What Firewall are YOU using?

built in firewall on the win2k3 server (my router) and my pc has the Nforce4 Ultra firewall running as well (which rocks). It tends to be disabled often though as I'm too lazy to tweak it for every little thing...
 
Cisco Pix 506e. Snort and Nessus as software guards..
Current Org has out grown the pix so I'm thinking of switching it out for an all in one symantec 5640..

any opinions on the 5640?
 
Clarkconnect 3.2 SOHO for the main gateway. Winxp built in firewall when I'm running XP, iptable rules when I'm running Ubuntu on VMWare.
 
now i SEE why people are using kerio!

i just installed it and it seems to be a hell of a lot mroe difficult to configure than Zone Alarm pro, but all port scans come up completely negative, even when im running my usual apps.

i will say that the program launching guard (that makes sure one prgram cannot start another one) is a a PAIN!
but i can see its obvious benefits.
 
linksys something or another, into ISA 2004 ,and apple's builtin stealth firewall. Thats until i get new hardware. Then it will be even more excessive, m0n0wall-> isa 2004 -> natbox -> apple firewall
 
trans this said:
linksys something or another, into ISA 2004 ,and apple's builtin stealth firewall. Thats until i get new hardware. Then it will be even more excessive, m0n0wall-> isa 2004 -> natbox -> apple firewall
Click to expand...


Holy tinfoil hats batman!!! :eek:
 
trans this said:
linksys something or another, into ISA 2004 ,and apple's builtin stealth firewall. Thats until i get new hardware. Then it will be even more excessive, m0n0wall-> isa 2004 -> natbox -> apple firewall
Click to expand...

Slightly paranoid, or do you actually know who killed JFK?
 
HighwayAssassins said:
none at all...and whats all this "Anti-Virus" shit i keep hearing about?
Click to expand...
That too.

One's OS should be.. clean. A lot of crap like software firewalls and on-access AV scanners are crutches for those who (in the case of AV programs) don't have the brain power to resist clicking on that questionable email attachment or (in the case of firewalls) can't themselves or don't know anyone capable of setting up their system/network correctly in the first place.

Turn off any unnecessary services, keep your system patched, don't surf the web using IE in an unsecure mode, don't open questionable email attachments, and have a hardware firewall at the entrance to your network and you're golden. Schedule a full AV scan to run once a week when you're not going to be on your computer.

Leave the active security programs on the shelf where they belong.

(Laptops that are used to connect to unsecured networks are the one notable exception.)
 
HHunt said:
Slightly paranoid, or do you actually know who killed JFK?
Click to expand...


no shit! his packets have to lift their sack and spread 'em before they're received! LMFAO!

I recently disabled my software firewall, we'll see how it goes. I'm content so far...
 
So, versello, what do you use?

edit: just saw you listed ISA Server.

I wouldn't exactly categorize that as a "software firewall."
 
kumquat said:
So, versello, what do you use?

edit: just saw you listed ISA Server.

I wouldn't exactly categorize that as a "software firewall."
Click to expand...

It is a software firewall, nonetheless. Which is why I was offended by your remark. :p
 
versello said:
It is a software firewall, nonetheless. Which is why I was offended by your remark. :p
Click to expand...
Ultimately, any firewall is "software".. heck, a Pix runs software to do firewall duty, and so does a cheap Linksys box.

Obviously, by "software firewall" I meant "personal firewalls" in the vein of ZoneAlarm.

Firewall duty is important enough and resource-intensive enough to be moved to a dedicated box, such as ISA Server, OpenBSD, or a PIX.
 
kumquat said:
Ultimately, any firewall is "software".. heck, a Pix runs software to do firewall duty, and so does a cheap Linksys box.

Obviously, by "software firewall" I meant "personal firewalls" in the vein of ZoneAlarm.

Firewall duty is important enough and resource-intensive enough to be moved to a dedicated box, such as ISA Server, OpenBSD, or a PIX.
Click to expand...

Now you've made me curious. Could one feasibly construct a truly hardware firewall?
(Firewall-ASIC? Whouldn't be impossible.)

Of course, it'd be sort of hard to upgrade.
 
kumquat said:
What kind of electronics does not run on any software?
Click to expand...

Amplifiers, converters, some of the dumber forms of interfaces. Controller chips. RAM.

Come to think of it, CPUs qualify as well. :D
They're almost always used to run software, of course, but I've seen tricks like "how to use a Z80 as a counter". Of course, by then you're not using it as a CPU anymore.
(The CPU itself doesn't use any software to run code, though, and that is closer to the point.)

edit:
An even better example is probably the packet-moving ASICs of a switch. My impression is that they are closer to "software expressed as hardware" than "hardware running software".
 
Windows built-in, plus the firewall running on my router. The Windows firewall is enough to stop most people anyway.
 
At home, nothing. I'm on dialup, so I figure I wouldn't be a direct target of a script kiddie, so I just keep my Win2k ICS box patched and the defs on AVG updated.

At work we use a Watchguard II (old and dying) and we will be replacing that this February with a Smoothwall with the Dans Guardian/ClamAV, Full Firewall Control, and Multiple IP addresses mods added.
 
Cisco 831(CBAC) and a layer 2 transparent IPS (Linux running Hogwash and other goodies...)
...soon to be Cisco PIX 501 and OpenBSD as a layer2 IPS "switch"
just like to tinker and play...
 
I implemented several GTA GB-2000 firewalls for our corporation, we also have few of their older GB-1000 firewalls.

The last thing you want to do is buy a well known firewall like PIX IMHO. it's asking for trouble.

For anyone as paranoid as me, I'd highly recommend you check out GTA firewalls (www.gta.com).
 
You must log in or register to reply here.
Back
Top