Post #138,746
1/30/04 2:23:38 AM
|
Personal firewall recommendations?
I have a wireless connection that I cannot disable. If I press the Disable button it freezes the system to a crawl and leads to an eventual reboot. Tech support ignores me.
Anyhow, since it is often on for long periods of time, I need to keep better tabs on what is talking to my machine. Thus, can anybody recommend some kind of personal fire-wall and/or IP monitoring software for WinXP?
Thanx
________________ oop.ismad.com
|
Post #138,750
1/30/04 2:37:00 AM
|
SuSE Linux Pro
It has a personal firewall that a complete idiot can set up. I assume you are not a complete idiot :)
What you get is a real firewall with an open internal network, which is probably what you want at home.
It's literally a matter of picking choices in YaST and saying "Accept".
Any cheap box can do as the firewall machine. Just make sure you do the setup with no X server. The text YaST interface is text based and runs in a console.
The firewall machine needs two standard NICs, 64M of RAM or more, and a cheap disk.
-drl
|
Post #138,777
1/30/04 6:53:51 AM
|
My reconmendations
For commercial firewalls:
Black Ice: [link|http://www.networkice.com/|http://www.networkice.com/]
Norton Personal Firewall: [link|http://www.symantec.com/sabu/nis/npf/|http://www.symantec.com/sabu/nis/npf/]
Winroute Pro: [link|http://www.kerio.com/wrp_home.html|http://www.kerio.com/wrp_home.html]
Outpost 2.0 Firewall: [link|http://www.agnitum.com/products/outpost/|http://www.agnitum.com/products/outpost/]
Sygate Personal Firewall Pro: [link|http://soho.sygate.com/products/spf_pro.htm|http://soho.sygate.c...ducts/spf_pro.htm]
For Free Firewalls:
Outpost 1.0: [link|http://www.agnitum.com/download/outpost1.html|http://www.agnitum.c...oad/outpost1.html]
Kerio Personal Firewall: [link|http://www.kerio.com/us/kpf_home.html|http://www.kerio.com/us/kpf_home.html]
Sygate Personal Firewall: [link|http://soho.sygate.com/products/spf_standard.htm|http://soho.sygate.c.../spf_standard.htm]
I reconmend and use Outpost 1.0, I do not reconmend Zonealarm.
Also if you have a used system, like a 486 and up, install Linux on it and get Smoothwall and use it as a router: [link|http://www.smoothwall.org/|http://www.smoothwall.org/]
Good luck.
"Lady I only speak two languages, English and Bad English!" - Corbin Dallas "The Fifth Element"
|
Post #138,779
1/30/04 7:29:09 AM
1/30/04 11:07:48 AM
|
All shite, with the exception of smoothwall.
All crap, because they run on Windows. Windows firewalls are inherently shit. Sorry. Smoothwall is great, but you wouldn't know that. It's a Linux product, and by your own admission, you can't install Linux.
Don't just Google for "firewall" and paste the first n links you find that aren't to Russian porn sites or Checkpoint.
Peter [link|http://www.debian.org|Shill For Hire] [link|http://www.kuro5hin.org|There is no K5 Cabal] [link|http://guildenstern.dyndns.org|Home Page - Now with added Zing!]
Edited by pwhysall
Jan. 30, 2004, 11:07:48 AM EST
|
Post #138,820
1/30/04 11:16:14 AM
|
Also IPcop
[link|http://www.ipcop.org|http://www.ipcop.org]
Is actually a fork of smoothwall and is now, in some ways anyway, ahead of smoothwall.
----- Steve
|
Post #138,781
1/30/04 7:35:13 AM
1/30/04 7:38:45 AM
|
Firewall Recipe
1. Get cheap/free computer with 2 network cards 2. Add [link|http://www.smoothwall.org/|smoothwall] 3. Profit!! (or, at least, a safe network).
Don't even bother trying to secure XP; it's a waste of time. The smart thing to do is firewall it properly.
Anything that runs on the box itself is basically crap because the Bad Guys have to get that connection to your machine in order for ZoneAlarm or whatever to do anything about it. This means that (a) if your Windows "Firewall" has a bug that causes it to crash on receipt of bad data you're (b) very very screwed.
Real security physically separates the unsafe connection (i.e. your ADSL router) from the safe network (i.e. your LAN; in this case, that's just lil ol' you).
Some people here will try to recommend Windows products. As I've noted above, they're pointless because the Bad Connection has already been made to your computer.
I use a Netgear RT314 gateway router to separate myself from the Internet; it's a stateful packet-inspecting firewall with a built-in 4-port 100MBPS switch. You can get these puppies on eBay for $20.
