winroute vs. blackice+za ??

winroute vs. blackice+za ??

Post by Frank Eich » Wed, 26 Jul 2000 04:00:00



Hello,

what is the better solution for a small lan: blackice and zonealarm
simultaneously or just the professional winroute?

If high security is a must, what would you recommend? Does
winroute offer more possibilites to make it even more safe?

I know, that winroute is more difficult to configure. But my
knowledge is good enough to get this running. I know, how to
setup packet filters and how to configure it.

kind regards
Frank

 
 
 

winroute vs. blackice+za ??

Post by Peter Vrat » Wed, 26 Jul 2000 04:00:00



>Hello,

>what is the better solution for a small lan: blackice and zonealarm
>simultaneously or just the professional winroute?

I prefer a combinaton of these.
running winroute on the gateway and zonealarm on the clients.
Winroute is for shure the better solution but cannot do what zonealarm
does. za blocks applications that come from the inside (outbound). So
if some/one of your users has a trojan, za will help. winroute wont if
the port is open.
my first intention is to secure the lan with winroute. za can be
changed by users and on a server you have to permit e.g. some router
or services that also maybe used "by the bad guys" ;-) without any
alarm (e.g. you are running nat so you have to allow the
nat-application to access the internet as a server. if some trojan is
on a client it has free way in/outside!)

so long,
Peter

 
 
 

winroute vs. blackice+za ??

Post by bargepol » Wed, 26 Jul 2000 04:00:00


The answer to your question depends on what you mean by "high security"? To
me, "high security" starts with rigid, well defined policies of network use
by clients as defined by the LAN administrator. Such policies would include
acceptable and supported installed software, logon policies, removable media
use, allowable internet services, etc. In this context, I think Winroute can
contribute to overall network security.

With it, you can control access to internet services (eg. HTTP ok, FTP not
ok), filter URLs to prevent HTTP downloads, allow connections to and from
only trusted hosts, create time windows of allowable access and prevent
unwanted probes and intrusions. Though it won't detect clandestine
communication initiated from a client to a rogue host, a well enforced "no
install policy" would prevent rogue applications from appearing on your LAN
in the first place.

Using a personal firewall to secure internet connections is feasible on a
small LAN where it's possible to ensure that the users have not tampered
with or disabled the protection. This is harder to monitor as the LAN grows.
Because of this, distributed personal firewalls aren't "high security" in a
LAN environment, in my opinion.


Quote:> Hello,

> what is the better solution for a small lan: blackice and zonealarm
> simultaneously or just the professional winroute?

> If high security is a must, what would you recommend? Does
> winroute offer more possibilites to make it even more safe?

> I know, that winroute is more difficult to configure. But my
> knowledge is good enough to get this running. I know, how to
> setup packet filters and how to configure it.

> kind regards
> Frank

 
 
 

1. BlackIce / ZA or ZA / BlackIce?

I've recently gone broadband and used to run just ZoneAlarm.  I'd run
BlackIce Defender on a machine at work.

When the broadband came in I installed BlackIce on my PC so I'm now running
both.

THE QUESTION OF THE DAY IS:

In what order should they be loaded?  Currently ZA loads last.  Would it be
better if BlackIce loaded last?  Does it matter?  Who's on first (so to
speak)?

2. Netra WWW named configuration tool

3. BlackIce vs Winroute Pro

4. ALPS Printer for flesh tones

5. Want Proof? ZA .vs BlackICE Defender

6. XSL transform of XML

7. WinProxy vs. WinRoute vs. MS Proxy

8. Atari ST games FS

9. ZA 2.6 Pro vs. ZA 3.5 (Free) Reinstall Problems

10. Question: ZA vs ZA Pro

11. Conseal PD vs. AtGuard vs. Blackice

12. Tiny Vs Norton vs ZA