Best firewall? Your opinion

[FEARHQ]

I recently found the need to install a firewall as I kept being flooded with malicious http commands and such, being constantly scanned for subseven netbus and such, so I went out for the obvious choice to me - blackICE.3.5!. BlackICE felt "good", but the application protection is just too much, especially for someone who likes to test many apps, then delete them when dissatisfied. The packet logging was unusual, to me at least, and well I'm really interested in what were those so-called "attacks", what did they try exactly, and what was my response to it. Sure, application protection can be eliminated, but what about the logging? So I tried Sygate.Personal.Firewall.Pro 5.0.1150, great! Logging's never been better, but what good is it when I realised that well-known IIS attacks fell right through it, without it even finching! And if it's going to ask me if every single network app I have installed should allow to communicate with the web, then it gets pointless. I run some services, like ftp for example, and would not want to kill them either, and this firewall was not very permissive... I avoided mcafee and norton firewalls because they are way too big and bloated, and have way too many features that I find useless. DaNu.TermiNET.Firewall.1.82.041 was a complete letdown, it had a tighter grip on all inbound-outbound connections than a vice, basically not letting me do anything, always popping the confirmation dialog.

Ok, I know I've written this from a subjective point of view as I required a program that 1 - logs specific ports (add specific commands and jackpot!) 2 - is slack on security (or can be), that is only blocks/loggs known attacks/suspicous activities 3 - is small

Anyone know any such program? What about the firewall you choose? What is it and why did you choose it?

ZoneAlarm Pro 3 I choose it because it is very secure controls all inbound and outbound very well ( I run FTP also) logging is good even has some extras like helping with popups and cookies

ZAP3.0 is my fav also

[c4p0ne]

Sygate Personal Firewall Pro v5.0 is the most advanced and rock-secure firewall available to home users ever, period. SPF Pro does have rudimentary IDS capabilities though not enough for the eternally and severely flawed by nature "IIS".

I would suggest taking a look at eEye's SecureIIS v2.01 for IIS protection as it will lock your IIS down stronger then any Apache server. But if you want my real opinion, DUMP IIS and install Apache for Win32 as Apache is simply a better, more stable and generally faster server alltogether. Dump ASP while you're at it and learn PHP. =) SecureIIS is APPLICATION LEVEL protection so you will still want some kind of network firewall/IDS.

For an IDS (Intrusion Detection System) I use and recomend snort (both BSD and Win32 versions) as it is FREE and EXTREAMELY powerfull not only enginewise but in flexibility as well, otherwise ISS BlackICE v3.5 is also an excellent choice (when configured PROPERLY) for Windows users. Contrary to popular belief BlackICE and Sygate work very will together (at least for me). you can shut off AP in BI and use Sygates more flexible mechanism. However you wont see 98% of attacks in BI since Sygate will most likely nab them first =(, Thats why I now use snort with FlexResp + Sygate.

good luck.

Kerio Personal Firewall

I use the Sygate Personal Firewall Pro v5.0 + BlackICE cai 3.5.
The Solution is well

[FEARHQ]

Finally some discussion I appreciate your input very much c4p0ne, as well as other's suggestions. I might even give sygate a second chance... I dumped my blackice because it was too ressource-intensive and decided to stick with Outpost for now. Only bad part is, well, it stopped working... My system is really broken, but after a format it should all be ok.

As you also suggested to turn of AP in blackice, it's the first thing I did after installing it It's that stupid element of the firewall that makes the installation last like 30 minutes and eat up even more ressources!

As for the IDS, let me take a look at snort - if I combine that with an existing firewall, it can provide just the thing I need! As for dropping IIS, I am reluctant to do so... I have my own reasons. What I would really like is to log all attacks, not necessarily block them 100%, but log so I can study them and see what the person tried and why... As for dropping asp, I don't even know the language yet, although it shouldn't be that different from vb, and I do all my server-side scripting in php Great language might I add.

[FEARHQ]

Now that I think of it, title should also be modified to include best IDS, but I have no more controll over that... Perhaps I was requiring a firewall to do something that is normally not in it's nature, comparing it to blackice which is a firewall/IDS system... Well, it's back to the testing phase again!

[c4p0ne]

If your goal is to analyze webserver logfiles on a win32 platform then I would suggest Cyclops v1.2 from www.nstalker.com. It's VERY nice and uses a known-signature database so you don't waste your time disecting old played-out ass http attacks.

Ehem, anyway the real purpose of this reply was to say how much I am DYING to give THIS a test-run:


Blink Intrusion Prevention System