I hid this just because the post is looooooong...

A while back in reply to a question on which was the best firewall I wrote this and started a pretty health discussion on some of the problems with two software firewalls.

Originally posted here by Jupes
As for windows firewalls:

I recommend using more than one. Some are better for some things than others. And since there are different approaches to security by firewalls using more than one increases your secutiry. Personally I use VisNetic and ZoneAlarm (and I'm considering adding Sygate). Between them I think I have a high level of intrusion protection.
Originally posted here by instronics
Hi jupes. You said to use more than one firewall on windows? Thats about the one of the biggest mistakes one can do. There are more reasons why this is a bad idea. Let me try to explain the negative sides of what you have proposed.

1 - Two firewalls does not make you more secure. On the opposite, it makes you less secure.

2 - If you setup one firewall "CORRECTLY" then its safe enough, and its easier to administrate. Setting up 2 firewalls will cause you to lack attention on each one individually meaning that you would have 2 poorly setup firewalls which offer no real protetection. Also the thought of having 2 makes you "think" you are safer, which will cause less accuracy.

3 - Two firewalls might interefeer with each other. To maintain a firewall correctly takes some time and accuracy. But to maintain 2 firewalls is madness.

I hope that im making sense to you Jupes.

Cheers.

Originally posted here by Jupes
instronics,

Thanks for the info. I admit I am no firewall jedi and had relied on the suggestions from the book 'Desktop Witness" which I don't have my copy here so I don't know the author. Unless I read it incorrectly (and in that case I don't deserve to have a computer!), it said that it was possible to run more than one firewall.

The book, which covers almost every aspect of securing information on a PC and I found to be excellent, describes extreme measures that can be taken when you have very valuable information (i.e. human rights workers in a totalitarian regieme) but suggests each person takes their own situation into account and only uses the level necessary. I personally don't have a need for such extreme protection but have been experimenting with some of them out of curiosity. I am therefore interested to hear if it is recommended against running more than one firewall?

I have taken some time to configure each firewall to my needs, although I must admit that I have not regularly reviewed VisNetic. What are peoples thought?

Thanks

Originally posted here by instronics
Hi again Jupes. Indeed it is correct that one may run more than one firewall. But i do not think that this is related as in running 2 software firewalls on 1 computer. The word firewall may consist of many different types and kinds. One of these kinds is a simple software firewall. Other kinds consist of 2 routers, a bastion Host, and a proxy server (aka application level firewalls). I think that when you read the part with 2 firewalls it was refered to a network. An example:


<your-client-with-firewall> <----> <internet>

or

<your-client-> <----> <firewall> <-----> <internet>

Where the <firewall> is a dedicated hardware firewall, or just a computer running one.

or a more complex way.

<your-client> <--> <interior-router> <--> <Bastion-Host> <--> <exterior-router> <--> <internet>

Where by the 2 routers in combination with the bastion host are 1 large firewall setup

or what i think you meant

<your-client-with-firewall> <----> <firewall> <----> <internet>


As you see there are many things called firewall. To run 2 software firewalls of one computer is nonsense. If you would like a deeper insight on firewalling (which by the way is a very good and interesting read) then i would recomend a book called "Building internet firewalls 2nd edition" by Oreilly www.oreilly.com .

Thats a great book which will cover *nix aswell as windows systems. Do not let the size or the price of the book scare you, its an excellent read.

Good luck

Cheers.