Forum Discussion
Jack Smith
Jul 26, 2017Copper Contributor
My Wish: A full fledged firewall for Windows 10
I have used Windows software for years. I have always purchased software to protect my Windows systems. I would really like to see Microsoft step up the protection for a home/portable PC, to meet t...
Justin Satava
Jul 31, 2017Copper Contributor
There's a little app for windows firewall that handles the configurations for you. It turns off the Allow by default behavior and lets you do it on an app-by-app, port-by-port basis. You can even limit apps to internal networks only. Windows firewall is way stronger than people give it credit for, it's just not easy to configure manually. The app is called TinyWall. The other option you have is to run a freeBSD based firewall (my personal method) called pfSense. It requires its own hardware or VM.
Jack Smith
Aug 01, 2017Copper Contributor
I had replied back, via email, but it did not register here, so I am copying what I said in the email here.
Interesting. I used to use something called 'Tiny Personal Fire Wall', some time ago. Are they related? I also used 'Zone Alarm' in the past. I will have to take a look at 'Tinywall'. Thanks for the information, as it seems that the product does some of the things that I would like to do.
As for Windows firewall, yes, it is more difficult to get 'under the hood'. In fact, I was looking for the IP/country blocking capability and did not find it. The 'help' section had no listing for such an item. I also wanted to look at the possibility of managing ports. The 'Microsoft Management Console' was not helpful in this regard either.
As for additional hardware, or a 'VM', I am not that motivated! I have been tempted to dig up a vulnerability scanner and point it at my system, just to see what I might see. I decided not to though, as I figured it might give me a headache, with false positives, and my not having full firewall control. I was going to use a Nmap.
- Justin SatavaAug 01, 2017Copper Contributor
If you don't want to go the route of a VM you can simply replace your current router with a pfSense appliance. Check out "Netgate" products (They're partnered with the pfSense team) They just released a few budget friendly models.
- Jack SmithAug 01, 2017Copper Contributor
With the Pfsense software being free, and the only need being to purchase the hardware, tailored to your situation, this is reasonable item. I took a look, seeing a SOHO firewall, with retail cost of $299. I have added the Pfsense software, and website to my 'to do' list for going through. I saw that they use 'Snort' also, which got me a little curious. I had a Netgear firewall at one point, which I had to get rid of, as they did not update the software and it became listed as 'vulnerable', due to a software problem. I think it died off, due to lack of consumer response though, resulting in lack of further software updates/development. It was removed from the market.
- Justin SatavaAug 01, 2017Copper Contributor
I personally buy old Dell Optiplex SFF towers refurbished locally, either with an i3 or an i5 depending on what it's being used for (The Core 2 Duo / Quads don't properly support AES) and I get them cheap too, around 150-250 each. I then throw a dual Intel Nic and a pair of Sandisk SSDs in them to take the total spent up about another 100 bucks. I install pfSense with the dual drives in a geo mirror. I've installed these as firewalls in several buildings that I handle IT work for, as well as my home and the company I work for. The appliances are great if you don't want something bulky or power hungry, but the small form factor towers are great if you have high speed connections with multiple vpns (almost every company I take care of has a vpn tunnel into my home and my office firewall in addition to telecommuters). pfSense is updated regularly and has shown no sign of falling off the grid like older devices do because it's a soft solution. The most recent update (2.4) will be utilizing freeBSD 11 as the back end (currently 2.3 uses freeBSD 10.3). If this software appeals to you, be sure to check out freeNAS as well. It's also freeBSD based and handles almost everything I need for home and small office.
Hope that sheds some light on the software!