps, .jpg and even text files.

Why should a _firewall_ make the decision that these are bad and
should be totally banned? In my opinion that should be the job of a
Virus Checker when the file is saved to disk. I never open attachments
directly even if I do know the sender.

 

[Kerodo]

While I believe that may be true to some extent most of the
alterations are to the user interface and to advertising their -Pro
version. The latest version V6.x.x even seems to include a video
pushing the Pro version. That is what I object to. The bloat saw the
program size rise from 2.5MB for version 2.6 to just over 10MB for
version 6. This is _not_ just plugging holes.

Actually, I think the Pro version comes bundled up in the Free install,
so that if you want to, you can select the Pro version during the
installation, hence the apparently huge install file size for the Free
version.

I did suggest that any version up to about 5.5 would be OK but that I
cannot recommend any version 6 or later. Version 6 slowed my system
down dramatically, wasted resources and did not seem to add any
additional benefits beyond a fancier user interface and other bloat,
such as e-mail attachment blocking without giving _me_ the option to
deal with it myself. Often I get attachments from friends in the form
of .pps, .jpg and even text files.

Why should a _firewall_ make the decision that these are bad and
should be totally banned? In my opinion that should be the job of a
Virus Checker when the file is saved to disk. I never open attachments
directly even if I do know the sender.

I believe you should be able to turn off that ZA Mail Safe nonsense in
the GUI somewhere. At least that's what I remember.

In general though, I would have to agree that the newer versions are
mostly just more bloat. One example is that nonsensical AV Monitoring
crapola. Who in the world needs that in a firewall? That doesn't
belong there. It's also my opinion that nothing major has been fixed or
changed since the older 4.0 versions, so anything above 4.0 should be
fine. I've even used 2.6.362 for a long period without problems. Some
people say there have been important security fixes since then, but to
be honest I don't see many when I look at the revision history on their
site. My personal favorite of them all is ZA Plus 4.0.