March 31st, 2004 03:44 PM
Ok guys, I have a question to throw at you now. I read a thread not too long ago on here that mentioned the concept of double-firewalling, and I've been curious about it ever since. I haven't had enough memory to run two firewalls simultaneously though, until now, so I'm going to give it shot when I have some spare time just to see what happens.
So, I was thinking pairing up BlackICE and ZoneAlarm. I currently use ZoneAlarm because 1) for me it's worked great and 2) more people sing its praises than not. I've stayed away from BlackICE thus far because the vast, vast majority of people I've run into have told nothing but horror stories about it, with only the occasional happy user.
Anyway, both are still among the most popular though evidently, so perhaps if you could figure out a way to run them both together without them interefering with each other (if such is even possible), then maybe they'd cancel out each other's weaknesses. Am I crazy?
Anyway, just a wild idea I'd throw out there. I guess I'll give it a try soon and report back on what happens.
March 31st, 2004 05:29 PM
I might be wrong but there are downfalls to Double Firewalling. One main reason that I think I remember reading is, I believe that when you Double Firewall there is a hole left on your system. I might be wrong. Give me a sec and I will see if I can find what
March 31st, 2004 08:42 PM
That seems odd, how could doubling firewalls create a hole? Please do let me know what you find.
March 31st, 2004 09:50 PM
Frankly, using two software firewalls on a single machine is a waste of resources and makes troubleshooting more difficult, nit to mention you have two things squabbling over who has fist crack at every packet.
If you want to double firewall use a hardware appliance such as a linksys and a software firewall of your choice on the box itself. Easier to deal with, only one egress filter to worry about, relatively cheap and less of a headache.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
March 31st, 2004 11:49 PM
you just cant beat em
I tried Kerio,weak.Discarded.....I Personally do use Zone Alarm Pro it Works And its perfect a lil bit ugly of a font thou.(anyone know how to change a tray icon)ANYWAY,.....the thing is Black Ice is what is otherwise refered to as "Intrusion Dectection/Protection" its "firewall", I believe,is refered to genericly.I deleted all firewall rules,then input THE IP 255 255 255 255:TO block all ports,block all tcp ports,block all udp ports;ONLY 3 ENTRIES it formed a perfect vacume the "firewall" for BLACK Ice is now perfect(but remember it only dose what its supposed to:intrusion detection)It also monitors and dose applicaton protection.Whatever it Monitors,it Detects,It also automaticly blocks.(port probes/scans ect)Like I said i love black ice but it dose seem to have its weakness .Now ,let me tell you between Zone Alarm Pro and Black Ice I have an ABSOLUTE VACUME.and of course ,zone alarm is fully configurable from there.
April 1st, 2004 03:44 PM
Well good luck then screwedn2, may your dictionary never get used and your firewall never crash.
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson