Anyone fancy offering advice to a Newbie?!

Discussion in 'other firewalls' started by wortgames, Jun 27, 2006.

Thread Status:
Not open for further replies.
  1. wortgames

    wortgames Registered Member

    Joined:
    Jun 27, 2006
    Posts:
    2
    Hi all, I've been browsing these forums for a few days and I think I'm more confused than ever! I am a bit out of my depth regarding networking issues, and I'm reluctant to edit a firewall rule in case I open up a hole. I know it probably gets asked a million times a day, but I'd appreciate any advice regarding choosing a decent firewall.

    Until recently I was using Norton Internet Security, but I have just reloaded windows and want to avoid NIS this time as it has been a bit unreliable and frustrating at times.

    I have a laptop connected wirelessly and a PC plugged into a wireless router. The two computers share with each other for backing up files etc and both access the net. Both machines run XP pro SP2 and are clean and fully patched and updated etc.

    Zone Alarm bothered me a bit with its frequent alerts and permission requests, esp. if installing software for example. It also added about a minute and a half to my bootup time which annoyed me quite a lot - it doesn't inspire confidence in the software and I was scared the desktop would never build!

    Kerio seemed clean and tidy, except that I have to edit some rules to allow the two machines to communicate and of course I'm paranoid about opening it wide up. It also failed GRC's leaktest without even renaming the file which is a bit of a worry.

    So I'd really appreciate some kindly advice from the knowledgable security folks here - should I stick with Kerio and seek advice on rules, or would Zone Alarm give a networking newbie better protection out of the box? Is ZA's ridiculously slow startup common?!

    I realise there are some other alternatives out there too but they seem to be aimed at the more advanced users.


    Thanks in advance and sorry for the long post but I'd appreciate any input!

    :)
     
    Last edited: Jun 27, 2006
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    if ur willing to learn more about rules, then it greatly help you and give u better choices with firewalls.

    if ur just a newbie, theres nothing wrong with using ZA. also u can customize ZA and disable stuff like component control. that would reduce teh number of alerts.
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    Hello,
    You should definitely try Sygate.
    Mrk
     
  4. trickyricky

    trickyricky Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    475
    Location:
    London, UK
    In my experience, ZoneAlarm can sometimes take ages to start up, which is one reason why I switched to Kerio. I'd suggest sticking with Kerio since it seems to suit your system quite well. If you're uncertain of any rules you have set up, post the details here as I'm sure we (the helpful folk at Wilders) will be able to advise on them.
     
  5. wortgames

    wortgames Registered Member

    Joined:
    Jun 27, 2006
    Posts:
    2
    Thanks folks for the tips. I guess that is to be expected - 3 responses, 3 different suggestions! Can't you just tell me how long a piece of string is? :cool:

    I am trying to learn a bit about firewall rules, but I am starting from scratch regarding the whole technology so it will be a while before I am comfortable enough to trust my own expertise.

    The leaktest thing bothered me a bit about Kerio, as did a couple of other comments I happened across, so I gave ZA another go. The slow bootup seems to be under control now - I disabled my AV for one boot cycle and that seems to have done the trick in letting it settle in. It still takes a little while longer to boot but probably nearer 10 secs than 100. I have decided to find the program alerts reassuring - I'll let you know how I go with that ;)

    I will have a look at Sygate too, thanks Mrk, I missed that one. I have Ghosted my system a few times now so I am free to experiment with different apps.

    Again, thanks!

    Cheers, WG
     
  6. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    A piece of string is exactly as long as the one measuring it perceives it to be.

    Securely configuring your router and wireless connections are more important than an outbound software firewall. An outbound firewall is important, but your router and the wireless connection are your first line of defense against inbound attacks so should be taken care of first. This basically means going into the routers config and learning what each of the settings do. Sometimes router manuals are helpful, but usually the best answers come from helpful people on either the router's forum or security forums like this or DSLreports.
    Understand what the settings do (and what may rely on it) BEFORE you change them. And only change one setting at a time then test if it still works (internet, email, file sharing). Sometimes the default settings are good, and only a few things need adjusting. Adding a password to the config is a good idea. As is disabling features that you will probably never use like remote administration. If you are not going to use the particular feature on a daily basis, disable it. You can always enable it later if you need it. Definately turn on security features. In your case especially, WPA or WPA2. There are other wireless security issues noted below.
    Some people use only a well configured hardware firewall within the router with no software firewall at all. If they practice safe hex, they can get by just fine.

    In a LAN with a well setup router protecting you from inbound threats, an outbound software firewall provides a good second line of defense.
    It main purpose in this case is to control what programs (and components) can connect to the internet or LAN.
    The thing is that there are so many different programs/versions/components that are installed on people's computers that it is not possible to preconfigure a firewall to account for all the variations that may exist on the user's computer. While the most basic operating system components are usually preconfigured in the firewall, the rest are left up to the clueless end user to figure out whether to allow or block this or that component from connecting.
    This can be very frustrating with all the mysterious alerts and not knowing what to choose. But it is doing its job by alerting you and giving you control over what can and cannot connect. After a little while of "teaching" the firewall what to allow and block, the alerts will be much less frequent and only appear when something new appears and tries to connect (like that new software you just installed that really shouldn't need to connect to the internet) or something has changed. By simply searching google, you can usually find out enough about an unknown component to make a decision. If not, search the firewall forums and/or ask the question.

    I've used Zone Alarm (up to version 5.5) and Agnitum Outpost Pro.
    I've moved away from ZA and haven't looked back.
    Outpost Pro has a lot of powerful features in a pretty easy to use package.
    Maybe not quite as newbie friendly as ZA.

    You will find a lot of useful info at the Outpost Forum.
    The basic rules of what to allow or block will be similar across firewalls.
    Each firewall will just have different ways of setting those rules up.

    Make sure you turn off your anti-virus before you install or uninstall the firewall. The firewall is installed at a low level in the operating system and an anti-virus (also at a low level) can interfere with the install process.

    As you are using a wireless LAN, you should take extra precautions to secure it. Search this forum for the keyword wireless and you will find many useful threads. Also, here is a good article.
    Protect yourself from Wi-Fi freeloaders

    Definately check out some or all of Steve Gibson's SecurityNow Podcasts on the internet, LAN, NAT routers, WPA, and wireless security. A lot of great info there delivered in a way that is easy to understand.

    Practically Networked has some good articles on networking.

    These GRC articles are really old (for windows 98 ), but some of the general concepts for understanding may still have a little use:
    Windows Networking 101
    Network Bondage

    How long is this post?
    Certainly longer than it started out to be! :D
     
  7. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
  8. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    I 2nd Devinco's suggestion, Outpost is far superior to ZA. It takes a bit more knowledge to use though.
     
Thread Status:
Not open for further replies.