LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   General (http://www.linuxquestions.org/questions/general-10/)
-   -   Searching for winbloz firewall software (http://www.linuxquestions.org/questions/general-10/searching-for-winbloz-firewall-software-470460/)

crashsystems 08-03-2006 11:08 AM

Searching for winbloz firewall software
 
I know everyone might think it crazy that I'm asking a winbloz question on this site, but some things just can't be helped. I'm the IT admin for a non-profit in Tn. and am currently researching ways I can secure our office network. Our file server is running Linux thankfully, but all the employee desktops are running xp boxes. I would like nothing more than to switch them all to linux, but that is not presently feasible (hopefully in the future though). So I'm looking for some good (relatively speaking) firewall software to run on xp. A few of the win boxes need to be able to share a printer, but for the most part they just need to run firefox/skype, and connect to my samba server. I would prefer something that is free/open source, but if I need to shell out some cash to get a decent firewall software thats ok to (as long as its not too much cash). So does anyone have any sugestions on some good software to use? Thanks for the help.

crashsystems

ErrorBound 08-03-2006 12:44 PM

There is a free (beer) version of ZoneAlarm which is good. Not sure if it is licensed for corporate use though.

pljvaldez 08-03-2006 12:51 PM

How is your gateway setup? Is it just an off the shelf router or is it a separate machine setup as a gateway?

The problem I see is that even though you're a non-profit organization, most EULA agreements for software will still classify you as a business that has to buy the software. If you're okay buying stuff, you might look into ZoneAlarm or Sygate (now symantec). Or just go with the Windows Firewall which should be installed with SP2.

I think I'd be inclined to just use the Windows Firewall and then setup a separate linux firewall box for the gateway/internet connection. Then your network is protected from the outside by the linux box and your intranet is protected by each machine's windows firewall.

crashsystems 08-03-2006 02:06 PM

I've never been very impressed with the built in sp2 firewall. For the gateway, we have a netgear proSafe VPN firewall, and based upon the tests I've done, it does quite well in protecting against outside attacks. What I'm worried about though is someone getting a trojan on one of the xp boxes (it definitely has happened before, though we use AVG antivirus network addition), and the writer of the trojan using that to bypass the netgear firewall, and attack the file server from the inside. Pljvaldez I've checked out the two non-free programs you sugested, and they look quite expensive. If I were to just use the free zone alarm (which I've been thinking of already), do you think it would do the trick? I was really hoping that I could find something open-source for xp. Thanks for your help.

crashsystems

slantoflight 08-03-2006 10:16 PM

Quote:

Originally Posted by crashsystems
I've never been very impressed with the built in sp2 firewall. For the gateway, we have a netgear proSafe VPN firewall, and based upon the tests I've done, it does quite well in protecting against outside attacks. What I'm worried about though is someone getting a trojan on one of the xp boxes (it definitely has happened before, though we use AVG antivirus network addition), and the writer of the trojan using that to bypass the netgear firewall, and attack the file server from the inside. Pljvaldez I've checked out the two non-free programs you sugested, and they look quite expensive. If I were to just use the free zone alarm (which I've been thinking of already), do you think it would do the trick? I was really hoping that I could find something open-source for xp. Thanks for your help.

crashsystems

SP2 firewall is adequate as long as unsolicited programs are unable to run. You can solve this simply by using limited user acounts. If you're running in administrator mode all bets are off. You don't really stand much of a chance against any virus thats clever enough to bypass firewalls. Even if you do purchase Zone alarm. As you mentioned SP2 has no outbound blocking. And weak application based blocking. Application masquerading is still a threat, and one the many holes in the SP2 firewall. Even with Zone Alarm, there still virii designed specifically to bypass it.

However there is the one method which dominates. It obviates the need for any expensive third-party, firewall or virus scanner. And is much more guarrunteed.

Software Restriction Policies.

Its usually impractical because of the amount of time it takes to set up and for programs that constantly update. But if you're an IT-pro you can easily develop a macro to ease these things along I'm assumming.

You create a limited user account.
In the administrive account you execute local security settings, found in administrive tools in control panel.
You right click on software restricion policies click create policies.
Under security levels check disallowed as the default security level.
http://img99.imageshack.us/img99/894/softwarereswt9.jpg
For all the additional programs you need to run. Right click on additionals rules and add new hash. Looking at the limited number of programs you need to this should be relatively quick. It might also interesting to know, that by default any program files placed within C:\windows have no restriction policies. Might be a bit of convience to install programs to a subfolder within there.

This is hammer.

Combined with tcp/ip filtering,

http://img284.imageshack.us/img284/4...pfilterba1.jpg
sp2 firewall with icmp blocked.

and write protection of all windows files, dlls and exes.

and disable viewing of cmd, regedit, and iexplore. (Theres a few I probablly missing)
and if you can use Open Office rather than MS Word(ms word can utilizie powerful vb macros that can execute external dlls or using existing windows one to potentially bypass software restrictions)


and a it-pro like you actively viewing logs.

I think you will find your systems fairly secure. The only way around this, is the way of pain. The person would have to use a bootdisk pretty much to get around this. (or exectue rundll32 and access winsock to send some outbound net traffic, watch out for rundll32) That can be remedied by changing a few bios settings and locking the computer case.

Ofcourse I have'nt covered everything. There might still be a loose ends. But its decent.

The only real threat seems to be if some advanced programmer takes over one your computers, executes a string of rundll32 command that abuse the windows api to send out private information about the computer. Such as hashes within the registry that can be used to crack user passwords. The odds of this happening to you are somewhat remote.
Ofcourse its more likely that some greedy member download a script to do this for him. Might want to add .bat and .vbs the list of disabled extensions to be on the extra safe side.

Mountain Man 08-04-2006 09:33 AM

You might want to check out Comodo free firewall. I'm not sure what the EULA says about non profit or corporate use, but they aren't trying (very hard at least) to sell you a full version like the other free firewall download pages I've been to. I read about them in PC Mag a month or so back, they gave them a very good review.

crashsystems 08-04-2006 09:58 AM

Thank you slantoflight for the detailed info. I think that with what you've posted, along with the other stuff I've read on this post and from various google searches, I have the info I need to implement a security plan for the windows computers in our office.

crashsystems


All times are GMT -5. The time now is 08:03 AM.