Inbound Protection

Discussion in 'other firewalls' started by Someone, Aug 19, 2008.

Thread Status:
Not open for further replies.
  1. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    It's what i suspect. If i boot XP again, i'll try to document it.
     
  2. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    2,053
    Location:
    Serbia
    Well in that case, the OP can just run Windows Firewall (or any other) and be perfectly safe. Without issues, that is. Which makes this whole thread pointless.

    I would also like to hear on what criteria does the members here recommend an inbound firewall. A hardware one (router) will hardly provide better filtering than most software firewalls, so...

    @ Ghost ARCHER,
    please don't hijack the thread. If you have concerns with Jetico, make your own.

    Cheers,
     
  3. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi

    So Jetico and Outpost both have better inbound than Windows Firewall?

    Are Comodo and Online Armor good choices in terms of inbound protection?

    Thanks
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,959
    Yep, pretty much.....
     
  5. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    Yes, Windows Firewall provides very basic inbound protection.

    But almost all commerical grade firewalls provide good inbound protection. Including Comodo, OA, Outpost and Jetico. They have pre-built ruleset to cover most scenarios.
    If you want to create powerful rule for some specific scenario. IMO, Jetico is best and Outpost comes second with its easier interface.

    Hope that clarifies your question.
     
  6. nomarjr3

    nomarjr3 Registered Member

    Joined:
    Jul 31, 2007
    Posts:
    502
    For beginners/newbies/non-techies:
    PC Tools Firewall Plus
    Sygate Personal Firewall 5.6.2808

    For IT pros/com scientists/techheads:
    Kerio 2.1.5
    Online-Armor Firewall
    CPF 3


    If you're willing to pay, Outpost Firewall PRO is the best bargain
    :cool:
     
  7. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I'd recommend a software firewall for inbound traffic whenever you're not blocking all inbound traffic outright.
    Examples:
    If you want one app to be able to receive inbound specific traffic but not another, like a P2P program.
    Hardware firewalls work on a system-wide basis. Traffic is allowed or blocked for the entire OS and everything installed on it. Only a software firewall can control traffic on a per-application basis.
     
  8. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi

    Thanks for the reply. So all firewalls have pre-built rulesets which are better than Windows Firewall? Are these rulesets different to a NIPS and SPI?

    Thanks
     
    Last edited: Aug 21, 2008
  9. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi

    I've heard that Outpost uses user-mode hooks or something, which is supposedly not effective against real malware. Is this true?

    Thanks
     
  10. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,959
    It's basically pretty simple. ANY firewall (Win Firewall or router included) that blocks inbound serves it's purpose, and for a home user, that is sufficient IMO. It just depends on how fanatical one wants to get with all this. There are various flags and types of packets and so on and on, some firewalls have rules to accomodate all this and some don't. So there are varying degrees of inbound protection, but once again, I would maintain that for an average home user, none of it matters. ANY firewall or router will effectively block inbound, even something as advanced as CHX-I will block inbound with one simple block rule.

    Return packets from outbound traffic are allowed thru based on some form of SPI. There are also varying degrees and varieties of SPI as well.

    If you enjoy experimenting and studying all this, that's fine. But again, for all practical home purposes and usage, unless you are expecting a packet generating cannon to be aimed at your firewall, anything will do.
     
  11. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,097
    Location:
    QC
    [slightly OT & out of curiosity]

    Is there a rule-based (inbound-only) firewall allowing us to set a rule to be activate when, and only when, a designated process is running?
    I am only aware of the oldy Conseal PC firewal, back then.
     
  12. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    2,053
    Location:
    Serbia
    Look'n'Stop can do this. If you say Conseal could do it I would suspect 8Signs can do the same, since it is a rebrand (or whatever) of Conseal.
     
  13. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    I honestly don't know what is going on, and I am not familiar with KIS. Perhaps you can make a rule to allow all outbound connections to that url.
     
  14. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,097
    Location:
    QC
    Great, I'm more and more tempted to change my firewall for L'n'L. I think am now ready give it a fair try. I am already a regular lurker in their support forum, from some months, and I like to see the developer is very active to answers all users' requests there.
    I am using 8Signs and it's probably one if not the the only thing one of the rare features that was not ported from Conseal.
     
