Solved

Zone alarm or sygate?

Posted on 2004-10-07
2
1,030 Views
Last Modified: 2013-11-16
I've been using zone alarm now for about 4 years, and am pleased with it. Even formatted my own xml ip blocklist and imported it with great results.
I tried sygate, and found it more of a hassle (Probably because I'm used to ZA)
What in your opinion is the better firewall ZA or sygate?
One other thing: I seem to get alot of portscanning across the netbios range (137,139, 445)
Is this reffered to as "syn flooding"?
Sometimes they are all from the same ip address. Should I add these parties to my blocklist when this happens?
Zone alarm blocks my netbios anyway, but I wonder if I should be concerned at all when my log file shows "extra" activity.
Is this an example of script surfing, or just chatter?

(yes I'm slightly paranoid, but one needs to be on top of things in this day and age)

Thanks :)
0
Comment
Question by:fallenknight308
2 Comments
 
LVL 6

Accepted Solution

by:
knoxj81 earned 100 total points
ID: 12253595
fallenknight308,

I was once in your same shoes. A faithful zone alarm user, until one day I noticed my internet connection is too slow, and that someone has bypassed my firewall with a trojan. This was a few years back, but none the less a wake up call. With a little research, I discovered that Norton AV and ZoneAlarm, wern't at all "secure" programs. Enough with the story, to the facts.

Over the years I tested many different firewalls and virus scanner along with a handle full of other programs. I definitly perfer Sygate Pro, its a wonderful firewall if configured correctly. I get no unauthorized activity on my network since I've been using sygate with custom rules. This is with wireless as well. Usually always have some script kiddie running a port scan for the first time, but as you said, simple click to add them to the blacklist. However, if they are successfully running a port scan on your system, I would switch firewall programs, and also consider a hardware firewall; Linksys or Netgear (I perfer Linksys).

Now, since you metioned needing to be on top of things this day in age. Let me throw this idea out there. IDS - Intrusion Detection System
Snort, is my program of choice here; free and has been around for years. Also you can run this on Linux or Windows. Linux is more advanced options, but for a home user, the Windows install will do fine. One of my favorite thing is, the Snort Community writes new rules for snort right away. Ex. 10/7/04 - New exploit released . Snort would have a rule to block that attack within hours. I'm new to the Snort community, still working on my linux IDS box. As you said, "one needs to be on top of things in this day and age."

Reference:
A post I answered a little while back on IDS:
http://www.experts-exchange.com/Security/Q_21061304.html

Let me know what you think,

Jorden
0
 
LVL 1

Author Comment

by:fallenknight308
ID: 12255614
I have not had anything "sneak" by ZA, but if I'm getting scanned alot then this would mean my ports ARE visible?
I used to believe that guy at "shields up" (grc) but then I found this site: http://www.grcsucks.com/
Apparently there is no such thing as "stealth" If my ports are at risk with ZA I might go ahead and give sygate another try.
As a rule of thumb I  have turned off netbios ect....
Can someone give me a quick overview of how scripting works exactically? I thought its basically like "pinging" in a way.
Thanks.

New points: 100
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now