Application Filtering

Just about to purchase a router/hardware firewall, so my need for a 'good' software firewall will be less, however I would still like strong Application Filtering to control what is allowed out onto the web. What do people suggest? Run something like LooknStop or Kerio/Tiny for its app filtering, but with all the 'proper' firewall rules off, or is there a more specific application that will do the trick?

Thanks
Simon

 

I have used the firewalls you have mentioned plus sygate and mcafee firewalls and all of them will give you good application filtering when you have it set up right and have them set to allow filter or block a particular application. I also have a hardware firewall but I use a software firewall to control out going connections. My software firewall log for incoming is always empty nothing has ever gotten past. So with a soft wall and a router you should be reasonable safe.

 

From a resource/overhead perspective I don't really want all my inbound traffic to be scanned against a whole list of rules needlessly, so wonder if these firewalls can be de-scoped and have all their inbound rules removed? i.e. they purely do the jobs of saying "application x' wants to access the internet - allow yes/no" assuming the h/w firewall is doing its job correctly

 

Look'n'Stop is for you so.

You can totally disable the inbound/outbound network filtering, and just let activated the application filtering (when one app wants a network access).

 

You could also use products such as System Safety Monitor or Abtrusion Protector.

 

Itwas my understanding that a router with hardware firewall was going to be used. It will block incoming with no resource drag on your computer. A software firewall will only have to filter outgoing because it wont have incoming even get to it. My firewall incoming log is always blank because of the hardware firewall.

 

PikeDude-
As far as I am aware both SSM and Abtrusion will spot applications(& DLLs) launching but not whether they intend to connect to the web or not...

bigc73542-
Even though the hardware firewall will block the incoming traffic, won't all legitimate stuff will still have to be examined by the software f/w before passed on - thus causing an overhead?

 

I haven't noticed any problems at all running both a soft and hard firewall. they just compliment each other. They just fill in where the other might have a weak spot just making both better. I personally wont run one with out the other. But of course it is up to you to decide what is secure for your computer. That is what is nice about having so much software available, you can have just about any set up you can imagine.

 

Useful to know that LooknStop can have inbound/outbound checking disabled - thanks gkweb.

Does anybody know of other firewalls that allow this?

 

I think you can emulate this in any firewall by creating a single rule to allow all inbound traffic, but if i have well understood your concerns, you don't want packets to be matched against rules unnecessary, and wasting ressources.

However, i think that using this trick would be negligible ressources speaking.

Thanks to the trial versions, you can test them and take a close look at memory and cpu used

 

Exactly, why do something that the hardware is already doing .

(I would imagine that the 'well documented(!)' LnS SPI restrictions (128 connections) will not occur if the 'in' checking is disabled...? )

 

That's right.