Avast! free antivirus ...

[epk]

thanks, ill try that

 

[Shamus MacNoob]

Johnny recommends using Zone Alarm and so do I >>>

 

[Johnny]

Johnny recommends using Zone Alarm and so do I >>>

LOL! You are funny ... I am going to try the new to see what it is like. Maybe they did make it better. It has been a couple of years since I used it last. As for antivirus. I am loving Avast!

 

[LordOfLA]

I strongly discourage the use of firewalls based on 6 years of working with various software and hardware solutions in both a commercial and domestic capability.

They cause more trouble than they are worth. They protect only unused and usually absent services while leaving the applications that need protecting vulnerable, disrupting and corrupting normal communications of the applications and services that need protecting.

 

[Johnny]

I strongly discourage the use of firewalls based on 6 years of working with various software and hardware solutions in both a commercial and domestic capability.

They cause more trouble than they are worth. They protect only unused and usually absent services while leaving the applications that need protecting vulnerable, disrupting and corrupting normal communications of the applications and services that need protecting.

This is the main reason I just use windows firewall Plus with a nat router, that is all you need ....

 

[Shamus MacNoob]

I strongly discourage the use of firewalls based on 6 years of working with various software and hardware solutions in both a commercial and domestic capability.

They cause more trouble than they are worth. They protect only unused and usually absent services while leaving the applications that need protecting vulnerable, disrupting and corrupting normal communications of the applications and services that need protecting.

I would love to see any network admin try that and watch him get fired on the spot, firewalls are not needed .... yeah ok

 

[Tweakfiend]

Been using Avast for 10 years and its a very solid product
The best feature is the boot sector virus check

 

[LordOfLA]

I would love to see any network admin try that and watch him get fired on the spot, firewalls are not needed .... yeah ok

You're looking at one

I've done it twice for 2 companies

Now tell me what they protect:

all closed ports with no applications attached - these were never a danger anyway.

What ports are left open?

80/443 for the web server - wow look at that apache/iis/whatever is no not protected woo! Fat lot of good the firewall did.

22 - ssh port for remote admin of linux/bsd/unix boxes. Again what is the firewall protecting?

25 - smtp. Protecting what exactly?

53 - dns - what protection?

110 - pop3,
143 - imap,
3306 - mysql
3309 - ms remote desktop/terminal services


all those open ports. the firewall is doing nothing to protect - and is often doing nothing more than disrupting or corrupting communication to/from those applications.

Now tell me why firewalls seem to have this "must have" myth attached to them?

 

[bmclaughlin807]

I would love to see any network admin try that and watch him get fired on the spot, firewalls are not needed .... yeah ok

We generally disable software firewalls on machines on business networks... They're either too much protection or too little... there really isn't much middle ground...

A good hardware firewall with intrusion detection combined with good antispyware and antivirus should be plenty for MOST companies out there.

 

[tdinc]

has anyone learned through Pen testing that a firewall is necessary really mandatory on high level security corporate levels.. some hx0r out there with simple Port knocking to a network and your screwed. hardware or software/

 

[Johnny]

has anyone learned through Pen testing that a firewall is necessary really mandatory on high level security corporate levels.. some hx0r out there with simple Port knocking to a network and your screwed. hardware or software/

For extremely paranoid and very well known companies; I can see a good sense of extra security. But for normal security, all you need is a hardware firewall and no soft firewall is needed. You yourself should know that running both at the same time can cause conflicts.

 

[Shamus MacNoob]

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/centri4/user/scf4ch2.htm

If you can avoid all these problems with no firewall I will buy into it... no firewall? or no software firewall?

 

[Johnny]

What I am saying is that a hardware firewall does just as good as a software firewall. You don't need them both at the same time ...

 

[LordOfLA]

how pray tell is a firewall going to protect against any of those when you have ports open for services?

A corporate network would do better with a NAT device than a firewall, that way you can close all ports to all remote sites, bar those that you contacted first. But a firewall is useless to everyone.

 

[bmclaughlin807]

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/centri4/user/scf4ch2.htm

If you can avoid all these problems with no firewall I will buy into it... no firewall? or no software firewall?

*rofl*

1> Network sniffers: a firewall does absolutely NOTHING to protect you from network sniffers (A VPN on the other hand does... and one could be built into the same device you're calling a 'firewall' but is a totally separate thing)

2> IP spoofing: Again... firewall does absolutely nothing to protect you from this

3> Password attacks: Again... nothing.

4> Distribution of Sensitive Information: A traditional firewall doesn't do anything to prevent this... although a pass-through device COULD be sniffing every packet looking for sensitive info and blocking it.. Any type of encryption would make that impossible

5> Man in the middle: Wow... I'm getting bored... again... no protection

What a software firewall DOES protect against is unpatched bugs in running services that aren't actively being used (By blocking services that you don't need.. IF the firewall is configured properly)

With a competent IT staff you're much better off disabling unused services, running a good hardware firewall, and keeping your OS up to date with the most current security patches.

 

[LordOfLA]

if unused services are disabled a firewall will protect nothing, because it will be allowing used services through

Firewalls are an urban myth. They protect nothing.

 

[fitz]

A corporate network would do better with a NAT device than a firewall, that way you can close all ports to all remote sites, bar those that you contacted first. But a firewall is useless to everyone.

umm.. a NAT device is, in many people's view, a simple form/method of setting up a firewall. Even by you using the worlds "close ports to all remote sites" on a NAT device essentially turns that NAT device INTO more of a firewall.

Unless you are advocating putting all computers, printers, multi-function devices, etc on your network directly onto the internet with public routable IP addresses, then you are still advocating a firewall of some type.

edit:
Now, i'm not advocating the firewall as the end-all be-all of network security. Far from it - I DO believe that firewalls are very overrated and over emphasized in most people's views. Most people are FAR too reliant and trusting in a firewall to provide their security that they don't spend enough time focusing on other aspects of security.

Instead of investing 90% of their time/money/effort in their firewalls, a company would be better served spending 10% of their time/money/effort in their firewall and the other 90% on things beyond that - desktop security, DLP (which is sill emerging), encryption, education policies, etc..

But to make a blanket statement that they are uncessary and protect nothing is also short-sighted. The firewall is still a necessary part of the overall network security picture in many corporations and homes but it should not be the main part of the picture and is only a small cog in the overall design.

 

[LordOfLA]

beyond NAT firewalls have absolutely no use. they protect unused ports (which are not at risk being unused) and do not protect in-use ports since by nature these need to be open.

Anyone who believes they get any kind of security from a non-nat firewall device is deluding themselves to justify the purchase price (if any).

Edit: All my computers are on the internet with a public routable IP address. My printer uses a private IP since I don't want anyone to print. Would cost a bit in paper/toner. IPv6 will allow for everyone to do this.