Any experience with Zone Alarm Firewall?

Designing network and then placing firewall according to network design is very important aspect. Configuration of firewall is another very important step to mitigate attacks.

Selecting firewall that meets with the business (or personal) needs requires careful and realistic analysis.

Software Firewalls: These firewalls have their own pros and cons, but they are usually designed for home user protection (or at least they’re not designed to protect mission critical systems and/or businesses), that is why they are cheap and easy to configure. One of the major drawbacks of these firewalls is, they are dependent on the Operating System of PC, if there is an inherent flaw in the design of OS or configuration of OS, these firewall alone can't protect; first you have to patch and update operating system regularly. Suppose, if any attack vector successfully exploits vulnerability of the system they whole system is exposed (e.g. viruses and trojans from infected USB, or virus infection from Email etc).

Hardware Firewalls: These firewalls are designed specifically to address above of the threats along with added layer of protection. Usually, by default every service is locked down in firewall and administrator have to configure rules on firewall to use them according to their network. They are dedicated for their functions, which is protecting from all known vulnerabilities, zero days attacks, DoS attacks etc. Always look for stateful firewall which is far better than stateless firewall. I hope it will clear the ambiguity that surrounds in selecting a firewall. For small office home office to mid size businesses must consider standalone, dedicated hardware firewalls in view of above incidence.

Feel free to ask questions..... best of luck :)

Rick,

There are many different ways to address leaks and intrusions. The bigger issue you need to identify is where the threats are, both internal and external. Only then can you create an effective policy and infrastructure.

Jim

I would advocate a hardware firewall with stateful packet inspection. Most Hardware Firewalls will have the ability to download definition updates. This is in a subscription or maintenance agreement format, so the hardware solution can become pricey rather quickly. SonicWall has some nice solutions for SMB. For an Enterprise or site-wide application I would look at the Cisco ASA 5505 or for more control Cisco ASA 5510. The latter can be a very complex solution. If you are or have a Network Administrator that is worth his salt, then this is doable to maintain for yourself in-house. Othwise, if your budget allows, you may want to venture into the realm of the hosted solution where a 3rd party security company would setup, maintain and monitor the device for you. Don't forget to look at the reports from whatever device or software solution you deploy. You won't know if it is doing a good job or even if it is doing its job without some feedback and measurement ability.

I hope that helps! Good luck!

Zone Alarm may be good for a personal workstation but I would not use it as a first line of defense. There is a saying, if you're going to do it, do it the right way so you would never have to do it again. With that said, you need to determine what it is you need to protect, how much it cost you and how much it's worth to you and go from there. Because you've suffered a breach already, you should already know the costs so far associated with remediation. So now I will move on and explain things a bit more...

Think of a firewall as say a "bouncer" in a night club. You go to a club, the bouncer checks your name against the list and if you're on the list, you get to go in the club. If not, you get rejected. Firewalls are no different. Some can block addresses, some can block services, some can block certain types of traffic inside of packets, it all boils down to what it is you need done. With that said, a firewall won't necessarily stop a compromise. Remember all a firewall is doing is what you tell it to do. Block, allow, report.

Many of the common attack methods used to compromise companies are normally called "client side" attacks. The attack vector(s) is/are different and a firewall will not block most of these attacks. Let's take a look at what happened earlier in the year with Google (http://www.wired.com/threatlevel/2010/01/operation-aurora/) and not Google, but Adobe, Microsoft, Juniper, Symantec, Yahoo, Northrup Grumman and Dow Chemical source: http://unsafebits.com/2010/01/18/china-related-cyber-attacks-on-major-firms-a... Do you think these companies DID NOT have firewalls in place?

In a client side attack, an attacker is leveraging buggy software and connecting in reverse fashion. FROM YOU to them. This *can* be stopped by a firewall however, the likelihood of it being successful is very low. Even if you ARE using a firewall capable of stateful filtering. What I would suggest is getting someone to perform a risk assessment for you and perhaps a penetration test, find your weaknesses, explain them to you and set you in the right direction to protect yourself. A firewall is likely not going to stop a structured attack. While it may minimize the low hanging fruit, most firewalls can be outright bypassed.

J. Oquendo
E-Fensive Security Strategies

If you had a security breach you need a security policy first not just a firewall, you need to determine what, where and the cost of security according to your company affordability.
As for firewalls there are three layers in your network that are eligible for firewalls, your network parameters (usually your gateway), between your gateway and your LAN and finally host (PC) firewall. A good firewall implementation would include all the three layers. and a perfect solution would include a 3 compatible solutions (i.e. your gateway firewall can communicate with the host firewall)
you may need to get some professional security auditing consultant for maximum benefit of your company. and don't get security issue lightly
a good reading about developing a security policy
http://www.sans.org/reading_room/whitepapers/policyissues/information-securit...