|
-
August 22nd, 2003, 02:49 AM
#1
Junior Member
Running Blackice and ZA Together?
Ok now... take it easy on me guys! 
I'm just wondering if there is any sense in running zone alarm along with blackice v3.6.41? And if anyone does it, is there anything I may need to know to do this? I am bound and determined to learn this security stuff if it kills me!! I'm just glad I found this site!!
-
August 22nd, 2003, 03:06 AM
#2
I don't do it (run 2 software firewalls on one host)... but you can if you want.
Its better to have one properly configured firewall than two badly configured firewalls.
Just keep an eye on your logs and the firewall up to date, and properly configured... you shouldn't need the second...
general rule of thumb... deny everything... then allow when you need it.
If in the future, you don't need it... then deny it again.
just my opinion though
-
August 22nd, 2003, 03:23 AM
#3
Phishphreek said exactly what I would have said *except* that I think it depends on how paranoid you are. Since ZA is free (not sure about blackice so I won't discuss it much), it is known for some vulnerabilities that can be exploited by people who *really* know what they're doing....but it's great for general protection. However, if you are seriously paranoid and you have something of great value, then by all means you can have layers of security to make it nearly impossible to get past.
Its better to have one properly configured firewall than two badly configured firewall.
That's probably the best thing that can be said about firewalls. Even if you have two, if you allow a trojan to get through, then it makes no difference how many firewalls you have.
-
August 22nd, 2003, 03:33 AM
#4
Member
If you really want to be secure, run either of the software firewalls on your system (I prefer ZA, and have used it for years) then buy a NATing router like the Linksys BEFSR81 or similar and run that between you PC and your Internet connection. This will not only give you the ability to share your Internet connection to many PCs, but the router will also add an extra layer of protection. 
Golam
Time flies like an arrow - fruit flies like a banana
-
August 22nd, 2003, 03:42 AM
#5
golam: That is good advise. In fact, that is exactly what I do.
I use my router as my first firewall and then have a software firewall on each host on my home network. I guess I'd be in that overparinoid group...
-
August 22nd, 2003, 03:43 AM
#6
Junior Member
Thanks for the great info guys!!! I'll study up on proper configurations for my firewall, and will look into getting a router.
I will be reading up on blackice configuration settings, but any quick tips that may be on the top of anyone's mind is greatly appreciated!!
Thanks again, everyone!
-
August 22nd, 2003, 03:52 AM
#7
Member
phishphreek80 - great paranoids think alike
Golam
Time flies like an arrow - fruit flies like a banana
-
August 22nd, 2003, 04:49 AM
#8
Let me tell you how I have mine set up. You probably don't want me to tell you this but I worked so hard on it and have to tell someone
I have a Linksys BEFSR41 CABLE/DSL router with NAT. I then have Three PC's behind the router. One running Win 98, one Win XP Pro, and one Suse LInux 8.2 I have Norton internet Security for a firewall, and Snort set up acting as a IDS, oh yeah, I also have a network probe monitoring all connections.
Thats my set up. Probably a little to much security in there but better safe than sorry. What Golam said though will definitely keep you safer than having just a firewall.
-
August 22nd, 2003, 05:22 AM
#9
Snort set up acting as a IDS
cheyenne1212: Where exactly do you have your snort box? If you have it plugged into your router and your router has a built in switch, it won't do you much good. Your ids will need to be able to inspect ALL traffic going to and from the router.
In order to do this, you will need a hub. A hub will broadcast all traffic to all ports letting you inspect all traffic going to and from the router. The switch will only allow you to inspect traffic going to a specific MAC.
Here is how it'd have to be setup... I think*
modem to router
router to hub (so you can repeat all traffic to all ports)
hub to hosts
if you really want the extra bandwith on your LAN you can do...
modem to router
router to hub
hub to switch but plug the IDS into the hub too
switch to hosts
You don't want your IDS on a switch, as it won't be able to inspect all the traffic (unless you have a programmable switch in which you can make it act like a hub) or... unlss you are using something like ettercap which will flood your switchs arp/MAC table in turn making it act like a hub.
I think*** I might be wrong and its getting late and I'm not thinking clearly... so can someone please confirm this?
At least... thats the way I've always understood it... but I'm still learning just like the rest of you.
-
August 22nd, 2003, 05:51 AM
#10
I would come to same conclusion as you, but snort has been capturing traffic going to both computers.
I don't know how as I don't completely understand snort yet, but it is caputuring traffic going to two different IP's in my lan.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
