Firewall / Router information request

[plissken]

The enterprise level stuff in Iain's link?

 

 

The recent one's have been SOHO and SMB vectored units.

[plissken]

 

Yeah, or you can run Linux or FreeBSD and get a system set up from the start not to give admin privileges to most executable code without your permission.

 

Yep, I run Ubuntu but real world requires that I run Windows. If the OP is asking solid basic questions about Firewalls I don't think I'm going to start talking them into Linux.

[Jud]

The recent one's have been SOHO and SMB vectored units.

 

That makes a lot more economic sense.

[Jud]

Yep, I run Ubuntu but real world requires that I run Windows. If the OP is asking solid basic questions about Firewalls I don't think I'm going to start talking them into Linux.

 

Agreed. I haven't tried AppLocker but I wonder whether folks who aren't computer-savvy will be able to set that up very effectively. "Yeah, all you do is type 'secpol.msc' and...." "What'd you say?"

[Iain]

The first link, if I understand correctly, appears to be for a combination *software* firewall and AV, which have existed for a very long time. I happen to dislike software firewalls as a matter of personal preference, as at least at the consumer level I've never yet run into one that didn't start off too intrusive and wind up too permissive, because the algorithms weren't good enough to distinguish truly harmful content from ordinary at a very specific level in the way that good AV software does.

 

I was seriously considering a ZyXEL USG in 2012 to replace my then old 3Com router. What I learnt was that the ones in my price range were seriously underpowered for running that software. Eventually, I settled for a Cisco SMB router/firewall as a compromise, that was highly rated for security and speed in Small Net Builder router charts.

 

What's interesting of ZyXEL gateways, is they are all ICSA certified. That indicates they are true firewalls.

 

I don't know enough about the ZyXEL enterprise-level stuff to comment, though my assumption would be that the price range isn't what our OP is looking for.

 

Quite.

[plissken]

Agreed. I haven't tried AppLocker but I wonder whether folks who aren't computer-savvy will be able to set that up very effectively. "Yeah, all you do is type 'secpol.msc' and...." "What'd you say?"

 

Plenty of youtube tutorials.

 

You may be too lazy to setup white lists and such with OpenDNS or Proxy settings. I'm too lazy to clean my machine of infections :-)

[Paul R]

Actually the future is here, albeit in the top-end routers for now:

Virus Protection, Zone Alarm, for Consumer and Home | Check Point Software

 

Security Appliances and Services | ZyXEL

 

 

(OT) - Isn't this the same Checkpoint stuff they have been selling for ages? I actually like it, but in terms of professional use, Cisco ASA's, located with application visibility control, anti-virus, anti-malware, and backed up by an Ironport Web security system is the best I have seen commercially available, so far. Expensive as audiophile equipment, and a bear and a half to configure!

 

But boy, does it work well!

 

-Paul