On Sunday 10 October 2004 06:49 pm, Chad Perrin wrote:
> xcalibre wrote:
> > free version of zonealarm will not work with linksys routers only thhe
> > paide version has filtering to work with routers
>
> ZoneAlarm works on the PC on which it is installed to prevent packets
> from entering and leaving the system based on what rules you set for it,
> based on which network "zone" the packets are coming from or going to.
> Whether or not there's a router has very little to do with it, except
> insofar as the router makes ZoneAlarm redundant if it is also a firewall.
Well this is not entirely correct. Having ZA and an external f/w running is
not redundant as security is a multi-layered approach. It's made out of many
pieces working together. Each adding a layer of security.
(I've not used/seen ZA Pro, but it could have routing support in which case it
could have the ability to understand routing protocols.)
ZA by itself is not total security as it can be bypassed from the outside.
Ditto a packet filter which does not know anything about applications cannot
block what ZA blocks.
Let's say you browse a corrupted website and end up downloading a viral
application. Your packetfilter sure did not stop it. Windows being nice and
cooperative, then executes it for you (well, for the criminal hacker).
It may not have the smarts to modify ZA and so when it tries to go online ZA
stops it. So disabling ZA is not the thing to do just because you have a
packet filter firewall.
Now a proxy fireewall can do a bit better as it sends out a proxy request and
then returns a proxy answer. So to some degree it's better on dealing with
the above.
Ideally you also have an application firewall, not unlike ZA. Except ZA is not
a true application firewall, more of a hybrid.
Another layer is not to allow images or html to be drawn or executed through
email. Yet another one can be various s/w that detects abnormal behavior or
traffic.
Anyway, the point with this was just to show why a firewall and ZA are not
mutually exclusive, or redundant.
--Steve Szmidt
"They that would give up essential liberty for temporary safety deserve neither liberty nor safety." Benjamin Franklin ----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:32:14 EDT