    Last edited: Aug 21, 2008
  15. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    2,053
    Location:
    Serbia
    It is a great firewall. 8signs has a different purpose.

    My bad most likely. I am not very familiar with these two, especially with Conseal. Someone will hopefully correct me.
     
  16. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,959
    I can't say for sure as I'm not using it anymore, but it's possible that CHX-I may be able to do this, however, it's not application oriented in the usual sense, so I really don't know. Also, it's no longer supported or developed. But I do remember v3 had various triggering oriented features...
     
  17. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,097
    Location:
    QC
    CHX-I! I did never find my way to try this intriguing firewall, and knowing its current abandon state I am now reluctant to invest a fair amount of learning time in it. But I should have v3 archived on some cd from 1 or 2 years ago, so if curiosity really get on me I could maybe give it a looksee.
    But I would say that I am almost sold to go with L'n'S, for now... and compare its abilities vs my using of 8Signs.
     
  18. Ghost_ARCHER

    Ghost_ARCHER Registered Member

    Joined:
    Jan 21, 2007
    Posts:
    62
    I don't get it. Need more explanation. First I don't know if you suggest to that I should or should not. I have read this sentence for 3 times and because I don't understand that much, I don't know if I should or should not :).


    Then I post a screenshot on what lightweight means, cheers
    http://i38.tinypic.com/2wefkhz.png

    Also, I found that I can play the warrock again after I switch to jetico from Online armor free. It was once updated frames every 10 seconds to 1+ minutes

    Cheers
     
  19. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    Yes, Windows Firewall has limited capabilities. Since it has limited rules, which are hardcoded and are not updated with passage of time.

    Now as you point out firewall can use different methods to provide protection. For ex: Ruleset, NIPS and SPI.

    Ruleset: Is most basic, fast and gives a lot of manual tweaking abilities. For any new attack/flood, you will need newer rules. Hence its best to choose a Firewall which can update its ruleset via internet regularly.
    Probably comparable to signature database/detection of AV.

    SPI: Requires a litter more buffer and can cause incompartiblity issues under some conditions like TCP window scaling. But because it treats each packet as untrusted, it can protect against some attacks for which explicit rules may not exist.
    Probably comparable to heuristic scanner of AV.

    NIPS : Highest resource usage and using neural matrix can predict/detect attacks hence providing greatest amount of protect. But it needs to be trained and well configured, else will lead to blockage of good traffic.
    Probably comparable to Behavioral Blocker of AV.

    Now for your normal home user, rule-based firewalls are enough. Since they are not directly connected to the internet and can rely upon the ISP network to filter many attacks.
    If you want to be extra cautious, you can also try firewall which has SPI. At the cost of performance, you can get some more defense.
    If you want to provide armor to your server/gateway/network, you can go for NIPS.

    Hope that helps.
     
  20. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    So there is not much chance that something can get by even the Windows firewall?

    Thanks
     
  21. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Are there any other different methods to provide protection?
    Which firewalls have which of these features?

    Thanks
     
  22. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    @vijayind: I have WinXP firewall and a home router with SPI. Do you think this covers the things mentioned in your post?
     
  23. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello all,

    I see a discussion regarding a comparison between a typical home router and windows firewall for inbound protection/filtering.

    For me personally, given the option of paying for a cheap router or using windows firewall, I would pick windows firewall. (of course, that is based on a single PC setup)

    I will put together a post showing the options and filtering of windows firewall (something I should of done (and meant to) a while ago. I will do that this afternoon and post to a new thread.

    - Stem
     
  24. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    Again, what is the definition of cheap?
    Or is the conclusion/opinion that every home router is crap?

    I mean, does your remark apply to a router that costs 20-30 dollars or also to a router that costs around 200 dollars (roughly recalculated from euro to dollar)?
     
  25. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    If you have a home router with SPI, you are well secured against inbound attacks :thumb:

    But since, most malware can sneek past Windows Firewalls outbound protection. I would recommend using HIPS/Behavioral Blocker programs.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.