Is Personal Firewall really enough?

Or Do we need something like Snort, to truly protect the PC?
If so, is there any free and easy to use solutions? Snort isn't that easy for windows.

 

Snort has signatures for network 'attacks'. Symantec endpoint protection also has it (probably updated version of the old sygate firewall). I'm sure there are others with built in IDS signatures.

 

As far as I know, Snort is used mostly for detection, rather than protection.

 

Do you have any reason to think that a firewall may not be enough, or are you just playing the ever-so-popular security paranoia game?

 

AFAIK, Kerio 4 has a NIDS module.

You can configure Snort to drop/stop traffic which is deemed abnormal.

A classic IDS is next to useless in a home PC (IMO). OTOH, Snort running in your gateway may be useful to stop a great portion of the "Internet noise" (IP scanning, network probes, OS scanning and the like) besides a SPI firewall. Also, Snort has signatures for application-specific vulnerabilities and it may block traffic originated from a infected machine in your LAN.

 

Snort is an IDS not a firewall... was never designed to protect a "PC" it is meant to control and track access to network end points and for traffic analysis.

I would use SmoothWall Express www.smoothwall.org instead as it is a full blown firewall and it's free (must build it yourself though). Requires an old pc but it's way more powerful than any firewall/switch combo type devices...

 

Regarding Smoothwall I'd be interested to hear more about how it's more powerful then the firewall in a home router. I have a spare PC and would consider dedicating it to run smoothwall.

 

For starter it usually ends up being in a box with a processor more powerful than 200Mhz... and it has more features... vpn and many others usually not found in most devices...

It's built on linux with minimal services (no unnecessary services) meaning you are less likely to be hacked successfully. It is entirely web enabled so all you need is a web browser to manage it. It works on 2 or more nics and It doesn't suffer the same limitations as a router/firewall/switch device as it is a dedicated firewall (No switch) all power available on host pc is entirely available to it. You can also use it to partition small LAN's into managed segments and so on...

As a filter it is feature rich and it is easily tweakable. And above all it's Free...

 

While browsing, I was alerted to a similar project called comixwall. It is a firewall with a webinterface built on openbsd. Relatively new project though. Hope it turns out well.

 

I'm running Smoothwall Express 2.0 on an old Gateway P5 with 32MB RAM and a 133MHZ processor. Haven't tried 3.0 yet, so I can't say if it will run on hardware as underpowered as this. The total cost for converting the old PC was 2 network cards and a crossover cable, about $50. Once you get past the initial setup, the Smoothwall PC doesn't need a monitor, mouse, or keyboard attached.

Smoothwall 2.0 has been rock stable for me. The last time it was restarted was 78 days ago, and that was a power failure. Even on the underpowered hardware I'm using, there's no performance loss with 864/160 DSL. Eventually, I want to add a PCI ADSL modem to it and get rid of the vendor supplied modem entirely. Easily the best $50 I've spent on a computer.
Rick

 

Another similar product I forgot... Might be even better all things considering what it actually offers is Untangle Security Gateway....
from http://www.untangle.com/

The best open source projects, integrated and made easier for spam blocking, web filtering, remote access and more

* Commercial-grade open source alternative to SonicWALL and WatchGuard
* 14 integrated apps - use one or all of them
* Runs on off-the-shelf hardware

It's Free!

The picture on the link below describe Free vs Pro features:
http://www.untangle.com/images/open_vs_professional_table.png

 

NO! If you troll, you'll pay a toll; therefore get a hardware firewall (many routers include same) and two-way software.