Firewall- What is the best?

I would like to but a decent firewall for my home DSL. What is a good brand to buy and what should I look for? Thanks

snipped-for-privacy@sbcglobal.net

Reply to
joegarciamail
Loading thread data ...

do you have a router? usually they have firewalling built in... or get one with stateful inspection

Reply to
stokkeland

The firewalls marketed for home users are about the same. If your looking for something cheap check out the firewalls from D-Link or Netgear. If you want something more robust look into firewalls for the small business market like Sonicwall. If your more technically minded or want to try your hand at a cool project, make your own. Just get and old PC, put 2 network cards in it and install something like SmoothWall Express:

formatting link
you can make your own from scratch with Linux or BSD.

Reply to
DarbyCrash

What kind of firewall appliance can't be screwed up?

Reply to
Micheal Robert Zium

You should get yourself a NAT (no FW) router like a Linksys or others as a border device that has FW like features. You can get a Linksys DSL NAT router for home usage or one of the other NAT routers for home usage like a D-Link or Netgear, SMC or others.

formatting link
You should get a NAT router that does logging so that you can use a logviewer to watch inbound or outbound traffic to possible dubious remote IP(s).

formatting link
You can use a personal FW solution at the machine level or some other packet filtering software on the machine to stop inbound or outbound at the machine level to supplement the NAT router, since most NAT routers for home usage cannot stop outbound.

Duane :)

Reply to
Duane Arnold

Do you want a real firewall or just protection that's good enough for

99% of home users?

A real firewall will cost several hundred $, a cheap NAT box that has firewall like "features" can be found for under $100 in most cases.

If you are not running any services that the public has access to, you can use a cheap NAT device that does SPI and has good logging ability.

The Linksys BEFSR41 unit has SPI and some great home user features, but, even though it's labeled as a firewall, it's just a NAT box.

If you want a firewall, get a good appliance, something you can't screw- up, and you'll be happy.

The big difference between the cheap NAT devices and the simple Firewall units is that a firewall has to have a rule to allow ANY traffic, the NAT boxes allow outbound without rules.

Reply to
Leythos

It's all relative - if you look at most true firewall appliances, with the exception of the people that "try" to setup a PIX, most firewall appliances are not easy to misconfigure such that your network is easy to compromise.

With a workstation running a personal firewall, or anything that "YOU" install and setup on a PC, you run a serious risk of screwing up something with the OS or the Firewall or the firewall settings, at least more so than with a dedicated appliance.

Reply to
Leythos

More shameless SmoothWall bashing. These guys are doing a serious injustice by whipping up a lot of fear about "complex setups". My Smoothie was easy to setup...and runs Ad-Zapping, ClamAV, Dansguardian, as well as giving me access to EXTENSIVE log files. All of this running on a $20 PC. Don't dismiss the comments by these critics...they are simply running scared. These expensive appliances (that they seem to be sleeping with) are going to have to drop their prices dramatically, if they hope to compete in the future. NOBODY whom I have demonstrated SmoothWall too, has left with anything but a strong desire to set one up for themselves as quickly as possible. We advocates of this Free-ware system have enjoyed the last few years of relative obscurity, but the cat is out of the bag now. Smoothwall breathes life into legacy hardware by turning it into one of the finest, most versatile Firewall Solutions on the planet.

Reply to
jeffreyalsip

This person seems to have a personal problem with Smoothwall. If it is not one thing than it's another. ;-)

Duane :)

Reply to
Duane Arnold

What a load of bollocks. Freeware is freeware. Hardware appliances have a lot more under the hood than a bunch of freeware tools quickly thrown together.

Reply to
Mark

I think you have to look at the skill levels of the average reader here. Most of them can fsck up a solid steel hammer. True, most users don't need a complex firewall - they shouldn't be offering any network services, and that can boil down to two or three very simple rules.

I don't like running extra crap on my firewall. I also don't feel the need for "EXTENSIVE log files" which (for the average user) is a total waste of diskspace and brain cycles. I really don't give a flying fsck if some host in Korea or Kenya attempted to connect to a trojan that I don't have installed.

You paid to much. My firewall is a twice salvaged 386SX-16 with 8 Megs of RAM and a 213 Meg disk. The largest expense is the 40 VoltAmps it consumes, as I paid nothing for the box itself or any of the software.

I think you need to see a doctor about your misconceptions. Does your 'Smoothie' handle multiple Gigabit connections? Or are you still limited to something "a bit less" than that?

That can be confirmed by hitting

formatting link
and searching the comp.os.linux.security newsgroups for that period. The alternative group alt.os.linux.smoothwall is also enlightening.

So does any of the more than 250 freely available Linux and *BSD distributions which come with the firewall as an integral part of the operating system. Has someone gone through and cleaned up all of the system() while SUID calls? Has Richard Morrell gotten his medication under control? Those two facts alone drove away most prospective users of Smoothwall.

Old guy

Reply to
Moe Trin

I'm not bashing SmoothWall, I'm bashing ALL products where the user self installs the OS and firewall product without being a skilled installer of both.

Heck, if you know what you are doing you can run a Windows 2000 or XP box without ANY firewall and be secure, but not many people know how to do that either.

I don't run anywhere, I base by posts on more than 25 years working with computers, programming, designing hardware, network, and based on a perfect/spotless security record for clients systems all over the US.

I've seen countless compromised networks protected by open-source and freeware applications setup by people that claimed to know their stuff, same for home users that didn't claim to know anything but were talked into it by someone that didn't understand the skill set/technical ability of the person installing it.

For small shops and home users it might be slick as snot and worth all you say, but I will not use it to protect my home or office and will not be installing it for clients. I like and push WatchGuard appliances, nothing I've used (netscreen, pix, sonic, etc...) has better features for the same price range. I have setup many FW-1 systems running on dedicated servers, and even looked at many Linux solutions based on BSD, but, when it comes down to failure points, the Appliance is everything based on a user computer beat.

It was never obscure, you just haven't been around long, we've know about Smoothwall and others like it for a long time, but some of us have to certify networks, have to based thousands of nodes on our solutions, etc.... I'll go with a certified appliance over a self installed firewall application any time.

I would almost rather see a home user (which is where I think you target) use a NAT appliance, as it's going to block inbound and not be screwed-up by default.

Reply to
Leythos

I have worked with just about every firewall out there for large companies, small and home users. Everything has its place. Nothing can really beat the security of a Sidewinder Appliance which uses more apllication level proxies than I have seen out there. For the smaller office Watchguard, Sonicwall, Astaro, etc are fine and the home user can go to Fry's and get whatever provided they are not hosting anything. It all depends and budget and what level of security you are after with the money you have.

Reply to
Michael Seidner

That is why XP SP2 with MS's firewall and MS's Automatic Updates enabled is the best security for the average non-techie user.

Reply to
fred

No, the best solution is a NAT Router with SPI and then SP2/XP Firewall and automatic updates with quality AV software and securing IE as specified by MS.

Reply to
Leythos

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.