Personal Firewalls

This NG appears to be primarily professionals, but I'll ask anyway.

I've been asked to help support a set of computers at my church
(some new, some old) and get them connected onto a DSL line.
Unfortunately my experience has only been dial-up connection
and protected with an old version of ZoneAlarm on Win98SE & Win2K.

I need to install some firewall that's easy to use and maintain
as the support is all volunteers and not there during business
hours (except when there's a problem).

I have, in the past year, helped setup a new WinXP system for a
friend that came with Norton's security suite. What I saw
seemed a lot easier than my old version of ZoneAlarm because
it knows all the weird Windows services that pop up that I'm
not familiar with.

I've seen some negative comments about Norton/McAfee. But for
me are these Personal Firewalls a good choice? What other
options do I have?

TIA

Re: Personal Firewalls

johnj wrote:
> This NG appears to be primarily professionals, but I'll ask anyway.
>
> I've been asked to help support a set of computers at my church
> (some new, some old) and get them connected onto a DSL line.
> Unfortunately my experience has only been dial-up connection
> and protected with an old version of ZoneAlarm on Win98SE & Win2K.
>
> I need to install some firewall that's easy to use and maintain
> as the support is all volunteers and not there during business
> hours (except when there's a problem).
>
> I have, in the past year, helped setup a new WinXP system for a
> friend that came with Norton's security suite. What I saw
> seemed a lot easier than my old version of ZoneAlarm because
> it knows all the weird Windows services that pop up that I'm
> not familiar with.
>
> I've seen some negative comments about Norton/McAfee. But for
> me are these Personal Firewalls a good choice? What other
> options do I have?
>
> TIA

You could install a computer running a standalone firewall with
multiple ethernet connections for the individual computers. But
this arrangement may be too complicated for your technical support.
One advantage is that one firewall would protect all the computers.

--
Using OpenBSD with or without X & KDE?
http://dfeustel.home.mindspring.com

Re: Personal Firewalls

On Sat, 19 Aug 2006 20:29:53 GMT, johnj wrote:

>This NG appears to be primarily professionals, but I'll ask anyway.
>
>I've been asked to help support a set of computers at my church
>(some new, some old) and get them connected onto a DSL line.

Use a router, such as NETGEAR FVS114 (4 port) or FVS318 (8 port),
depending on how many computers you have. You need 1 port per
computer. Just plug them in.

>Unfortunately my experience has only been dial-up connection
>and protected with an old version of ZoneAlarm on Win98SE & Win2K.
>
>I need to install some firewall that's easy to use and maintain
>as the support is all volunteers and not there during business
>hours (except when there's a problem).
>
>I have, in the past year, helped setup a new WinXP system for a
>friend that came with Norton's security suite. What I saw
>seemed a lot easier than my old version of ZoneAlarm because
>it knows all the weird Windows services that pop up that I'm
>not familiar with.
>
>I've seen some negative comments about Norton/McAfee. But for
>me are these Personal Firewalls a good choice? What other
>options do I have?
>
>TIA

Re: Personal Firewalls

wrote in message
news:5NOFg.1924$u1.538@trnddc05...
> johnj wrote:
>
> You could install a computer running a standalone firewall with
> multiple ethernet connections for the individual computers. But

This is good, but not sufficient. For your situation, "Speechless"
suggestion of a router is not a bad choice (although I would prefer Linksys
simply because it is more common and thus more supportable). Personally, I
prefer the bastion to be a dedicated (i.e. no applications) Linux system
since the superior logging gives you a leg up, and it is much more
configurable than the packaged router. But it is also substantially more
difficult to configure.

But the bastion firewall and the so-called personal firewall each have
different strengths. You really do want both. You also want some sort of
spyware protection such as Spybot Search and Destroy.

The bastion firewall serves several purposes. First, it makes it difficult
for an attacker to even see your computers, let alone probe them. Secondly,
it can deny external connections with virtually no chance of a worm changing
those settings on you. Many attacks arrive via email or the web, that is,
connections that are perfectly legitimate. They then disable the
protections on the box. Unfortunately, most Windows users run as
administrator which enables this sort of thing. By not giving users
administrator privileges on the PC a lot of this sort of problem can be
avoided. With XP this is possible, but it still isn't very clean, so
setting it up so it is actually useable can be a chore.

The personal firewall is better at controlling outbound connections.
Certain connections you are perfectly happy with FOR SOME PROGRAMS, but not
for other programs. The personal firewall can tell what program is
attempting to make the connection, something the bastion firewall cannot.

Unfortunately, the choices of personal firewall are not good. Windows
firewall is decent, and at least well behaved. But it is the first thing
attackers go after. McAfee, if you can possibly get it installed, will
trash your system sometime in the future, almost guaranteed. Norton seems
to be working hard to make each release of their products more unfriendly
than the previous. All of these products need to be upgraded frequently to
keep up with the latest attacks, and most need a major upgrade once a year,
so you can count on a big annual headache.

So if you want to be reasonably secure, do both, but don't expect it to be a
picnic.

...

Re: Personal Firewalls

Excellent Commentary! I was thinking of OpenBSD running only pf
as the bastion computer. Use a ($90) Soekris 4-port ethernet
card to get router/switch capabilities with dhcp and you have total
control over traffic.

--
Using OpenBSD with or without X & KDE?
http://dfeustel.home.mindspring.com

Re: Personal Firewalls

Try Netveda firewall. I believe its free and was rated as top 10 in
some online survey. I think its available from http://www.netveda.com

johnj wrote:
> This NG appears to be primarily professionals, but I'll ask anyway.
>
> I've been asked to help support a set of computers at my church
> (some new, some old) and get them connected onto a DSL line.
> Unfortunately my experience has only been dial-up connection
> and protected with an old version of ZoneAlarm on Win98SE & Win2K.
>
> I need to install some firewall that's easy to use and maintain
> as the support is all volunteers and not there during business
> hours (except when there's a problem).
>
> I have, in the past year, helped setup a new WinXP system for a
> friend that came with Norton's security suite. What I saw
> seemed a lot easier than my old version of ZoneAlarm because
> it knows all the weird Windows services that pop up that I'm
> not familiar with.
>
> I've seen some negative comments about Norton/McAfee. But for
> me are these Personal Firewalls a good choice? What other
> options do I have?
>
> TIA