Which is more important?

Discussion in 'other firewalls' started by duke1959, Jan 9, 2007.

Thread Status:
Not open for further replies.
  1. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    If you had to choose between using only HIPS, or only a Third Party Software Firewall behind a Router Firewall, which would you choose, and which do think is more important for security now a days?
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    For me: a sandbox + a third-party firewall.
    -Sandbox: the malware is contained in a virtual machine. Easy to use.
    -Firewall: enforces strict network access permissions. Not very easy to use.
     
  3. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    I use the 3rd option - HIPS behind Router Firewall i.e no software Firewall.

    My belief is that the Router helps stop bad things coming in and ProSecurity ( the HIPS) would warn me if something did get thru and then tried to make changes.

    Edit - which is more important ? (1) The Router Firewall (2) system Image to restore if required (3) The HIPS
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,694
    Hello,
    It would be firewall.
    Mrk
     
  5. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country

    Router Firewall or Software Firewall ?
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,694
    Hello,
    Either or both. Anyhow I'd choose firewall over HIPS.
    I can handle software on me PC easily. I cannot as easily handle external traffic or 65,000 x 2 ports and such. Doable but why bother if you have firewalls to do that for ya.
    Mrk
     
  7. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    I agree - which is why I also put Firewall first but I had always been led to believe that a hardware firewall was preferable. I would quite happily run with no HIPS but not without a firewall. I may well be wrong, I certainly don't know enough to argue the point one way or the other, but I wouldn't feel comfortable going back to a modem and kerio.
     
  8. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Definitely hips for me. I don't see that need for a software firewall when a hardware firewall is in use. Hips can take care of everything else.
     
  9. herbalist

    herbalist Guest

    Traffic control is one of the most important aspects of PC security. As much as I like SSM, I'd choose the firewall, Kerio 2.1.5 of course. I ran Kerio with dialup service for years. Nothing ever bypassed it.
    Rick
     
  10. cprtech

    cprtech Registered Member

    Joined:
    Feb 26, 2006
    Posts:
    335
    Location:
    Canada
    Hopefully I correctly interpret your hypothetical setup: only a HIPS behind a router or only a 3rd party software firewall behind a router?

    If so, then the HIPS behind the router. The router blocks the nasty inbound traffic, while the HIPS can provide alerts to potentially dangerous apps, especially since there is no antivirus in this hypo setup. The common "call home" options normally enabled by default on so many apps can be easily disabled, minimizing the undesirable outbound traffic.

    Besides, I could use a HIPS such as SSM, the one I'm currently using, that has basic outbound network filtering. You never said this was not an option ;)
     
  11. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    My thoughts exactly :)
     
  12. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    When I had to choose, I would opt for HIPS. I have until a week ago not used a software firewall. Until someone attended me to SensiveGuard which also has file access notification (we are behind a inbound only hardware FW)

    I use the Forrester or Gartner scheme to decide on which security aps to keep (besides their scores in real life tests). Yellow field on PC 2 means overlap and potential conflicts/spilling of CPU power
     

    Attached Files:

  13. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    id go with a software firewall or Prevx1 + router.
     
  14. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,183
    I'd choose software firewall as more important. And I am only talking about basic ones like kerio 2.1.5 or Sygate. Well, Sygate 5.5 free has 'DLL Authentication', but it is too bothersome for me, so it is not turned on. Also 'Anti-Apllication Hijacking' that is on.

    These days when people speak about "firewalls", they are actually more than that. More means they conflict with every other security solution like Hips's and sandboxs. I would stay away from them. Trouble to run and in case a newbie, better use just win XP SP2 fw.

    And also, these newer firewalls, since the interest is on those leaktests etc. caused by qkweb who still has not tested kerio 2.15 with hips as should have, the main interest of concentrating of building nice interfaces for packet filtering, logging connections, gets lost in all the other stuff.
    Comodo is an example of that. I never bother to participate in those threads, when some new release is available, always fanboys are there posting it, talking, many of who know nothing of building a good ruleset. My comment only is that the firewall basics. Build them as well as kerio 2.1.5 or even Sygate. And make it possible to save rules too instead of some registry thing. Sygate free has not also that option. They are not in registry, but anything better than there. And make the network rules at least to be ticked or unticked when needed, with that Comodo "Firewall" I mean. And no black box as it is now. If a good firewall is to be made, there will be no "levels" to choose but features to able or disable as one pleases. That kind of firewall maybe not for a general ignorant users though.

    After kerio comes Sandboxie and last but not least SSM free.
    Currently playing again with Sygate and running same time those other too, cause I want to see how well they play together.

    My system is not very stable, some hardware heating up problems propably in motherboard or power source, maybe CPU or video cards fan not rotating.
    So when I get a total freeze with running some programs like Google Earth or some videos and need a hard reboot, not really possible to see if any conflicts between those 3 security apps. Same happens with kerio 2.1.5 too which I am going back soon cause I like it a bit more than SPF. More straightforward packet filtering and control.

    I am interested to hear if anyone can tell if any imcombatibilites between SSM free and Sandboxie 2.64 running same time? It is not a big deal since I can use SSM only for diagnostics and normally turned off.

    Running Sygate now since updating my guide in the sig below. And like kerio, it does not bother me much.
    Jarmo
     
    Last edited: Jan 12, 2007
  15. yahoo

    yahoo Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    290
    Location:
    nowhere
    My vote goes to software firewall.

    My logic is that software firewall, once configured properly, can block unwanted outbound traffic from one's computer. Even if there is some malware on one's computer, it can not do much harm if it can not send out information to the net. More important, software firewalls nowadays can pass more and more leaktests. HIPS, although good, many people can not use it properly, although they usually believe that they can.
     
  16. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,213
    I also think a software firewall is essential: The only way to stealth your ports while your're surfing. But it's always the same story, nowadays you need more than one application, and they are all important.
     
  17. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    A Hardware Firewall/Router doesn't stealth your ports ?
     
    Last edited by a moderator: Jan 15, 2007
  18. Billy Blaze

    Billy Blaze Registered Member

    Joined:
    Mar 12, 2005
    Posts:
    79
    Location:
    Vorticon VI
    My vote would go for a router and then software firewall/hips. I think the benefits of a router is that it is OS independent and it is also relatively independent from user intervention. NAT for routers provides more than adequate inbound protection without the need of SPI or any other "extras." And as far as outbound protection goes a software firewall or hips would suffice, though it can be argued that outbound protection is really not the main function of either of these programs, but is more of a side effect of the protection they offer (more so with hips than software firewalls).

    So I guess my choice would be for the router/software firewall combination.
     
  19. herbalist

    herbalist Guest

    Stealthing doesn't do that much to protect you during browsing. Any website you connect to has your IP. The webserver couldn't send you a webpage without it. The only place stealthing makes much difference is with random port scans. A stealthed system doesn't reply to them. Stealthing is a bigger asset to dialup service users who have floating IPs and are a moving target. With hi speed service, your IP doesn't change nearly as much, so you're pretty much a stable target.

    While stealthing is great, closed is good too. What really matters is that your ports aren't open to general access. Ports that reply "closed" are secure. Even though they are acknowledging your existence, traffic is still blocked. Some apps need to be able to receive incoming packets for the app to work. Stealthing the port it uses can cause problems for some apps, fortunately not for many. In these cases, the port should only be open to the specific IP or IP range the app needs, no more.

    Not all routers stealth ports. The router supplied by my DSL service (Netopia) doesn't stealth anything, even though the firewall on my PC does. Eventually I'll get a better one. Even with a router, I still consider the firewall necessary for outbound traffic control, especially that which originates from Windows itself.
    Rick
     
  20. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    When you get down to it, stealth adds less than not much, it really adds nothing of value.

    Blue
     
Thread Status:
Not open for further replies.