both ZoneAlarm & Norton IS firewalls ?

I have DSL and have been running Norton IS firewall for 3 years and also installed free ZA 2.6 over a year ago, running both concurrently, and am now feeling over protected, if not paranoid, particularly after perusing several posts on this BBS. BUT, the combo has caught some nefarious activity and I am wary of doing away with both, but am considering cutting down to only one firewall, maybe NIS. BUT, ZA appears to block intrusions that NIS does not (I turn off ZA and then check NIS log to determine this...). Norton techs say not to worry, but they avoid explaining the difference, and I feel they are being deceptive (paranoia again). The klinker is that ZA provided a "free" upgrade to v3.1.395, and after that I have been dropping DSL connection consistently, so I would like to de-install ZA, but I do not feel that NIS is blocking the proliferation of intrusions that ZA is logging. Point, I do a lot of online financial transactions and want to be secure. What do I do? Do I need both? Which? Is there anyway I can fix the problem with ZA dropping connections (I see that ZA has a new support BBS, and will try that, but they have ignored my complaints that their free upgrade to their free version is causing problems and the only solution is to purchase the pro version...)? I did do a search first, but did not see a solution, sorry if I missed anything... tanx, keywester

 

Could you give some examples? And are they possibly things you've set NIS to allow in?

 

================================= quote:

BUT, ZA appears to block intrusions that NIS does not (I turn off ZA and then check NIS log to determine this...)

Could you give some examples? And are they possibly things you've set NIS to allow in?
======================================

Yes I could provide examples, but ZA log prohibits copy of their display, and their text log is all IP numbers, so that would be a lot of typing for me, so first I will explain that the abundant intrusion attempts (over a thousand per day) are mostly from perceived hackers but that some appear to possibly be my ISP/email provider, although some of those could also be just hackers on my own ISP and many do appear to be, but the ISP will not identify their ID's as they constantly change. Also note that I have tried "whois" on the IP addresses but am unable even with that to determine what might be valid accesses, long story short. So, for examples, most of the incoming attempts that MIGHT be ISP related are of the format "xxx.yyy.bellsouth.net" with xxx = 'ns' or 'ns1' and yyy = location, such as 'mia' for Miami with numerous IP addresses such as 67.34.43.85 or 68.153.98.126. I do get similarly appearing outgoing attempts, altho rarely, and inconsistently (logged by ZA) so that makes me wonder if they are valid, but it all looks strange... On your second question, answer is no, I have never allowed for these "intrusions" in NIS, as I was never aware of them until I stepped into the ZA upgrade cow patty a few months ago, and I do not detect where these intrusions might somehow be allowed for automatically in NIS, and NIS techs do not admit to them or even want to acknowledge that it is not reporting the detection of any of these hits (with ZA turned off…). Let me know if I can provide more info and thanks for the concern...

 

why not get behind a router that uses NAT, similar to the Linksys BEFSR41?

even if you are not operating a small LAN, a router will still serve as a hardware firewall, probably more effectively than any software firewall, and you can then complement the router's security with zonealarm, which will stop all outbound attempts?

most experts tend to agree that a combination like what i've described above it the winning set up.



mark

 

Keywester - ZA tends to linger (and block) even after having been shut down via its System Tray icon. This is probably why the NIS logs aren't showing everything which you would expect. To put this to the test, set ZA not to run at startup, reboot with only NIS running and then examine your logs.

mr.mark - you've been reading the Gibson Files again, aintcha?

 

hi brett

i stand accused of reading the gibson files, if by that you mean the grc.com security forums, not just steve's web page. the hardware and software security forums all seem to point in the direction of a router/za combo for best results. guys like fred langa seem to echo the same sentiment, along with assorted tech publications like pcworld, pcmag, smartcomputing, etc.

as for recommending za specifically? i have personal experience with only three software firewalls... zaf, nis and bid. at one time i was running all three simultaneously (why? just to see if i could ), which was admittedly overkill and also prior to getting behind a router.

i know there are as good (and some folks surely say, better) products out there. i stick with an older version of za (2.6.357) because it gives me very little trouble and i haven't yet read any good reasons why i should give it up.

maybe i'm placing too much weight on the za/linksys combo.

you think?



mark

 

hey mr.mark

regarding your comment "why not get behind a router that uses NAT, similar to the Linksys BEFSR41? ";

to me, that does not compute, can you be more specific or point me in the direction of something that will detail that out for me so that I can comprehend what the requirements would be to go that route(r)... kwester


...and thanks, brett, for the tip, I will give that a try, but likely not tonight... time for some r and r and r and r and

 

more specific than the brand name and the model number?

http://www.linksys.com/products/product.asp?prid=20&grid=5

 

keywester - you'll find a few opinions relating to routers in this thread.

mr.mark - 'twas simply a light-hearted jibe BTW, in view of the fact that you're running an older version of ZA, you might find this thread interesting. I have no idea which versions of ZA were vulnerable - maybe Kevin could enlighten you (I believe he's a regular over at GRC!).

 

accidental resolution

ALL: thanks for the advice; somehow, in researching the problem, I stumbled across a valid IP address RANGE for my ISP, and found where I could "add" a range of IP addresses within ZA, and after doing that, I am no longer getting disconnected, so that apparently is letting the pings, or whatever needs to get thru, do their access thing to avoid the disconnects... now, whether or not anything pernicious is getting through within that IP range I am uncertain, but time will tell; when the NIS subscription expires, will likely not renew it and will reluctantly stay with free ZA and also look into the router suggestion, so, onwards... and again thanks...