Solved

Zone alarm or sygate?

Posted on 2004-10-07
2
1,014 Views
Last Modified: 2013-11-16
I've been using zone alarm now for about 4 years, and am pleased with it. Even formatted my own xml ip blocklist and imported it with great results.
I tried sygate, and found it more of a hassle (Probably because I'm used to ZA)
What in your opinion is the better firewall ZA or sygate?
One other thing: I seem to get alot of portscanning across the netbios range (137,139, 445)
Is this reffered to as "syn flooding"?
Sometimes they are all from the same ip address. Should I add these parties to my blocklist when this happens?
Zone alarm blocks my netbios anyway, but I wonder if I should be concerned at all when my log file shows "extra" activity.
Is this an example of script surfing, or just chatter?

(yes I'm slightly paranoid, but one needs to be on top of things in this day and age)

Thanks :)
0
Comment
Question by:fallenknight308
2 Comments
 
LVL 6

Accepted Solution

by:
knoxj81 earned 100 total points
ID: 12253595
fallenknight308,

I was once in your same shoes. A faithful zone alarm user, until one day I noticed my internet connection is too slow, and that someone has bypassed my firewall with a trojan. This was a few years back, but none the less a wake up call. With a little research, I discovered that Norton AV and ZoneAlarm, wern't at all "secure" programs. Enough with the story, to the facts.

Over the years I tested many different firewalls and virus scanner along with a handle full of other programs. I definitly perfer Sygate Pro, its a wonderful firewall if configured correctly. I get no unauthorized activity on my network since I've been using sygate with custom rules. This is with wireless as well. Usually always have some script kiddie running a port scan for the first time, but as you said, simple click to add them to the blacklist. However, if they are successfully running a port scan on your system, I would switch firewall programs, and also consider a hardware firewall; Linksys or Netgear (I perfer Linksys).

Now, since you metioned needing to be on top of things this day in age. Let me throw this idea out there. IDS - Intrusion Detection System
Snort, is my program of choice here; free and has been around for years. Also you can run this on Linux or Windows. Linux is more advanced options, but for a home user, the Windows install will do fine. One of my favorite thing is, the Snort Community writes new rules for snort right away. Ex. 10/7/04 - New exploit released . Snort would have a rule to block that attack within hours. I'm new to the Snort community, still working on my linux IDS box. As you said, "one needs to be on top of things in this day and age."

Reference:
A post I answered a little while back on IDS:
http://www.experts-exchange.com/Security/Q_21061304.html

Let me know what you think,

Jorden
0
 
LVL 1

Author Comment

by:fallenknight308
ID: 12255614
I have not had anything "sneak" by ZA, but if I'm getting scanned alot then this would mean my ports ARE visible?
I used to believe that guy at "shields up" (grc) but then I found this site: http://www.grcsucks.com/
Apparently there is no such thing as "stealth" If my ports are at risk with ZA I might go ahead and give sygate another try.
As a rule of thumb I  have turned off netbios ect....
Can someone give me a quick overview of how scripting works exactically? I thought its basically like "pinging" in a way.
Thanks.

New points: 100
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now