Looking for a non-intrusive personal/application firewall

Hi,

I'm looking for an application/personal firewall for windows xp/2000 which I want to deploy on a small school lan. I want a solution where I, as the administrator, decide which applications can initiate outgoing connections and on which ports (and preferabily on which destination subnets). I do NOT want my firewall to do anything else (e.g. popup blocking, email filtering, av, etc.)

The various firewalls I tried were always asking the user: "this application is trying to connect... accept/reject". I find this annoying/intrusive and I don't want my users to make this choice.

I'm wondering what type of application firewalls large corporations use ? I'm sure there must at least one product out there that lets the administrators describe the list of allowed application in a config file that can then be copied to every computer.

Thanks in anticipation for your time & tips, Alok.

Reply to
alok.menghrajani
Loading thread data ...

Kerio Personal Firewall 2.1.5 can be set to Deny Unknown mode, where anything which does not have a rule permitting it is automatically denied without asking the user.

Reply to
Ken

Behind a NAT device, IPsec can protect the machines on the LAN. It can be used in a FW like manner. When I used IPsec, it blocked on the High ports >

1024 and prevented a file download from a site using a high port for the download. You either had to disable IPsec or knew how to open the port to allow the download. Ipsec is not going to ask any user questions.

formatting link
You can implement the AnalogX IPsec file on a machine and it will provide instant protection. You can then learn about making IPsec rules and implement them on a machine anyway you want to control traffic to/from the machine.

I don't think most big corporations are concerned about what application/program at the machine level what's Internet access.

Hopefully, you have a gateway NAT router or some other gateway device that can do logging of traffic to/from the network so you can review the logs and note and take action on connections to dubious remote IP(s). And the gateway device has the means to stop inbound or outbound traffic, if need be.

Duane :)

Reply to
Duane Arnold

Doesn't exist (and won't function properly anyway). If you don't want an application to do what it was designed to do (like communicate via network) don't install the particular application or prohibit execution of it.

A firewall must not allow end user interaction.

None, They don't use such crap. They define access rights which allow or disallow the execution of software,

Wolfgang

Reply to
Wolfgang Kueter

If you have to do it for multiple machines it may just be better to get a hardware firewall (netscreen, sonicwall, ...) that way you control who gets to communicate with the outside world.

Reply to
Minh Tran-Le

Hardware firewall doesn't allow per application control. I of course have hardware firewalls too, but I believe in multiple layer security. I think it totally makes sense to have application control, even if I'm using read/write/execute rules on the file system.

I will try to see if kerios works. It seems to be the best choice so far.

Thanks for all your replies.

Reply to
alok.menghrajani

The BlackIce PC edition has the best Application Control around bar none if you believe in Application Control.

Duane :)

Reply to
Duane Arnold

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.