Looking for pure firewall

Why would anyone want a FW without HIPS?

I thought HIPS was essential for a FW?

 

Because Mr. Anyone has already a HIPS without FW.

Cheers

 

"HIPS" are a comparatively recent addition to firewalls. The present trend is to combine all the security apps into one package. Firewall vendors saw the effectiveness of apps like Process Guard and System Safety Monitor, added those abilities to their products, and came up with the term HIPS. The term itself is more of an advertizing buzzword than a useful of the software. It's used to describe too many different things and has no definite meaning. Sites like Matousec like to push that combined suite concept with their misuse of so called "tests", turning them into advertizing tools that do nothing but push the "newer is better" concept to increase sales for the vendors.

There's no reason "HIPS" has to be part of a firewall suite. A lot of us like to run separate HIPS and firewalls. I run Kerio 2.1.5 and SSM, which I consider to be equally as effective or better than any combined package.

 

Hi,

So, if one is looking for a simple "Pure Firewall" as stated in the title...

I wonder why no one mentioned GhostWall....

http://www.ghostsecurity.com/ghostwall/

This is probably the easiest and most uncomplicated, low profile firewall I know of..
Nothing unneeded just simple blocks and rules!

Just a thought!

 

It still is in development?
Do you have support for it?

 

Hello RDSU,

Wilders used to host the support for ghost security... I think Jason might have dropped the ball somewhere in the forums...

However the firewall itself is rather good, I still have several clients (XP users) who wont let go of it...

It does have a few peculiarities where some ports need to be configured properly for it to block them, but the rules are easy to understand and implement...

Just test your firewall installation as soon as you setup to make sure you have no leaks...

Here is a link for you to some resources to test your firewall (Whatever choice you end up making).
http://www.hermes-computers.ca/index.php?pid=39

here is a wilder post I wrote some years ago for those interested in Ghostwall... About Port 0 & 1 being exposed! and the solution...
https://www.wilderssecurity.com/showthread.php?t=148627&highlight=Ghostwall

The particular rule to solve the issue is located here: https://www.wilderssecurity.com/showpost.php?p=847698&postcount=3

I hope this helps!

 

I know that Ghost Security is a great firewall, and already use it in its beginning, but I don't like firewalls that doesn't have support and its development is dead...

 

If we only install the Comodo Firewall, disabling Defense +, we will get a pure firewall, and at least on my system it runs really stable and fast with almost no CPU usage and Memory...

It seems that is the only option that really works for me...

 

No comments!

 

Please, give them!

 

Note: just in case someone finds the info interesting I did edit my previous post to reflect the issue of port 0 & 1 (which is common in many firewall).

if you want to re read it: https://www.wilderssecurity.com/showpost.php?p=1449936&postcount=31

 

I'm with you on this... However the secret to this recipe is in the testing!
And ghost wall being probably the most bare boned Firewall around albeit airtight and super light weight using practically no resources. I can't see much need for further development being required given what it actually does already...

 

Vendor support isn't that important with firewalls like Kerio 2.1.5, Ghostwall, etc. They don't depend on updates or databases that need maintaining. They've been in use long enough that the major bugs were found and fixed.

The internet has gotten bigger but its basic design hasn't changed since these firewalls were released. The IP address system is the same. Internet software still uses the same basic protocols and connects through the same ports. Firewalls like Kerio, Ghostwall, Sygate, and others will filter and control internet traffic exactly as they did when they were new. When IPv6 is fully implemented, then the older firewalls will cease to be useful, but for right now, they do their job very well. That's one reason that a lot of us stay with an older firewall. They were designed to do one thing, control internet traffic, and they do it very well.

 

Hi hermes.
I'm using Kerio 2.1.5 since a few months, and after reading your comments on Ghostwall, decided to try it.
There's no applications rule though, and the Allow All Outbound rule is a bit scary to me...
Kerio allows me to control what apps have network access, and to which IPs and Ports.
With the default rules, like depicted here:
https://www.wilderssecurity.com/showpost.php?p=847698&postcount=3
It's barely an incoming packet filter, no?

TIA,
François

 

Bonjour Francois!

By definition all firewalls are merely packet filters... as the only way to block some and allow others require packet filtering to ports and sockets...

This being said, this firewall will allow you to create port rules sophisticated enough to facilitate all your firewall needs... However they must be created by hand. So if you enjoy finessing around with port rules this is the firewall for you... on the other hand if you like everything done for you it may not be...

On a side note: Kerio is an excellent basic firewall. It does nothing less than Comodo or Ghostwall as far as Firewalls do. In fact even the firewall built into the Vista or XP Pro SP3 is "Effective" as a firewall. The real issue everyone suffers from is caused by applications that resides on a user's pc then dials out, bypassing router based firewalls as well as machine specific firewall. Not including that an ever increasing numbers of system breach is now related to plug gins and add ons to web browsers or to scripts built into web sites then the web browser interprets the content and voila... Firewalls, applications filters and other such fine technologies are rendered moot as the system is compromised...

 

Thanks Hermes.
I don't mind doing rules.
I've tweaked Kerio myself, so I can do it.

With Ghostwall, I don't see how I could, for example, allow outbound port 80 to my browsers only.
It seems I can open the port or not, but can't choose to which apps.

For the moment, Kerio seems far better since I can control the apps.

(or I'm missing something obvious...)

Regards,
François

 

Francois,

Nope, you are right... No application level filtering here.

However, as I have mentioned you should not rely on your firewall for applications filtering...

A HIPS is far and above the better option as it is not applications or port/socket specific.

Also hardening your web browser as well as any "risky" applications you wish to filter would be far more secured if used within a Sandbox further operated within a user account with reduced rights (As in not an administrator's user account).

 

Thanks again.
Just added Dynamic Security Agent (DSA) from Privacyware, and may have a winning combo here.

Another question: where does Ghostwall saves the rules?
Did some tweaking tonight, and wanted to save the rules file (as I did with Kerio) to a backup directory.
Didn't find anything in the app dir, documents and setting dir nor registry.
?

TIA!
François