application and rules based firewalls

Discussion in 'other firewalls' started by arj1, Sep 1, 2003.

Thread Status:
Not open for further replies.
  1. arj1

    arj1 Guest

    I am new to firewalls, and after doing much reading here I`ve found that there are application and/or rules based firewalls. Can someone explain the difference between them,and possibly the advantages of one over the other? also ,is there someplace that lists which firewalls are application or rules based or both? Thanks for any guidance, A.J.
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi arj1,

    Some reading: http://www.wilders.org/firewalls.htm
    for you while our firewall experts think about an answer. ;)

    Regards,

    Pieter
     
  3. arj1

    arj1 Guest

    Thanks Pieter, I thought I had read all that Wilders had on firewalls.. Somehow had missed this one...
    I`m learning...

    arj1
     
  4. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi arj1

    Application based firewalls will usually allow traffic based on rules permitting only those applications you approve to connect to the network/Internet. They will usually allow any traffic by these approved applications.

    Rule based firewalls allow you define what traffic will be permitted to the network/Internet. With rules, you can specify the protocols, source/destination address, source/destination ports that will be allowed or denied.

    Most newer software firewalls are now a combination of both. Allowing you to authorize only the applications you wish to connect , as well as being able to define specific rules for those applications or the system in general.

    ZA free is the closest to being just an application based firewall. The majority of others have rules capability allowing for more control over what is permitted. Some more than others.

    Regards,

    CrazyM
     
  5. arj1

    arj1 Guest

    Thanks CrazyM, Then would a combination of both be the better way to go?... for a beginner to learn more about rules.. I think I saw Sygate listed that way and Outpost..

    arj1
     
  6. arj1

    arj1 Guest

    CrazyM,
    If I`m reading this correctly,application based firewalls will allow any traffic as you said,by these approved applications. Isn`t IE an application that would have to be approved? In that case IE would allow any traffic through on that type of firewall. Zonealarm as you said is that type of firewall ,but I didn`t think that it would allow any traffic through.. I know I must be missing something here.. (probably my brain)...Thanks for posting.

    arj1
     
  7. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    Hi arj1,

    We might just have a wording or a definition problem here... What CrazyM was saying is that with the simpler application based firewalls, you either allow a program to have Internet access or you don't. If you give them that access, then they are free to use whatever protocols and ports that they want, without the fine tuning that is possible in the more advanced firewalls.

    From the way you've asked the above question, I'm wondering what exactly your concern is, especially with IE and "allow any traffic through". Can you explain that a little more so we can be sure we're all talking about the same thing?

    Just as an aside, Zone Alarm Plus and Zone Alarm Pro have a full combination of application and rule based controls, so the fine tuning that is mentioned above can be done in those software firewalls.
     
  8. arj1

    arj1 Guest

     
  9. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    Well, in many regards I agree with you. A firewall that allows you simply to either approve an application or block it, with no ability to restrict it in certain subtle ways, does not give you a great deal of control. (Especially for those of us who are control freaks, like myself. ;) ) However, many people have no problem with this. They say that if they are going to trust an application, such as, oh a media player perhaps, then they are going to trust it completely. If they didn't trust it, they wouldn't install it or use it at all.

    That's fine, too. But, I must say I do like to have more granular control. For example, I use Outlook Express for my ISP email (POP3 and SMTP). I want it to go to only a specific list of approved email servers and only on the ports required. I do not want it to be able to hit some Internet site that's linked inside an HTML based email message or do anything but email. So, in my firewall I limit the servers and ports it can use. I trust it - but only up to a point. You can see how I accomplished this using ZA+ and ZAP in this thread.

    There are of course many firewalls available. I use Zone Alarm Pro myself, and I would recommend it (or Zone Alarm Plus) to you only because I know it and I could advise you on using it. However, Sygate is another of the same type and there are people here who can also advise you on that. And, there are others available. My advice would be to take advantage of the free trials available and try out a few different ones. (But, don't ever install more than one at a time! Install one. Try it. Deinstall it fully, and verify if needed before installing the next.)
     
Loading...
Thread Status:
Not open for further replies.