Posted on 05/12/2007 3:35:30 PM PDT by pctech
I need help with finding a good firewall for my home network.
I have been using software firewalls (ZoneAlarm, McAfee) and I've been using a router (Netgear) for my network and I've really had no problems except for a few hiccups.
Problem is, the software is constantly being changed and it doesn't really block the items I want to have blocked. It seems that spam, popups, phishing are the new threats and software firewalls don't do the trick.
I know there are router/firewalls that I can purchase but you can only program in an extra 10-20 URLs or IP addresses to be blocked. I can purchase internet filters but I have to install them and maintain them on all my computers. Major pain in the neck.
What I want is to purchase is a hardware firewall that I can access to program in sites to blocked, either by IP address, MAC address, or URL. As long as that firewall is between the router and modem I have to update only one item and everyone is protected. I also don't have to worry about file and printer sharing on the network as a firewall won't interfere with that.
Does anyone out there know of something I can purchase that isn't too pricey that would fulfill my needs? Thank you for your assistance.
I'm hoping I can figure out which one to purchase. Any ideas?
The WRT54G wireless router is probably one of Linksys' top five most popular products, with sales volumes in the "hundreds of thousands per month" according to this LinuxDevices article. It is Linux-based and also is probably the #1 "hacked" consumer networking product, with numerous alternative firmware distros available including Sveasoft, HyperWRT, Ewrt, DD-WRT, and OpenWrt. Although loading any of them voids the product warranty, enough users have found the risk worth it due to the features they provide. Some simply provide access to transmit power settings, while others add features not available with Linksys' code.For whatever reason, with the V5, Linksys decided to remove the hackability "feature", switching to the proprietary VxWorks embedded operating system that is used in other consumer networking products. The V5 also halves the amount of both RAM and flash memory to 8 and 2 MB respectively, which according to the LinuxDevices article lets Linksys come out ahead in cost reduction even with the additional cost of the VxWorks license fee. The reduced memory also serves as a deterrent for hackers who might want to find a way around the new bootloader.
The key point - get a WRT54GL, not a WRT54G V5. Only the "L" will run Linux.
But one can get a firewall of similar capability, with more solid hardware, and no assembly effort, by getting something like the HotBrick LB-2 or ZyWall 2. Each of these supports adding a list of URL's that are to be blocked. And under the covers, I suspect they are running BSD or Linux. They will cost upwards of $200 however.
Granted, you can get the WRT54GL for under $70, so if prefer to spend some time on this, rather than spend more money, that's an option that many have found works well.
BTW, do the HotBrick LB-2 or ZyWall 2 come in wired or wireless configurations? I prefer wired just because it's easier to hack into a wireless network and I already have cables run.
I use a separate Wireless Access Point (WAP) when I need wireless for unattached laptops.
If I just need to extend my wired network to a desktop PC in another room, I use Netgear XE102 Wall-Plugged Ethernet Bridges. Everyone I know who has used them has found them to be simple to use and rock solid (so long as they were connecting to wall outlets coming off the same circuit breaker box, with no intervening electric company transformers.)
I can email you a 479K HOSTS file that blocks literally a ton of crap.
Slows down your browser, though.
As to spam, I wandered around the Net a bit, and noticed that there is a Windows program called Spampal that seems to be employing a number of spam-fighting techniques, although I haven't tried it out myself so I can't say how good or bad it is in practice.
I’ll check this, thanks.
You’ve given me some good advice here. I checked out both those items last night and I think I’m going to go with the Hotbrick, when I get the money up of course. It looks like it’ll do what I want.
I thought about getting the Linksys you mentioned in an earlier post, and I still might, if nothing else just to have something to play around with.
I’m going to bookmark this thread. Can I freepmail you if I have more questions about all this? Thanks again for your help.
There is a great, free program called CCleaner. It cleans the registry and will definately speed up the PC.
Thanks!
Now....for my next REQUEST!
I am losing the battle of the printer/cartridges wars!!!
I used to have a simple cannon printer. The cartridges would last forever! Now I got an all in one little HP printer. It prints hardly anything and the cartridge is out. saw article in Wall St Journal that said, the cartridges are cheaper, but they put in less ink!
I am ready to buy another very simple printer....I don’t do pictures and gorgeous graphs. ha. I want the printer where I can get the most sheets printed for the least amount in cartridges. anyone have luck with the new Kodak printers that are supposed to be more expensive, but the ink is less?
they are getting so crafty they won’t print the amount of ink on the cartrdige box.ha.
Either way is ok.
Here's why I say this ...
Windows boxes don't protect very well against incoming malicious packets to some ports it usually leaves open, for the convenience of setting up local networks, using inherently insecure Microsoft protocols. A hardware firewall, or any properly setup BSD or Linux box, which is what most higher end firewalls are, under the covers, is needed for a safe connection to the Internet.
But no matter how good the hardware firewall is, it can't block outgoing packets from spyware or bots (hidden malware on your PC sending out malicious packets and spamware to other PCs.) For that you either need a secure operating environment (i.e., not DOS or Windows), properly managed, or else you need a software firewall that can keep any application from sending out Internet packets that you haven't authorized to send them.
The essential problem with software firewalls is that they require active administration. The user has to tell it which applications are allowed to talk to the Internet, and to tell it again each time that an application is upgraded that it is still allowed. That level of active administration is simply not feasible for the majority of users.
I'd summarize it like this:
So ... I guess actually I agree with you, in recommending a hardware firewall more than a software firewall. Though I do so for what might be different reasons, and I also recommend an "Internet Security" package (for spyware, malware and virus detection and removal), such as at least one of the following:
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.