Personal Firewalls For Windows Systems
Last Updated: 11 Jul 2004
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*** PLEASE NOTE: Link(s), If Provided, May Be Wrapped ***
Many people feel that security on a home network is not
that important, because they don't have *critical* data
on their systems. It is true that most home systems and
networks are not compromised for their data. They are
compromised for practice purposes, or to create remote
zombies for large-scale Distributed Denial of Service
(DDoS) attacks against other networks.
On a number of occasions, the Internet has been bogged
down through the propagation of Viruses and Worms by
unpatched systems. Remember: Security is not simply
about protecting yourself directly -- it's also about
protecting your neighbor (and the Internet) indirectly.
If your machine is ever compromised, just format it
and rebuild, restoring any necessary data from the
last clean backup. You can never be sure that you've
managed to clean out all the backdoors on such a system.
HARDWARE VS SOFTWARE FIREWALLS
For those connected to the Internet via Cable/DSL lines,
there are now a variety of free/low-cost Personal Firewall
products for the Windows platform:
Hardware and software firewalls present different pluses
and minus. What you choose depends on skillset, security
needs, cost and time. For the most part, I favor hardware
firewall appliances over software firewalls which are
installed on top a standard OS.
• http://www.giac.org/practical/gsec/Andrew_Baker_GSEC.pdf
It is not uncommon to find people in home environments
running a desktop firewall in addition to any broadband
routers/firewalls. This is almost a must if you're
concerned about outbound traffic, and your gateway device
does not allow you to regulate outbound traffic.
WINDOWS ICF FIREWALL
• http://www.microsoft.com/windowsxp/pro/using/howto/networking/icf.asp
• http://msdn.microsoft.com/library/en-us/dnwxp/html/securityinxpsp2.asp
• http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/winxpsp2.asp
SOFTWARE FIREWALL SOLUTIONS
• Absolute Firewall ...... http://www.absolutefirewall.com/
• Blink .................. http://www.eeye.com/html/products/blink/
• ConSeal PC Firewall .... http://www.candc1.com/conseal/cfindex.htm
• CyberArmor Personal .... http://www.infoexpress.com/
• Cyberwall Plus-WS ...... http://www.network-1.com/
• eSafe Protect .......... http://www.reeseweb.com/personal.htm
• HackTracer ............. http://www.neoworx.com/
• Internet Firewall ...... http://www.digitalrobotics.com/fire.htm
• KerioPersonalFirewall .. http://www.kerio.com/us/kpf_home.html
• LockDown 2000 .......... http://speed.speedlink.com.au/users/esw/security.html
• McAfee MPF ............. http://www.mcafee.com/myapps/firewall/ov_firewall.asp?
• Norton Security ........ http://www.symantec.com/sabu/nis/
• PGP Personal Firewall .. http://www.pgp.com/products/pgpfire/
• SecureUp Firewall ...... http://www.secureup.com/
• SyGate Desktop ......... http://www.sygate.com/products/
• Tiny Personal FW ....... http://www.tinysoftware.com/
• ZoneAlarm .............. http://www.zonelabs.com/
INTRUSION DETECTION SYSTEMS
• BlackICE Defender ...... http://www.networkice.com/
• Blink .................. http://www.eeye.com/html/products/blink/
• DShield ................ http://www.dshield.org/
• LANGuard S.E.L.M. ...... http://www.gfi.com/lanselm/
• KerioPersonalFirewall .. http://www.kerio.com/us/kpf_home.html
• NeoWatch ............... http://www.neoworx.com/
• NetWatcher 2000 ........ http://www.moonlight-software.com/netwatcher.htm
• Snort .................. http://www.snort.org/
• SecureUp Firewall ...... http://www.secureup.com/
• SyGate Enterprise ...... http://www.sygate.com/products/
• Tiny Personal FW ....... http://www.tinysoftware.com/
• Various ................ http://www.networkintrusion.co.uk/consoles/
WIN32 FILE ARCHIVES & RESOURCES
• About Firewalls ........ http://windowsnt.about.com/compute/windowsnt/msub30.htm
• About Security ......... http://netsecurity.about.com/compute/netsecurity/
• Freshmeat .............. http://software.freshmeat.net/search/?q=firewall§ion=projects
