LinkBack URL
About LinkBacksIs becoming like ZoneAlarm, if you have 2.x - keep it. Do not upgrade.
Is becoming like ZoneAlarm, if you have 2.x - keep it. Do not upgrade.
Software firewalls aren't up to much anyway.
A nice NAT router is much better protection, but still, they're better than nothing.
Just out of interest, what's wrong with Zone Alarm? I used to use it - it's certainly better than Norton Internet Security.
PHP Code:$s = new signature();
$s->sarcasm()->intellect()->font('Courier New')->display();
Sorry for the delay.
Zone alarm does not give you the control and simplicity that kerio 2.15 does.
Kerio lets you see evert little thing going in and out of your system and allows you to configure specifically every aspect of network security, and I would choose it over a hardware firewall due to price, ease of use and how well it can protect.
However! the new version(s) of kerio have lost eveything that made it the best.
So I'll stay with the old, and I'd advise anyone else too as well.
I'm not 100% sure I agree with you here. A NAT router does not give you the application level control that a good software firewall offers.Originally posted by unts
Software firewalls aren't up to much anyway.
A nice NAT router is much better protection, but still, they're better than nothing.
Just out of interest, what's wrong with Zone Alarm? I used to use it - it's certainly better than Norton Internet Security.
Especially when you are trying to manage more than one PC - personally I go for the belt an braces approach, not only are all my boxes behind NAT, they all have a copy of outpost firewall installed - its the best one If found, simply because I can define a default configuration on my own PC, then roll the config out to users , in a locked down version that they cant modify , thus preventing any unauthorised applications accessing the network.
my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net
I can see the advantage in rolling it out, never knew that, great idea. However - it don't protect your admin share c$ on a domain.Originally posted by Moby-Dick
I'm not 100% sure I agree with you here. A NAT router does not give you the application level control that a good software firewall offers.
Especially when you are trying to manage more than one PC - personally I go for the belt an braces approach, not only are all my boxes behind NAT, they all have a copy of outpost firewall installed - its the best one If found, simply because I can define a default configuration on my own PC, then roll the config out to users , in a locked down version that they cant modify , thus preventing any unauthorised applications accessing the network.
I know you can argue only admins have access to c$, but if someone was to crack a password they could remotley access any client logged onto the domain.
I have not used it "that" much so I don't much much about it, but if you get a chance, try an early version of kerio, ill send you a copy... - For protecting servers etc.
they'd have to get into the network first
access into the network is by VPN only - I have strong 8 character passwords enforced with a 60 day expiry.
What does kerio do to protect default shares ? I'm genuinly intresed as outpost is still in thew trial stage. I'm looking for a good software firewall to roll out to remote users ( who may not be behind NAT devices in the field ) that i can lock down so they can't fiddle with it, and most importantly is invisible - the last thign I want is any extra icons or popups telling how bloody effective it is
Outpost runs as an XP services, so once its setup , you remove the config tool and leave it to its job
my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net
Kerio runs as a service as well, and you can also run it silent.Originally posted by Moby-Dick
they'd have to get into the network first
access into the network is by VPN only - I have strong 8 character passwords enforced with a 60 day expiry.
What does kerio do to protect default shares ? I'm genuinly intresed as outpost is still in thew trial stage. I'm looking for a good software firewall to roll out to remote users ( who may not be behind NAT devices in the field ) that i can lock down so they can't fiddle with it, and most importantly is invisible - the last thign I want is any extra icons or popups telling how bloody effective it is
Outpost runs as an XP services, so once its setup , you remove the config tool and leave it to its job
It has a TAB in there, where you can simply turn off the ability for people to access your shared folders, or if you want them too, you can setup "Trusted addresses"
I'll tell you what, PM your e-mail address and ill send you a copy over to have a mess with. I was in ther same boat as you, going through all the firewall programs looking for the best and I found Pre Version 4 Kerio to be, THE BEST. - If you want any help on it, drop me a PM.
Pm sent
my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net
While I appreciate the benefits of application level control, the problem with software firewalls is that they can be bypassed quite easily. Look at the malware that can grant itself net access using Zone Alarm, lol. Now, a less mainstream firewall application probably won't be affected by this, but still, they use resources on the PC in question.
Of course, if you know what you're doing, a nice firewall with port blocking (outgoing as well as ingoing) and some packet sniffing rules can sort you out good. Plus, companies like cisco are developing devices such as application aware routers - should be good.
Still, like I said earlier - a SW FW is better than nothing.
PHP Code:$s = new signature();
$s->sarcasm()->intellect()->font('Courier New')->display();
[quote]While I appreciate the benefits of application level control, the problem with software firewalls is that they can be bypassed quite easily. Look at the malware that can grant itself net access using Zone Alarm, lol. Now, a less mainstream firewall application probably won't be affected by this, but still, they use resources on the PC in question.[quote]
Thats why I dont like zone alarm :-) Would the malware be able to bypass the locked down password you would need to enter , or would it actually modify the service ?
hmmm application aware router....I so want one
Then again there are some extreemly powerfull software firewalls, such as Checkpoint ( which will run on NT if needed )
cost wise its close to buying a dedicated box like a watchguard though.
my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net
Hi to all. We are currently looking for a software firewall that is deployable to machines outside of the domain environment - we have a tool that can deploy and execute programs or scripts, but we would need the following three key features:
*Silent Install - no popups in order to automate the install
*Deployable rules file, i.e. no setting up each PC individually, both on install and on updates
*Silent Operation locally - i.e. no popups when it catches something
What would be really nice would be a program that can either write to a remote syslog, or launch a command line for every event.
If anybody knows of such a program, I would appreciate hearing from you.
Thanks,
Peej.
Agnitium Outpost Pro would satisfy the last 2 of those requirements , not sure about the first 1 though.
my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net
Moby, can you provide screenies of the user interface for outpost.
I currently have Sygate Pro for my firewall but am looking at moving due to them getting baught out by symantic......
Are there any added features that outpost has that sygate does not have or is there anything that outpost does better then sygate.
http://www.agnitum.com/products/ should have all the info you need.
I've not used sygate before ( and I suspect they've updated outpost too
my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net
Been happy with sygate since i got it, just that there has been no majour work on it since v5 came out so the interface is looking dated.
I've seen a sw firewall in action that displayed what ports each service/program was using, wat the proc id was, the local and remote ports and so on, it also went on to list what default services where linked into the svchost.exe process which is handy to find out who some of them get bloated some times
Look n Stop is one of the best firewalls i've ever used. The application control is superb and it uses very little system resources(never gets higher than 8mb on my system) and i can configure it to my exact needs.Originally Posted by Steve
Look n Stop and a decent router is my personal preference.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote