What firewall software do YOU use?

[pawstar]

What kind of software firewall do you run on your computer?
I am looking to find out what software people use here and what the best software firewall solution is out there that will block both inbound traffic and outbound program (spyware, rootkits, nosy programs, etc)

 

[The Bryophyte]

Where is kerio? That's my choice.

 

[WhyYouLoveMe]

I don't.

 

[zandor]

I use the firewall support built into Linux. My Linux box connects the the internet, and everything else connects through my Linux box.
Oh, and, um... what about the built in Windows firewall in XP? Ok, so it sucks due to a lack of configurability, but a ton of people use it.

 

[Asian Dub Foundation]

zonealarm free for the win

 

[pawstar]

I use the firewall support built into Linux. My Linux box connects the the internet, and everything else connects through my Linux box.
Oh, and, um... what about the built in Windows firewall in XP? Ok, so it sucks due to a lack of configurability, but a ton of people use it.

And the built in firewall does nothing to stop outbound traffic but rather only incoming traffic. Say you get infected with a keylogger or some monitoring software - the built in FW will not stop it from transmitting its logs

 

[pawstar]

Where is kerio? That's my choice.

There are only so many options that can be listed
From a quick glance at the feature list, it does seem impressive, but unfortuantely it is being discontinued.

CUSTOMER ALERT
Kerio Personal Firewall is being discontinued on December 31, 2005. While Kerio will continue to support this product for all customers through 2006, we will not be actively developing any new features or functionality going forward.

 

[jaffy]

Hardware firewall FTW! Using Sun Sunscreen on an old dually Sparcstation

 

[KoolDrew]

SP2 Firewall + Router. There is no security benefit at all to using an outbound filtering firewall at the host-level.

 

[CRXican]

none

not necessary, hardware firewall/router

 

[mosin]

Kerio 2.1.5

 

[norky]

Outpost Pro

 

[Ice Czar]

Where is kerio? That's my choice.

for a software rule based firewall
Kerio Personal Firewall2 v2.1.4
(and I wouldnt recommend any automatic firewall period, learn to write the rules)

then the router has NAT

then there are hardware firewalls

cut & paste 101
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

how does a hardware firewall work?

NAT & PAT (NAPT)
IPTables (PDF part 1) & Part 2
Stateful vs. Stateless IP Filtering

http://www.netfilter.org/ (opensource freeware)
* stateless packet filtering (IPv4 and IPv6)
* stateful packet filtering (IPv4)
* all kinds of network address and port translation (NAT/NAPT)
* flexible and extensible infrastructure
* multiple layers of API's for 3rd party extensions
* large number of plugins/modules kept in 'patch-o-matic' repository

http://www.netfilter.org/documentation/index.html#documentation-howto
http://hardforum.com/showthread.php?t=781545 (Networking FAQ)

Personally if your getting into this and building your own Id start with a simple Linux NAT Firewall (w\ ipchains)
http://pigtail.net/LRP/index.html \ http://www.linuxrouter.org/
(first one has an easier tutorial IMO)
and then graduate to more complex ones like netfilter which is cutting edge (iptables, stateful & stateless)
after that there are IDS (Intrusion Detection Systems) & IPS (Intrusion Prevention Systems) like SNORT http://www.snort.org/
(also opensource freeware) you make it that far it goes on the resume

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Say you get infected with a keylogger or some monitoring software - the built in FW will not stop it from transmitting its logs

exactly, which is why I consider ProcessGuard a firewall for the Kernal
http://hardforum.com/showthread.php?t=955135

no one ap will make you safe, its rather a process of one ap checking another and comparing back to a clean baseline that gurantees your uninfected these days
a process that is able to secure an individual box fairly well but often defies automation on a network with multiple users, further operator error enters into it, if you allow a process\port\ap to run mistakenly beleiving its safe

well Sony BMG as the obvious example

 

[clarkkent333]

I used to use Kerio 2.1.5 but had to switch once it became incompatible with Perfect Disk. I use Outpost Pro 3 now. The interface needs some work but it's pretty powerful so I'm happy with it.

 

[MaXimus]

I use the built-in firewall in XP

 

[SmokeRngs]

I use the old free, or shareware, version of Kerio. I believe it's 2.14 or 2.15 that has been mentioned here a couple of times. It seems to work rather well. It's almost scary the amount of software that communicates or tries to communicate to somewhere on the web when it has no reason to do so.

 

[NulloModo]

XP Firewall

 

[4saken]

I use a dedicated OpenBSD box as my firewall/router using PF

I like versatility

 

[FlatLine84]

www.smoothwall.org

 

[digitalman]

The firewall that comes with Netlimiter 2.0

 

[Cheetoz]

kerio 2.1.5 w/ BZ rules

 

[S1nF1xx]

none

not necessary, hardware firewall/router

I have a Linksys router and somehow some shit still gets through there on random port #'s according to ZA anyway.

Plus as others said, it doesn't protect you agains outbound traffic. That's what scares me the most. If a keylogger gets on my system it's most likely not going anywhere thanks to ZA.

I sleep well at night.

 

[KoolDrew]

Plus as others said, it doesn't protect you agains outbound traffic. That's what scares me the most. If a keylogger gets on my system it's most likely not going anywhere thanks to ZA.

If something gets on your machine the possibility exists for it to whatever it wants, with or without your knowledge. That is why the most critical thing is to prevent that code from ever getting on to your system in the first place.

Outbound filtering at the edge of your network is a good thing, but host-based outbound scanning is really nothing more than marketing hype and a false sense of security. It may give you warm fuzzies, but it does nothing to increase your systems security posture. This is why I use the SP2 firewall, anything else is completely unnecessary.

 

[jpmkm]

iptables all the way. Though that's just on my internet gateway. I see no need to run a firewall at both ends of the cable.

 

[Ice Czar]

If something gets on your machine the possibility exists for it to whatever it wants, with or without your knowledge. That is why the most critical thing is to prevent that code from ever getting on to your system in the first place.

exactly
first thing most malware will do these days is disable the AV from finding it and compromise a software firewall, the better ones manage it without tipping thier hand, the clumsy ones open you wide up and your soon over ridden by all sorts of crap and the jig is up.


if you all want to really be scared (Halloween is coming late)

Port Knocking

http://netsecurity.about.com/cs/generalsecurity/a/aa032004.htm

rather than opening ports for remote connection that are readily visible and detectable, a Trojan is planted which monitors the network traffic. Once the "secret knock" is intercepted the malware will awaken and open the pre-determined backdoor port, allowing the attacker access to the system.

By creating a dormant backdoor that requires the "secret knock" to open it the malware author keeps the backdoor secret. Again, that is good and bad. Good because every Tom, Dick and Harry hacker wannabe won't be out port scanning to find vulnerable systems based on the port opened by the malware. Bad because if it's dormant you won't know it's there either and there may not be any easy way to identify that you have a dormant backdoor on your system waiting to be awakened by port knocking.

http://www.portknocking.org/

step 1 (A) client cannot connect to application listening on port n; (B) client cannot establish connection to any port

step 2 | (1,2,3,4) client connects to a well-defined set of ports in a sequence that contains an encrypted message by sending SYN packets; client has a priori knowledge of the port knocking daemon and its configuration, but receives no acknowledgement during this phase because firewall rules preclude any response

step 3 | (A) server process (a port knocking daemon) intercepts connection attempts and interprets (decrypts and decodes) them as comprising an authentic "port knock"; server carries out specific task based on content of port knock, such as opening port n to client

step 4 | (A) client connects to port n and authenticates using application’s regular mechanism

which puts this statement into context

Outbound filtering at the edge of your network is a good thing, but host-based outbound scanning is really nothing more than marketing hype and a false sense of security. It may give you warm fuzzies, but it does nothing to increase your systems security posture. This is why I use the SP2 firewall, anything else is completely unnecessary.

filtering at a hardware firewall isnt going to respond to a port knock (unless it too is compromised) and can catch outbound traffic as well

whereas "port scan" services on the net arent going to do anything other than see if there is a port wide open, which would be very old school and clumsy malware work these days

see the last link for legitimate uses of port knocking
it aint all bad

 

[Carlosinfl]

Cisco --- Smoothwall --- Built in Linux Firewall.

