Archived from groups: comp.security.firewalls (
More info?)
"David" <Researcher01@ComcastNOMAIL.Net> wrote in
news:n5SdnQ6wK6MfT-ndRVn_iw@comcast.com:
> What would be your suggestion for additional security?
> "Iceman©" <iceman@cool.net> wrote in message
> news:c52gvj$2o5n4b$1@ID-132761.news.uni-berlin.de...
>>
>> "David" <Researcher01@ComcastNOMAIL.Net> wrote in message
>> news:HbidnWk49ryeLOndRVn-hA@comcast.com...
>> > How would you rate Sygate Personal Firewall Pro' 5.5?
>> > Good/Bad/Comments etc. apprecciated....
>> >
>> > David W
>> >
>> >
>> Pretty good but I wouldn't relay only on Sygate to secure my system.
>>
>>
>
>
http://www.petri.co.il/block_ping_traffic_with_ipsec.htm
http://www.analogx.com/contents/articles/ipsec.htm
If you have the O/S, then you can use it to supplement a router or host
based FW on the machine.
From a link I read and can be applied even on the PC as far as I am
concerned -- layered defense.
<snip>
Configure IPSec Policy
You should seriously consider setting an Internet Protocol Security (IPSec)
packet-filtering policy on every Web server. This policy provides an extra
level of security if your firewalls are breached. Multiple levels of
security technology are often considered a good practice.
In general, you should block all TCP/IP protocols other than those you
explicitly want to support and the ports you want to open. You can use the
IPSec administration tool or the IPSecPol command line tool to deploy IPSec
policy.
<Snip>
http://www.mvps.org/winhelp2002/hosts.htm
http://www.snapfiles.com/get/hoststoggle.html
If you have one that can be harden, then harden the O/S.
http://www.uksecurityonline.com/index5.php
Of course, you could put it behing a NAT router that cost as much as Sygate
is not a bad option either, even for a single machine.
http://www.homenethelp.com/web/explain/about-NAT.asp
Duane