The answer to your question depends on what you mean by "high security"? To
me, "high security" starts with rigid, well defined policies of network use
by clients as defined by the LAN administrator. Such policies would include
acceptable and supported installed software, logon policies, removable media
use, allowable internet services, etc. In this context, I think Winroute can
contribute to overall network security.
With it, you can control access to internet services (eg. HTTP ok, FTP not
ok), filter URLs to prevent HTTP downloads, allow connections to and from
only trusted hosts, create time windows of allowable access and prevent
unwanted probes and intrusions. Though it won't detect clandestine
communication initiated from a client to a rogue host, a well enforced "no
install policy" would prevent rogue applications from appearing on your LAN
in the first place.
Using a personal firewall to secure internet connections is feasible on a
small LAN where it's possible to ensure that the users have not tampered
with or disabled the protection. This is harder to monitor as the LAN grows.
Because of this, distributed personal firewalls aren't "high security" in a
LAN environment, in my opinion.
> what is the better solution for a small lan: blackice and zonealarm
> simultaneously or just the professional winroute?
> If high security is a must, what would you recommend? Does
> winroute offer more possibilites to make it even more safe?
> I know, that winroute is more difficult to configure. But my
> knowledge is good enough to get this running. I know, how to
> setup packet filters and how to configure it.
> kind regards