mersenneforum.org Firewall program? Contact server after upgrade
 Register FAQ Search Today's Posts Mark Forums Read

 2003-07-11, 04:15 #12 nomadicus     Jan 2003 North Carolina F616 Posts Some,not all, routers have built in firewalls (and even then you have to activate them), but I still run zonealarm and see something come through to the OS once in a while. zonealarm is about 0.5% on my 1.466 MHz AMD XP. I think za does a fixed amount of work even when (mostly) idle and so the faster the processor, the less of a hit. john
 2003-07-11, 06:24 #13 Xyzzy     "Mike" Aug 2002 2·29·137 Posts Most ordinary routers have NAT, which functions as a very primitive firewall in that usually all incoming ports are blocked unless you have specifically set them otherwise... Some higher end consumer routers advertise features like SPI but I've owned most of them and IMO they are less than worthless... Security is the fine art of balancing usability with safety... I can make a box 100% secure from the Internet by disconnecting the cable but then usability suffers... I rarely get attached to a piece of hardware, especially one whose operation is such that you never see it, but a few months of owning my Pix has made me a lifetime believer... Now if I could just get a Prime95 client for it! [code:1]pixfirewall> show version Cisco PIX Firewall Version 6.2(2) Cisco PIX Device Manager Version 2.1(1) Compiled on Fri 07-Jun-02 17:49 by morlee pixfirewall up 1 day 14 hours Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz Flash E28F640J3 @ 0x3000000, 8MB BIOS Flash E28F640J3 @ 0xfffd8000, 128KB 0: ethernet0: address is 000c.cec3.de88, irq 9 1: ethernet1: address is 000c.cec3.de89, irq 10 Licensed Features: Failover: Disabled VPN-DES: Enabled VPN-3DES: Disabled Maximum Interfaces: 2 Cut-through Proxy: Enabled Guards: Enabled URL-filtering: Enabled Inside Hosts: 10 Throughput: Limited IKE peers: 5 Serial Number: ????????? (0x????????) Running Activation Key: 0x???????? 0x???????? 0x???????? 0x???????? Configuration last modified by enable_15 at 23:16:30.277 UTC Thu Jul 10 2003 pixfirewall# show cpu usage CPU utilization for 5 seconds = 1%; 1 minute: 0%; 5 minutes: 0% [/code:1] I've run slower boxes than this on GIMPS...
2003-07-11, 17:37   #14
dswanson

Aug 2002

20010 Posts

Quote:
 Originally Posted by nomadicus Some,not all, routers have built in firewalls (and even then you have to activate them), but I still run zonealarm and see something come through to the OS once in a while.
Whew, glad to know I wasn't wasting efficiency. My experience with ZA with my router has been much more similar to yours -- one or two reports of a block access attempt every couple of months -- rather than PageFault's 1000 attempts in 15 minutes.

Xyzzy, you can run no SW firewall at all with that Pix thing? How much does one of those cost? How complicated is it to set up and configure?

2003-07-11, 20:43   #15
Xyzzy

"Mike"
Aug 2002

11111000010102 Posts

Quote:
 Originally Posted by dswanson Xyzzy, you can run no SW firewall at all with that Pix thing? How much does one of those cost? How complicated is it to set up and configure?
No SW firewall is needed... It costs around 400 bux in the simplest form, which is what I have... That sounds like a lot, and it is up front, but I look at the TCO, not just initial purchase price... It is fairly easy to set up... It can get as hard as you want it to be, in that it is very very configurable... It comes with a web-based utility to configure it, or you can SSH or telnet in, or you can use a serial console...

I've posted a pile of pictures in that thread I listed above...

There are, of course, many solutions to a problem like security, and a lot of them are quite a bit cheaper, so you will want to investigate all of them before making a decision...

Here is a great book...

http://www.oreilly.com/catalog/fire2/

Here is some documentation on the Pix...

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/63config.pdf

As you can see, this ain't no Linksys...

 2003-07-26, 06:23 #16 markhl   Apr 2003 California 22×23 Posts I have DSL. Since it uses an Ethernet modem, it is connected to the PC by an Ethernet connection. On Windows XP Professional SP1 (and 2000?), I right-clicked the connection and chose Properties, chose the Advanced tab, & checked the Internet Connection Firewall box. So I uninstalled ZoneAlarm and still have a software firewall. Simpler, more CPU cycles for Prime95!
 2003-07-27, 20:01 #17 QuintLeo     Oct 2002 Lost in the hills of Iowa 26·7 Posts I would *not* trust any Micro$loth "security" product. PERIOD. Micro$loth is *NOTORIOUS* for the poor quality of the code they release, and the number of exploits and security HOLES they allow in their released products. I would *not* class Zone Alarm as "wasted cycles" if you don't have a *NIX-based firewall or a specific firewall appliance in place. NAT is *NOT* in any way, shape, or form a "firewall" - it can be *integrated* with a firewall, and under LINUX commonly is so integrated, but NAT by itself offers NO security protection. "Security by obscurity" isn't.

 Similar Threads Thread Thread Starter Forum Replies Last Post Unregistered Information & Answers 2 2012-04-16 23:51 Joe O Sierpinski/Riesel Base 5 2 2010-12-05 15:14 Unregistered Information & Answers 1 2010-09-14 23:27 OzoneTom Information & Answers 3 2009-08-05 15:14 BranMuffin Software 2 2004-06-23 02:44

All times are UTC. The time now is 20:00.

Tue Jan 26 20:00:07 UTC 2021 up 54 days, 16:11, 0 users, load averages: 2.95, 2.79, 2.55