Put those fires out! What's a Firewall/Intrusion Detection Soft?

Simply put, a firewall/intrusion detection soft are tools designed to protect the security of a computer system, to prevent unauthorized access to or from a private network , be it a private network or an individual PC. They are almost one and the same, as a firewall stops unauthorized access by Internet users from accessing private networks connected to the Internet, while intrusion detection system warns about an attempt, logs it and asks you what you want to do about it. They can be both hardware and software, or a combination of both. Usually, all messages entering or leaving the computer system pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

Today,firewall/intrusion detection soft soft for PC is a MUST. Every time you access a web site, download a file or just log online you unwittingly give ton of info about yourself, your system, where you have been before, ets. Web sites try feeding us ads, cookies, or slip us unwanted Java or Active X scripts. Worse, script kiddies like to scan ports or probe our PCs while we are online(happens to me all the time) or while we are using ICQ or IRCs.

There are several types of firewall techniques:

In practice, many firewalls use two or more of these techniques together.

There are also several products that can watch your connections and ports. Review of them bellow too.

Here are reviews of several firewall products(personally I use both BlackICE Defender and At Guard):

BlackICE Defender from NetworkIce.com is an intrusion detection soft It is the current favorite in the Windoze world right now. It will block hacking atempts, and will filter all kinds of junk while you are online. It has several security levels: trusting(lowest), cautious, nervous, paranoid(highest). It is almost self installing it asks you every time a strange conenctiong is attempted and it keeps a log too! http://www.clariondeveloper.comhas the ClearIce freeware which will assist you in analyzing the data that BlackICE produces


The Firewall from Signal9 is a new software package allowing you to define exactly what communication is allowed to enter and leave your PC. In this way you can filter ICMP packets so you will be immune to the DoS attack that disconnects you from IRC. The Firewall works on a ruleset that is available for you to download. This ruleset has been built and tested with all of the programs you see on the list below, and it will have minimal impact on your existing Internet activity. Below is the list of applications that have been tested with the Firewall, and conflicts, if any.http://neudump.cjb.net has an essey on how to set up and use Signal 9

ConSeal has been sold to McAfee. ConSeal also blocks protocols the other products (currently) ignore. NME has made a few ruleset packs for it: NME-basic1.zip and http://locus.webprovider.com/NME-strict1.zip. If you use ICQ or have other specific needs you may need to tweak the rulesets. They should work pretty good for most.

In the end, extremly well done firewall product but hard to use because it stops and ask you if you want to allow ALL outgoing and incoming packetges, plus the documentatiion on it is spotty and not complete.


At Guard has been sold to Norton2000, but you can still find it floating around on the net. It has many advantiges, it stops cookies, ads, java, Java Scripts, Active X, ICMP pings, and it can be set up to ask you every time a connection is made to and from your PC. geocities.com/tom_rapid/page5.html contains AtGuard Message board archives,
here is mine AtGuard FAQ on how to set it up, including how to make rules, ets.

Conclusions: very effective product, has MANY MANY options to play and fiddle with.


Proxomitron(totally free), from http://members.tripod.com/Proxomitron. Very easy to install and use, it will stop cookies, Java, and won't let any info to slip out of your PC. It has a wide range of settings. I would suggest you read the a how to use Proxomitron FAQ by AnoniMouse. Conclusion: GET IT and get it NOW!


JunkBusters from JunkBusters is trully excelent free firewall software that stops ads, cookies, ets! The problem is it's a DOS product. Personally, I have never tried it so I cant talk about it, but if anybody has used it, they are welcome to write me a note tellign me how it works, idf it has any advantiges, disadvantiges, ets


ZeroLabs has been getting lots of hyped press lately. It's free, yes, and it is supposed to watch which of your programs communicate with the outside world. Unfortunatly, its GUI interface is made with big bold icons, silly looking interface, and besides, lots of other softs already do the same thing. Conclusions: nothing special, get it if you MUST, but why bother, really?

Guard Dog Conclusion: Complelty useless piece of crap, you have been had, delete it off your system

Lockedown Conclusions the worse of the lot, boy, are you a sucker!


various Port Listeners, packet sniffers

Program and URL

what it is used for

CommView from Tamos.com
(network tools)-
for capturing and analizing network packets
PacketStorm-Sniffers a viraety of packets sniffers for non-Win OS like UNIX, ets
Sysinternals
(utilities soft for Win9X, NT)-
filemon, portmon, regimon, ets
filemon lists all the processes running on your box, portmon watches your ports, regimon cleans your registery;
all freeware/shareware
NetMontor soft from
Leech Software.com
monitors your ports for ya
NtTtoolBox.com has
PrcView, TCP/IP View,
InZider
PrcView watches all your NT, Win9X proccesses,
TCP/IP View watches your connections
InZider observes all your NT, Win9X proccesses,
Stay away from the NetBus!

For MUCH more detailed info on what a firewall is, go tocerias.purdue.edu/coast/firewalls/ here are what other people have written about various firewall products: http://www.grc.com/su-firewalls.htm has an excelent review of several great firewalls for PC with screen shots, icluding Black Ice, Signal 9, ets

Here are several more links to check:
For Macs use NetBarrier as a firewall, from www.intego.com or Personal DoorStop-go to versiontracker.com and type that in the search on the bottom. Also, try www.securemac.com