Two firewalls are better than one.

Darksat said: "Firewall Security. Sometimes 2 firewalls are better than one. many large networks have a dedicated firewall protecting thier connection to the internet while the user machines rely simply on virus scanners. This can be a fatal flaw for many networks. Advanced trojans nowdays use a technique called web tunneling. they initiate a connection from the machine they have infected and route the connection through port 80 (the web port) sometimes even masking themselves as legitimate programs (this allows them to pass through most network firewalls). a second firewall on your machine such as sygate allows you to manually set permissions for all programs accessing the net, preventing such trojans from connecting outwards. (please note only some firewall software allows you this option) So please dont rely to much on your network firewall to protect you. Source. [url]http://www.aaitechnologies.co.uk/chat/viewtopic.php?t=65[/url]"

edwin said: "what firewall do you like best and why?"

Darksat said: "for windows machines I like sygate as its easy to use, very secure and has loads of great features, plus its not a CPU hog and the GUI is well designed. for a network firewall any well configured linux firewall should do the trick, just make sure its statefull, and also run an intrusion detection system like SNORT on the same machine, that makes a good combo."

edwin said: "because i tried zone alarm and that is not good!"

Darksat said: "Zone alarm is crap, I could drive a truck sideways throuth the holes in that program."

Heather said: "I used a program called "Black Ice" that I had to get rid of. At first I thought it was interesting (it let you know when your ports were getting probed and the level of intrusion) but it got to be a pain in the butt. A window would pop up all the time and browsing was made near impossible. Have you had any experience with that program, D?"

edwin said: "yeah, i had "black ice" for awhile. i could barely get a program to work without updating it. too intrusive."

Heather said: "I think that I know what your talking about. :mad: But running a computer without some sort of firewall is not smart."

Darksat said: "Black Ice shows you an alert every time you get scanned, which for most people is dozens of times a day. Its a waste of time. if you want to detect a real hacking attempt you need a dedicated IDS system, black ice caters to paranoid people, thats all."

edwin said: "that's the whole problem with it, it's very invasive. same problem with most anti-virus programs."

Darksat said: "I would go as far as calling it gimmickey."

edwin said: "sure it is. i also don't like to have to do updates every few minutes, but i guess there's really no preventing that. if it was less intrusive it would be better."