HIPS and Firewalls - why did/do you use them?

I have a question for those who have or do use HIPS or Firewalls that are application aware.

Why did you start to use these programs to begin with and do you still do so?

I started using them because I like computers, have some kind of a knack for understanding them, and not only wanted to know what was going on that I did not see but stop it. For me it was a curiosity thing. I loved having total control over the NIC and any program wishing to use it had to go through the firewall (outpost pro) and my scrutinizing. HIPS did the same thing only with a different set of tools for different purposes. I used PG for a long time, but played with many.

I do not use either of these two any more. Somewhere along the way I realized that for all the security I was putting in place, there never seemed to be anything exciting happen to secure against. Since owning vmWare for I think 5 years now, it has changed how I do things anyway.

I still have different firewalls and hips in different vmWare snapshots, because I believe they are a very useful tool. I just don't want to have to hand-hold them in everyday business anymore.

Sul.

 

i use hips program only, well my main hips program has a basic firewall protection anyway i love to see every movement or running procesess for peace of mind and be able to gain control of my system,love to make rules for testing purposes man i love hips

 

HIPS and FireWalls,

My reason for getting into this was, because my son was a script kiddy. One day I caught him. Being a former IT-guy myself (now 23 years ago before I turned into makerketing and sales) who designed one of the first on-line banking systems in the Netherlands. I was surprised that by trial on error and downloading freebies and even open source software from the internet a script kiddy could things like that. I was very pissed, so forced him to leave a note on the desktop "your friendly hacker was here, please close forward all traffic from port xxx to a non existing IP-adress.

I went out to buy a proper router/firewall myself (old school guy, so have more faith in seperately managed devices , when I had bought the router, my wife told that the PC was not working again. Turned out that my son had hacked a hacker, who had returned the favour by destroying the MBR.

So I had to buy additional software to get most of our digital photo's back and blamed myself I was an asshole to act as noob, while I knew that I had violated all rules of security.

So now we have an external harddisk, offline for 99,99% of the time (and kept at different location than the PC) with decent image (Paragon) and data backup software (Syncback).

Next I digged into software firewalls and HIPS, started with Kerio and PG, next changed PG. PG will quiet down, but getting into HIPS is like starting a contenst with PoC, intrusion tests and real malware samples.

It feels like you are Dirty Harry, sick of the bad guys (Hells Angle like creatures) and you build yourself a gigantic fourwheel drive to chase out of your neigbourhood. When you are not the sole user of teh PC, there is allways the problem of pop-ups arising when other family members are using the PC. They get pissed off on security, you will get hooked into a time consuming hobby, until you realise: I can't solve this problem, lets turn back to good old policy management.

So for me it is UAC/LUA with SRP or PGS or an user firendly policy HIPS like DefenseWall, GeSWall or AppGuard.


Golden Rules:
1 Have a proper backup/restore measure in place
2 Use a router/firewall with at least SPI and limited DPI possibilities and configure it well
3.Apply policy management or policy management HIPS (like DW, GW)

I would rather use an FW/HIPS than a seperate FW and HIPS, because I have this uncomfortable feeling that the network stack is executed earlier than the process stack, therefore an Intergrated HIPS/FW is the best quarantee nothing slips through. As said it is a feeling, I have not been able to proove that this is an exploitable weakness in practise.

regards

 

well at home, i just use windows firewall, but on a laptop, i use a FW + HIPS product because it wuld travel between networks and i want it secured on insecure wifi spots. i use Outpost Firewall Pro as my choice.