Which is more important?

If you had to choose between using only HIPS, or only a Third Party Software Firewall behind a Router Firewall, which would you choose, and which do think is more important for security now a days?

 

For me: a sandbox + a third-party firewall.
-Sandbox: the malware is contained in a virtual machine. Easy to use.
-Firewall: enforces strict network access permissions. Not very easy to use.

 

I use the 3rd option - HIPS behind Router Firewall i.e no software Firewall.

My belief is that the Router helps stop bad things coming in and ProSecurity ( the HIPS) would warn me if something did get thru and then tried to make changes.

Edit - which is more important ? (1) The Router Firewall (2) system Image to restore if required (3) The HIPS

 

Hello,
It would be firewall.
Mrk

 

Router Firewall or Software Firewall ?

 

Hello,
Either or both. Anyhow I'd choose firewall over HIPS.
I can handle software on me PC easily. I cannot as easily handle external traffic or 65,000 x 2 ports and such. Doable but why bother if you have firewalls to do that for ya.
Mrk

 

I agree - which is why I also put Firewall first but I had always been led to believe that a hardware firewall was preferable. I would quite happily run with no HIPS but not without a firewall. I may well be wrong, I certainly don't know enough to argue the point one way or the other, but I wouldn't feel comfortable going back to a modem and kerio.

 

Definitely hips for me. I don't see that need for a software firewall when a hardware firewall is in use. Hips can take care of everything else.

 

Traffic control is one of the most important aspects of PC security. As much as I like SSM, I'd choose the firewall, Kerio 2.1.5 of course. I ran Kerio with dialup service for years. Nothing ever bypassed it.
Rick

 

Hopefully I correctly interpret your hypothetical setup: only a HIPS behind a router or only a 3rd party software firewall behind a router?

If so, then the HIPS behind the router. The router blocks the nasty inbound traffic, while the HIPS can provide alerts to potentially dangerous apps, especially since there is no antivirus in this hypo setup. The common "call home" options normally enabled by default on so many apps can be easily disabled, minimizing the undesirable outbound traffic.

Besides, I could use a HIPS such as SSM, the one I'm currently using, that has basic outbound network filtering. You never said this was not an option

 

My thoughts exactly

 

When I had to choose, I would opt for HIPS. I have until a week ago not used a software firewall. Until someone attended me to SensiveGuard which also has file access notification (we are behind a inbound only hardware FW)

I use the Forrester or Gartner scheme to decide on which security aps to keep (besides their scores in real life tests). Yellow field on PC 2 means overlap and potential conflicts/spilling of CPU power

 

id go with a software firewall or Prevx1 + router.

 

I'd choose software firewall as more important. And I am only talking about basic ones like kerio 2.1.5 or Sygate. Well, Sygate 5.5 free has 'DLL Authentication', but it is too bothersome for me, so it is not turned on. Also 'Anti-Apllication Hijacking' that is on.

These days when people speak about "firewalls", they are actually more than that. More means they conflict with every other security solution like Hips's and sandboxs. I would stay away from them. Trouble to run and in case a newbie, better use just win XP SP2 fw.

And also, these newer firewalls, since the interest is on those leaktests etc. caused by qkweb who still has not tested kerio 2.15 with hips as should have, the main interest of concentrating of building nice interfaces for packet filtering, logging connections, gets lost in all the other stuff.
Comodo is an example of that. I never bother to participate in those threads, when some new release is available, always fanboys are there posting it, talking, many of who know nothing of building a good ruleset. My comment only is that the firewall basics. Build them as well as kerio 2.1.5 or even Sygate. And make it possible to save rules too instead of some registry thing. Sygate free has not also that option. They are not in registry, but anything better than there. And make the network rules at least to be ticked or unticked when needed, with that Comodo "Firewall" I mean. And no black box as it is now. If a good firewall is to be made, there will be no "levels" to choose but features to able or disable as one pleases. That kind of firewall maybe not for a general ignorant users though.

After kerio comes Sandboxie and last but not least SSM free.
Currently playing again with Sygate and running same time those other too, cause I want to see how well they play together.

My system is not very stable, some hardware heating up problems propably in motherboard or power source, maybe CPU or video cards fan not rotating.
So when I get a total freeze with running some programs like Google Earth or some videos and need a hard reboot, not really possible to see if any conflicts between those 3 security apps. Same happens with kerio 2.1.5 too which I am going back soon cause I like it a bit more than SPF. More straightforward packet filtering and control.

I am interested to hear if anyone can tell if any imcombatibilites between SSM free and Sandboxie 2.64 running same time? It is not a big deal since I can use SSM only for diagnostics and normally turned off.

Running Sygate now since updating my guide in the sig below. And like kerio, it does not bother me much.
Jarmo

 

My vote goes to software firewall.

My logic is that software firewall, once configured properly, can block unwanted outbound traffic from one's computer. Even if there is some malware on one's computer, it can not do much harm if it can not send out information to the net. More important, software firewalls nowadays can pass more and more leaktests. HIPS, although good, many people can not use it properly, although they usually believe that they can.

 

I also think a software firewall is essential: The only way to stealth your ports while your're surfing. But it's always the same story, nowadays you need more than one application, and they are all important.

 

A Hardware Firewall/Router doesn't stealth your ports ?

 

My vote would go for a router and then software firewall/hips. I think the benefits of a router is that it is OS independent and it is also relatively independent from user intervention. NAT for routers provides more than adequate inbound protection without the need of SPI or any other "extras." And as far as outbound protection goes a software firewall or hips would suffice, though it can be argued that outbound protection is really not the main function of either of these programs, but is more of a side effect of the protection they offer (more so with hips than software firewalls).

So I guess my choice would be for the router/software firewall combination.

 

Stealthing doesn't do that much to protect you during browsing. Any website you connect to has your IP. The webserver couldn't send you a webpage without it. The only place stealthing makes much difference is with random port scans. A stealthed system doesn't reply to them. Stealthing is a bigger asset to dialup service users who have floating IPs and are a moving target. With hi speed service, your IP doesn't change nearly as much, so you're pretty much a stable target.

While stealthing is great, closed is good too. What really matters is that your ports aren't open to general access. Ports that reply "closed" are secure. Even though they are acknowledging your existence, traffic is still blocked. Some apps need to be able to receive incoming packets for the app to work. Stealthing the port it uses can cause problems for some apps, fortunately not for many. In these cases, the port should only be open to the specific IP or IP range the app needs, no more.

Not all routers stealth ports. The router supplied by my DSL service (Netopia) doesn't stealth anything, even though the firewall on my PC does. Eventually I'll get a better one. Even with a router, I still consider the firewall necessary for outbound traffic control, especially that which originates from Windows itself.
Rick

 

When you get down to it, stealth adds less than not much, it really adds nothing of value.

Blue