Discussion in 'OT Technology' started by Stratosphere, May 24, 2006.
No NIS please...
Was about to ask the same thing
I have no problems with XP SP2's firewall.
don't know if it's the best, but i use Sygate, a few OTers recommended it to me a few times...
used to use Zone Alarm...
best.......... for whom? what level of user? how much interaction do you want to have? do you want to customize it? how often? are you willing to study and act on pop-ups for a few days to customize it? will you ever read a log?
all those are "best" depending on the user.
software firewalls = the lose. the packets have already reached their destination. Nothing a little bit of packet manipulation can't do to bypass those.
your best bet is still a hardware firewall.
To be sure. Any piece of dedicated hardware (unless it's much, much older) is going to work so much faster than a software solution that it can be thorough without slowing down throughput. If you're going to use a software firewall, though, it's better to get one that tells you what it's doing -- as opposed to the Windows Firewall which doesn't tell the user a thing -- without pestering you constantly at the same time.
I much prefer Sygate over ZoneAlarm. Last time I used ZoneAlarm it locked down every computer I had it on when I uninstalled it. I had to go to someone else's house and look on their website for the special instructions for uninstalling ZA's emergency lockdown. (because nobody would ever remove it unless they were trying to break in.) Unless Zone Labs has changed their anti-sabotage approach since then (a couple of years ago), I'd stay the hell away from it.
I assume you aren't asking about a PIX-type appliance...
so... pfSense on a diskless 386
BEST is gonna be something from juniper, or a cisco PIX.
But I assume you don't have that kind of cash.
Any router doing NAT.
NAT isn't even a firewall...
I use m0n0wall.
pick up a cisco pix 501 off ebay
1 outisde interface, 1 internal interface (which is a 4 port switch)
ACLs + NAT = ftw
hire me to configure it ftmfw
A company I used to work for setup a dedicated firewall box with IPcop and required all his clients to buy one.
Either BSD/pf or Linux/iptables on a machine optimized for routing. Nothing else even comes close.