Solved

Zone alarm or sygate?

Posted on 2004-10-07
2
1,042 Views
Last Modified: 2013-11-16
I've been using zone alarm now for about 4 years, and am pleased with it. Even formatted my own xml ip blocklist and imported it with great results.
I tried sygate, and found it more of a hassle (Probably because I'm used to ZA)
What in your opinion is the better firewall ZA or sygate?
One other thing: I seem to get alot of portscanning across the netbios range (137,139, 445)
Is this reffered to as "syn flooding"?
Sometimes they are all from the same ip address. Should I add these parties to my blocklist when this happens?
Zone alarm blocks my netbios anyway, but I wonder if I should be concerned at all when my log file shows "extra" activity.
Is this an example of script surfing, or just chatter?

(yes I'm slightly paranoid, but one needs to be on top of things in this day and age)

Thanks :)
0
Comment
Question by:fallenknight308
2 Comments
 
LVL 6

Accepted Solution

by:
knoxj81 earned 100 total points
ID: 12253595
fallenknight308,

I was once in your same shoes. A faithful zone alarm user, until one day I noticed my internet connection is too slow, and that someone has bypassed my firewall with a trojan. This was a few years back, but none the less a wake up call. With a little research, I discovered that Norton AV and ZoneAlarm, wern't at all "secure" programs. Enough with the story, to the facts.

Over the years I tested many different firewalls and virus scanner along with a handle full of other programs. I definitly perfer Sygate Pro, its a wonderful firewall if configured correctly. I get no unauthorized activity on my network since I've been using sygate with custom rules. This is with wireless as well. Usually always have some script kiddie running a port scan for the first time, but as you said, simple click to add them to the blacklist. However, if they are successfully running a port scan on your system, I would switch firewall programs, and also consider a hardware firewall; Linksys or Netgear (I perfer Linksys).

Now, since you metioned needing to be on top of things this day in age. Let me throw this idea out there. IDS - Intrusion Detection System
Snort, is my program of choice here; free and has been around for years. Also you can run this on Linux or Windows. Linux is more advanced options, but for a home user, the Windows install will do fine. One of my favorite thing is, the Snort Community writes new rules for snort right away. Ex. 10/7/04 - New exploit released . Snort would have a rule to block that attack within hours. I'm new to the Snort community, still working on my linux IDS box. As you said, "one needs to be on top of things in this day and age."

Reference:
A post I answered a little while back on IDS:
http://www.experts-exchange.com/Security/Q_21061304.html

Let me know what you think,

Jorden
0
 
LVL 1

Author Comment

by:fallenknight308
ID: 12255614
I have not had anything "sneak" by ZA, but if I'm getting scanned alot then this would mean my ports ARE visible?
I used to believe that guy at "shields up" (grc) but then I found this site: http://www.grcsucks.com/
Apparently there is no such thing as "stealth" If my ports are at risk with ZA I might go ahead and give sygate another try.
As a rule of thumb I  have turned off netbios ect....
Can someone give me a quick overview of how scripting works exactically? I thought its basically like "pinging" in a way.
Thanks.

New points: 100
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Watchguard test environment ? 3 72
firewall rule terminology 3 42
pfSense and Sophos Mobile Control Security 4 99
Active & Standby with dual ISP scenario 4 106
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question