[link|http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=3074639612&category=23778|http://cgi.ebay.com/...12&category=23778]
Get it bought.
Peter [link|http://www.debian.org|Shill For Hire] [link|http://www.kuro5hin.org|There is no K5 Cabal] [link|http://guildenstern.dyndns.org|Home Page - Now with added Zing!]
Edited by pwhysall
Jan. 30, 2004, 07:36:25 AM EST
Edited by pwhysall
Jan. 30, 2004, 07:38:45 AM EST
|
Post #138,798
1/30/04 9:10:02 AM
|
What he said.
bcnu, Mikem
I don't do third world languages. So no, I don't do Java.
|
Post #138,900
1/30/04 3:56:38 PM
|
My solution
was a warp pc with two nics; one to the dsl modem and one to the rest of the network. Runs a pppoe /w firewall product called safefire. Been running it for at least two years with no problem (shrug). I've got it combined with the built in firewall on the tcpip stack on the lan side (ipsec.sys; comes from AIX land, as does the rest of the OS/2 stack). It gives an extremely configurable system.
The actual router's a decrepit pentium box... and even so, it's still overpowered for the job.
--\n-------------------------------------------------------------------\n* Jack Troughton jake at consultron.ca *\n* [link|http://consultron.ca|http://consultron.ca] [link|irc://irc.ecomstation.ca|irc://irc.ecomstation.ca] *\n* Kingston Ontario Canada [link|news://news.consultron.ca|news://news.consultron.ca] *\n-------------------------------------------------------------------
|
Post #139,031
1/31/04 5:55:25 AM
|
OK, that's a Clear 'review' :(
At that price.. be silly not to play. Even if the several testers deem this box 'stealth' - invisible. Just now.
Having been lucky (?) thus far via ZoneAlarm for V90ish dialup (but Not anything beyond V.2.6.88 - for reasons not interesting to mention) on 98SE-lite, maybe I should take my winnings and step upwards. Seems likely that the "True Vector" thingie, however clever the games ZA plays in hiding its mere disk location via roulette.. shall be hacked - such a fun game for the cretinous mind. I suppose it's also irrelevant to the risks of '04 that - there's no Lookout or IE (except the necessary stubs left) and no local network either - on this box.
No NICs here (yet, anyway). What need then, with Netgear RT314 to accommodate mere dialup? By 'stateful' is this about ~ IPv6 or DHCPv6? v4? (or irrelevant to my concern). Will this then autoconfig, pretty much? Does router talk to a HTML setup menu, display its default port list, etc? ie do I have to grok any static addressing to setup this box? (I'm supposing a need for one NIC, cable, in P-III box + driver and a clue for picking an address for that.)
What think? PITA or no-brainer? Thanks.
moi
|
Post #138,845
1/30/04 12:44:58 PM
|
Tried disabling the network connection?
I'm assuming that you're disabling it via the hardware "disable" button on the laptop - some laptops have those.
If so, try start->Control panel->Network Connections-> Right click on the network connection, select Disable.
If that's the button you've been trying, well, you might want to try disabling it in the device manager, and see how that goes.
Other than that, Peter's right.
I have a blue sign on my door. It says "If this sign is red, you're moving too fast."
|
Post #138,887
1/30/04 3:32:29 PM
|
Re: Personal firewall recommendations?
For a single PC get ZoneAlarm. If you can dredge up an old PC, get Smoothwall. If you're protecting a small network and can't dedicate a PC, try Agnitum Outpost.
qts
|
Post #139,075
1/31/04 11:00:12 AM
|
ZoneAlarm == Won'tAlarm
-- [link|mailto:greg@gregfolkert.net|greg], [link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey
"Lately, The only thing keeping me from being a Serial Killer is my distaste for manual labor." -- Dilbert Calendar, January 4, 2004
|
Post #138,930
1/30/04 4:51:12 PM
|
Wow
For a bunch of intelligent guys, a number of you seemed to completely miss his point.
I'm picturing tablizer on a laptop dragging around a 486 whitebox running Linux attached to a really long extension cord. And he's still vulnerable via the wireless connection.
-- Chris Altmann
|
Post #138,932
1/30/04 4:56:30 PM
|
Ha! (new thread)
Created as new thread #138931 titled [link|/forums/render/content/show?contentid=138931|Ha!]
|
Post #139,036
1/31/04 7:42:11 AM
|
Not if he manually sets the IP address to 192.168.blah.blah
Peter [link|http://www.debian.org|Shill For Hire] [link|http://www.kuro5hin.org|There is no K5 Cabal] [link|http://guildenstern.dyndns.org|Home Page - Now with added Zing!]
|