Application Filtering

Discussion in 'other firewalls' started by SimonW, Mar 17, 2004.

Thread Status:
Not open for further replies.
  1. SimonW

    SimonW Registered Member

    Joined:
    Feb 22, 2004
    Posts:
    115
    Location:
    Leicester, UK
    Just about to purchase a router/hardware firewall, so my need for a 'good' software firewall will be less, however I would still like strong Application Filtering to control what is allowed out onto the web. What do people suggest? Run something like LooknStop or Kerio/Tiny for its app filtering, but with all the 'proper' firewall rules off, or is there a more specific application that will do the trick?

    Thanks
    Simon
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I have used the firewalls you have mentioned plus sygate and mcafee firewalls and all of them will give you good application filtering when you have it set up right and have them set to allow filter or block a particular application. I also have a hardware firewall but I use a software firewall to control out going connections. My software firewall log for incoming is always empty nothing has ever gotten past. So with a soft wall and a router you should be reasonable safe.
     
  3. SimonW

    SimonW Registered Member

    Joined:
    Feb 22, 2004
    Posts:
    115
    Location:
    Leicester, UK
    From a resource/overhead perspective I don't really want all my inbound traffic to be scanned against a whole list of rules needlessly, so wonder if these firewalls can be de-scoped and have all their inbound rules removed? i.e. they purely do the jobs of saying "application x' wants to access the internet - allow yes/no" assuming the h/w firewall is doing its job correctly
     
  4. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Look'n'Stop is for you so.

    You can totally disable the inbound/outbound network filtering, and just let activated the application filtering (when one app wants a network access).
     
  5. PikeDude

    PikeDude Registered Member

    Joined:
    Aug 3, 2003
    Posts:
    45
    You could also use products such as System Safety Monitor or Abtrusion Protector.
     
  6. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Itwas my understanding that a router with hardware firewall was going to be used. It will block incoming with no resource drag on your computer. A software firewall will only have to filter outgoing because it wont have incoming even get to it. My firewall incoming log is always blank because of the hardware firewall.
     
  7. SimonW

    SimonW Registered Member

    Joined:
    Feb 22, 2004
    Posts:
    115
    Location:
    Leicester, UK
    PikeDude-
    As far as I am aware both SSM and Abtrusion will spot applications(& DLLs) launching but not whether they intend to connect to the web or not...

    bigc73542-
    Even though the hardware firewall will block the incoming traffic, won't all legitimate stuff will still have to be examined by the software f/w before passed on - thus causing an overhead?
     
  8. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I haven't noticed any problems at all running both a soft and hard firewall. they just compliment each other. They just fill in where the other might have a weak spot just making both better. I personally wont run one with out the other. But of course it is up to you to decide what is secure for your computer. That is what is nice about having so much software available, you can have just about any set up you can imagine. ;)
     
  9. SimonW

    SimonW Registered Member

    Joined:
    Feb 22, 2004
    Posts:
    115
    Location:
    Leicester, UK
    Useful to know that LooknStop can have inbound/outbound checking disabled - thanks gkweb.

    Does anybody know of other firewalls that allow this?
     
  10. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    I think you can emulate this in any firewall by creating a single rule to allow all inbound traffic, but if i have well understood your concerns, you don't want packets to be matched against rules unnecessary, and wasting ressources.

    However, i think that using this trick would be negligible ressources speaking.

    Thanks to the trial versions, you can test them and take a close look at memory and cpu used :)
     
  11. SimonW

    SimonW Registered Member

    Joined:
    Feb 22, 2004
    Posts:
    115
    Location:
    Leicester, UK
    Exactly, why do something that the hardware is already doing :).

    (I would imagine o_O that the 'well documented(!)' LnS SPI restrictions (128 connections) will not occur if the 'in' checking is disabled...? )
     
  12. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    That's right.
     
Thread Status:
Not open for further replies.