December 09, 2005

CURIOUS, GEORGE: FIREWALLS .. Being somewhat stumbling in the I.T. arena, I am seeking advice from 'Monkeys' as to what would be the most efficacious Firewall software for the O.Systems of W-2000, WXP-Pro and W-ME. One also runs Linux. The separate systems are, unfortunately, necessary. Advance appreciation to all of such limber lucidity.
  • sygate provides free firewall software for personal use. i used this a few years ago on a win2k machine and found it good enough. i since got a copy of norton as a gift. if you're going to network the separate systems and access the internet via a shared connection, your best bet would be to firewall a router that connects to your modem (or get a modem/router combination). quite a few routers are available with preinstalled firewalls (certain models of linksys, netgear, and d-link).
  • A router would be easiest. All routers do a basica level of firewall protection that is sufficient for 99% of people. It doesn't care what os a computer is using. How many computers are we talking? If it is just those four, then a router is by far the easiest. If its some company with 50+ computers, get some expert help form someon who knows about genuine hardware firewalls, switches and whatnot.
  • core force provides an endpoint security system for windows machines based on the excellent Pf firewall from *BSD systems. Currently there are no decent Linux firewalls (where decent means stable, stateful with an expressive configuration language.)

    Your best best is either a router or a dedicated, low cost machine running a BSD based system with Pf acting as same.
  • What about smoothwall? I've never used it but its Linux-based and I've hear people bring it up pretty regularly. Just curious.
  • Sygate was/is my favorite software firewall, too. It may be smart to grab a copy of the free-for-personal-use Sygate Personal Firewall immediately if you're interested - Sygate has been acquired, and their product lineup and website are in a state of flux. There are indications that all the Sygate software is already officially discontinued. I haven't used it, but I've heard good things about Kerio Personal Firewall. I agree with the other posters that getting a cheap NAT-based router offers significant blanket protection for little cost and hassle. Using an old PC as a router/firewall probably offers more protection and flexibility for less capital investment, but you have to take the time to figure out how to set it up. It's also a cinch that running 24/7, a full-blown PC will consume something like US$40+ worth of electricity per year. It usually possible to find a dedicated router on sale for less than that. One thing a good software firewall can do that an external firewall generally can't is to warn you about sneaky outbound network access from the protected machine. This can be the first warning that your machine is infected with a virus/malware/spyware.
  • Yes, there will be 4 systems networked. The router solution seems ideal. I will also research 'Core Force' and 'Smoothwall' with interest. Many thanks indeed!
  • I've used software firewalls (including the Sygate one roryk mentions), a dedicated barebones PC running Linux with iptables-based firewalling, and a router with built in firewall. If you just want to protect your systems against external evildoers I think you'll find a router the best solution: inexpensive, effective, relatively easy to setup and maintain, and no apparent performance hit. If you need more flexible configuration or logging abilities then a dedicated PC (running BSD or Linux - but I'll leave it to others to argue the differences) is a better alternative (and can be inexpensive as well - a system more than adequate for the purpose can probably be scrounged for free). Software firewalls are good for quick and dirty monitoring of outgoing traffic but they're a big performance drag on slower systems (and I'm guessing your WinME system is slow) and, theoretically, are somewhat less impenetrable.
  • .. and thank you also, Lagged2Death. I will have the systems to set up at my new location. Armed with information and hardware, one hopes to appear less of the ignoramus than is usual! }:-D
  • Each has software which can't be transferred to other Operating Systems, Timefactor, though the information processed can be. What is necessary is, basically, to maintain security when information is being processed. ..er, one understands most of what you are saying but loses the fine detail. (Out of my depth here. heh!)
  • Uhb... Why, oh why is Windows ME necessary? The only reason my mind volunteers is that someone is unfathomably cheap. Please asuage my curiosity, and forgive my grammar, if possible.
  • Sleepyangel, I can't speak for jeraboam, but in my experience, people who are still running ME are, for reasons unknown, violently opposed to upgrading. The few people I know who use ME would never in a million years upgrade for love or money. It's not loyalty - it's more like a weird combination of tech resistance and OCD.
  • Or the fact that once you've been through the hell of making the thing work, you're damned if you'll change and throw away all of those hours of your life.
  • have an old PC? Install smoothwall
  • That's the thing, though, Lara - ME was so awful, it DID take a lot of time to get it to work. And even then, it doesn't work very well. Anyone who's tried using ME is so scarred from the experience that, projecting that trauma forward, they refuse to upgrade. Which is understandable, but XP is a huge improvement over ME. I'm no windows lover, but you simply can't judge XP by your experience with ME. XP works so much better that it's A) significantly easier to get it working out of the box, and B) will continue to work far far better than ME. ME was basically a weird little side tangent that Microsoft took after 2k, and it was a complete debacle. It was so bad that Microsoft basically abandoned that branch, which is why they never put out an ME2. They scrapped the ME branch entirely, and focused all their development time on XP. You want to jump back to the main branch (XP). Trust us.
  • Ipcop + old PC with 2 NIC's = easy to use firewall/router/DMZ/proxy/DHCP server It is a headless setup with an easy to use web interface you can access from any PC inside the network Ipcop has been looking after my network for some time and I sweary by it.