/done.

 

[pawstar]

If something gets on your machine the possibility exists for it to whatever it wants, with or without your knowledge. That is why the most critical thing is to prevent that code from ever getting on to your system in the first place.

Outbound filtering at the edge of your network is a good thing, but host-based outbound scanning is really nothing more than marketing hype and a false sense of security. It may give you warm fuzzies, but it does nothing to increase your systems security posture. This is why I use the SP2 firewall, anything else is completely unnecessary.

But how do you filter outbound traffic "at the edge of the network" in terms of applications? I understand that you can easily filter some ports using a router or a separate linux box configured as a firewall, but how can you stop some malware from transmitting over a commonly used port say 80? With the host based software firewall, hopefully it will pick up that "keylogger.exe is attempting to communicate to ip adderss x.x.x.x on port xx. do you want to permit this operation?"

It is certainly true that the software firewall won't be able to protect from everything, however, somehow I feel that some protection is better than no protection at all.

 

[JTY]

Currently using iptables.

 

[c0ex]

I use only Mcafee products

 

[rhouck]

^ bummer

Kerio Winroute here.

 

[Falls Included]

I use only Mcafee products

i too feel sorry for you...

me on the other hand.. i cant find a firewall i like... i used to use a freeware version of tiny personal firewall.... but that didnt like sp2 too well, so i switched to kerio, and i just didnt like it... then i went to sygate (what i voted for), and, well, sygate just doesnt work right for me. take for instance, on my main machine, i have the firewall set to allow all, becuase i cant do a damn thing remotely unless its like that, and i still cant vnc to the damn thing.

i tried the newest version of tiny, and i still love it, but its not free... and i dont want to pirate it (read: cant, lol). and if i cant find a decent one soon, i'm just gonna buy tiny and hope they dont notice when i use it on all my computers...

i am going to assume that version of kerio is just like tiny, but i just never jived with the interface and i didnt think it did a very good job of blocking/asking when to create a rule/allow a connection, even having to reboot my machine just to get a newly installed app to get on the network.

anything you all would reccommend for me? i'm running out of choices... and i dont want to use norton or mcafee's stuff. too much to buy, and too much of a pain to pirate..

 

[Carlosinfl]

I use only Mcafee products

Yikes.

 

[FlatLine84]

I use only Mcafee products

why?

 

[Mindoculus]

i'm bunkerd down with the windows sp2 firewall, but i've also put up other software
layers against instrusion and hijacking attempts.

along with win firewall i have process guard, prevx, anti-vir, and one other real-time
registry guard (tiny install, name escapes me).

 

[burningrave101]

Kerio is the only software firewall i've been using lately. I may give the latest version of ZoneAlarm a try though.

 

[CrimandEvil]

Kerio FTW

They can pry it from my cold, dead hands for all I care.

 

[postalcop]

I use my router and windows firewall

 

[discochan]

I just use the windows one

 

[Cross]

I tried Nortons but ZoneAlarm is just so much nicer, esp th newer version.

I see a lot for Kerio but it seems it might be discontinued.... I will stick with ZoneAlarm.

 

[ScHpAnKy]

Tried ZoneAlarm, it sucked, so I went to Sygate Personal Firewall, but that's only if I'm DMZ'd... I'm a smart enough user to not download trojans/spyware/malware/adware/viruses in the first place

Behind two routers, so I'm fairly positive I can't be connected unless I forward a few ports