• SearchNetworking ....... http://searchnetworking.techtarget.com/
• Security Online ........ http://www.security-online.com/info/firewall.html
• SoftSeek ............... http://www.softseek.com/Utilities/Networking/Proxy_Servers_and_Firewalls
• WhatIs Firewall ........ http://whatis.com/firewall.htm
• CNET Downloads ......... http://download.cnet.com/downloads/1,10150,0-10001-103-0-1-7,00.html?tag=srch&qt=firewalls&cn=&ca=10001
• ZDNet Resources ........ http://www.zdnet.com/eweek/filters/resources/0,10227,6016830,00.html
• Personal Firewall Day .. http://www.personalfirewallday.org/why.html
REVIEWS & ARTICLES
• UK Security Online ..... http://www.uksecurityonline.com/products/pfirewalls.php
• CNet ................... http://www.cnet.com/software/0-352108-8-7338947-1.html
• Dalantech .............. http://www.dalantech.com/ubbthreads/postlist.php?Cat=&Board=reviews&page=0&view=collapsed&sb=5&o=all
• eOpinions .............. http://www.epinions.com/ntwk-Firewall-All-Netscreen_10?sp=i2
• Firewall Guide ......... http://www.firewallguide.com/hardware.htm
• PC Magazine ............ http://www.pcmag.com/article2/0,4149,653189,00.asp
• Shields Up ............. http://grc.com/su-firewalls.htm
• Google ................. http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=firewall+reviews
SECURITY FAQs & RESOURCES
• http://www.dslreports.com/security/
• http://www.hackerwhacker.com/
• http://security.symantec.com/
• http://grcsucks.com/
• http://www.sdesign.com/securitytest/
• http://security.SnapFiles.com/
• http://hackingthemainframe.com/portscan.php
• http://www.thegild.com/firewall/
• http://lists.gnac.net/firewalls/
• http://www.deathstar.ch/
• http://www.enteract.com/~lspitz/audit.html
• http://www.icsa.net/html/communities/firewalls/buyers_guide/index.shtml
• http://www.phoneboy.com
• http://www.practicallynetworked.com/
• http://www.smallnetbuilder.com/
• http://www.secure-1.com/faq/fw1/dmz.asp
• http://www.homenethelp.com/
• http://www.robertgraham.com/pubs/network-intrusion-detection.html
• http://www.securityware.co.uk/intrusion-detection/
• http://www.sans.org/infosecFAQ/firewall/firewall_list.htm
• http://www.dshield.org/
• http://www.asl-security.com/firewalls/
PACKET FILTERING & STATEFUL INSPECTION
• http://www.ncmag.com/2001_04/packet/
• http://www.sonicwall.com/products/documentation/firewall_SPI.html
• http://www.checkpoint.com/products/technology/stateful1.html
• http://www.netscreen.com/products/firewall/security/stateful_inspection.jsp
Enterprising souls can also consider configuring a Linux
or FreeBSD/OpenBSD box as a firewall on their network.
LINUX ROUTERS/FIREWALLS
• http://www.linux-firewall-tools.com/linux/
• http://www.dalantech.com/coyote.shtml
• http://www.coyotelinux.org/
• http://www.clarkconnect.org/
• http://www.smoothwall.org/
• http://www.freesco.org/
• http://www.e-smith.org/
• http://www.ipcop.org/
OTHER *NIX SOLUTIONS
• http://www.openbsd.org/
• http://www.freebsd.org/
• http://www.linux.org/
BOOKS -- https://brainwavecc.com/Library.html
• Building Internet Firewalls
• Firewalls 24seven
• Building Linux and OpenBSD Firewalls
PERSONAL NOTES
• Favorite desktop firewalls:
Kerio Personal Firewall
Tiny Personal Firewall
SyGate Personal Firewall
• Although not mentioned in this document (it is covered
in the SOHO Firewall document), the NetScreen-5 should
be considered for home use if you have a decent sized
network, or you require VPN support. Awesome product.
• Be careful when using a remote site to perform security
scans or evaluations of your network. You never really
know what might be done with the info they obtain.
• Tiny Personal Firewall now contains an integrated IDS
module
• Remember: Security is not simply about protecting
yourself directly -- it's also about protecting your
neighbor (and the Internet) indirectly.
• ICF is much improved with XP SP2. It now supports the
creation of dynamic rules for inbound filtering, and
somewhat better logging. Especially nice is control
via Group Policies. Outbound filtering is still not
supported, but this functionality can be obtained to
a large degree, by instituting IPSec policies.