I was just curious which software firewall products people use. I've used several and currently use Sygate Personal Firewall Pro on my 2nd PC, and an old version of Zone Alarm Pro 3.0 on my primary PC.
Norton (Firewall, Suite, etc)
McAfee (Firewall, Suite, etc)
Sygate Personal Firewall (Regular or Pro)
Zone Alarm (Regular, Pro, or Suite)
Black Ice Defender
Kerio
Other
I was just curious which software firewall products people use. I've used several and currently use Sygate Personal Firewall Pro on my 2nd PC, and an old version of Zone Alarm Pro 3.0 on my primary PC.
Last edited by [AK]Hylander; 01-23-2005 at 08:23 AM.
"The inherent vice of capitalism is the unequal sharing of blessings; the inherent virtue of socialism is the equal sharing of miseries." - Winston Churchill
---
Hustedia.com | Husted Visuals | The Racing Historian
I hate having firewall software sucking up resources from my gaming. So I rely on my router to keep the bad guys out.
[AK]Abaddon
Router here.
The sun has fallen down
And the billboards are all leering
And the flags are all dead at the top of their poles.
August Knights
Secretary of War
Brewmaster
Router in conjunction with the integrated WinXP software firewall. We do currently run BlackIce on some of our servers at work, but we're actually moving everything behind a hardware firewall in the next two weeks.
I have a static IP and run a router with NAT as well, but I still run a software firewall. A router running NAT is 'good enough' for probably 95% of the script kiddie hackers, but "IF" one of your machines behind the router gets infected, you're other machines are vulnerable without either a hardware firewall or a software firewall on the machine.
I've seen the aftermath of systems compromised behind NAT routers without any other protection, it isn't pretty which is why I choose the extra protection.
NAT Router
Software Firewall
Anti-Virus
Anti-Spyware
This is even more important if you connect to a VPN that does not have a hardware firewall (which it obviously should), a WiFI network, or use port forwarding or DMZ (please don't!) for a home server, etc. I run a private/personnel FTP server from home using Secure FTP and have a wap.
Ab... if your software firewall is taking enough cycles and resources from your PC to effect your gaming in any noticeable manner.. you either are gaming on a Pentium 2 with 128 megs of ram or have something wrong with your PC / software install.
You could also always set the process priority on low for the app.
Just my .02, but I'm a security hound (but not close to being an expert).
Last edited by [AK]Hylander; 01-23-2005 at 08:24 AM.
"The inherent vice of capitalism is the unequal sharing of blessings; the inherent virtue of socialism is the equal sharing of miseries." - Winston Churchill
---
Hustedia.com | Husted Visuals | The Racing Historian
Although I used to work for zonelabs tech support and learned a few things from 'em, I currently only use my router firewall.
If you want to do some moderate testing of your security setup check out GRC's Shields up site, tests the more common security holes..
Now if only I knew how to spoof or stealth my ip without having to go through a proxy, or useing linux.
Last edited by Katanas Blade; 01-24-2005 at 04:52 AM.
I use the router, zonealarm and xp firewall except when in game
Router.
I do scan at least weekly for viruses and spyware, but that's about it for security.
I haven't used nor needed to use any anti-virus on my personal computer in over 7 years. Don't download and install crap, keep systems patched so crap that floats in embedded to emails don't bit you, and there isn't a problem. My perimeter device is nothing more than a Cisco 2621. It has the IOS Firewall featureset but I'm not so much as even using NAT on that platform. No CBAB or even an ACL is deployed. It serves as merely the point of presence. Downstream from the 2621 is a Cisco 506 PIX Firewall. This platform serves as my hardened perimeter.
I'm not currently, but have used Cisco's Security Agent as my host-based IDS/firewall. Integrated into the CiscoWorks VMS Security Management bundle to manage and report on events is nice but way overkill in a home environment. Presently, I run no personal firewall and no anti-virus because I simply don't need it.
Doesn't matter. Looks like you've read too many buzz words without actually understanding what they mean. Spoofing source IP addresses is only usefull if you're intent is to denial of service your victim. If you were to spoof your source IP address, it wouldn't be a usable TCP/IP connection for you. Without a valid source address, your packets would not return back to you. Without a full duplex, statefull connection, you can throw TCP out the window. UDP application would "work", but you still wouldn't ever receive the responses...your 'victim' would.Now if only I knew how to spoof or stealth my ip without having to go through a proxy, or useing linux.
Spoofing is for DoS, not for "hiding on the Internet".
Regards,
The Wraith
Pfft, I want it spoofed for anything other then what I directly connect to myself, as in I want to have the option of authorizing my ip to connect to, say verified urls/ftps/game servers, and any other non verified incoming connections would be routed to the spoofed ip.Doesn't matter. Looks like you've read too many buzz words without actually understanding what they mean. Spoofing source IP addresses is only usefull if you're intent is to denial of service your victim. If you were to spoof your source IP address, it wouldn't be a usable TCP/IP connection for you. Without a valid source address, your packets would not return back to you. Without a full duplex, statefull connection, you can throw TCP out the window. UDP application would "work", but you still wouldn't ever receive the responses...your 'victim' would.
That's not what spoofing is. That's called NAT'ing. Only allow your "verified" remote hosts to NAT to your internal IP address, all others can be blackholed. Generally, you let everything NAT but there is no technical reason you couldn't selectively NAT based on source. Regardless, you could NAT all and firewall all IPs with a "deny any any" logic, which would accomplish the same end result. What you're not actually interested in is IP spoofing.Originally Posted by [AK?]Katanas Blade
Regards,
The Wraith