RE: IPsec vs any personal software firewall

From: Combs, Christopher (Christopher) (ccombs_at_avaya.com)
Date: 09/29/03

  • Next message: Marc Fossi: "SecurityFocus Microsoft Newsletter #156" 
    Date: Mon, 29 Sep 2003 11:40:27 -0600
To: "Kamran  Muzaffer" <kmahmed@cyber.net.pk>, <focus-ms@securityfocus.com>

    Here are the differences in using IPSec or a personal firewall like Kerio Personal Firewall (Which I prefer)

    IPSec is controllable by policies and has no user intervention. Once the IPSec policy is assigned, that is it. And yes, it does perform very well with little to no effect on performance.

    A personal Firewall allows you to choose your filter options based on the incoming traffic. For locking systems down, I use IPSec. For personal workstations, I use a personal firewall.

    Hope this helps.

    Christopher J. Combs
    Avaya Tier 3 Convergence Engineer
    AIM ID - cjintier3
    (720) 444-1092
    "Minding your net, safe and secure"
    http://support.avaya.com/security

    -----Original Message-----
    From: Kamran Muzaffer [mailto:kmahmed@cyber.net.pk]
    Sent: Thursday, September 25, 2003 6:35 PM
    To: focus-ms@securityfocus.com
    Subject: IPsec vs any personal software firewall

    Hi,
     
    I just want to know what is preferred from the machine utilization point of view, filtering traffic through IPsec or using any software firewall like Tiny Personal, Zone Alarm etc. Microsoft's documentation states that IPsec rules do affect the performance of the machine on which they are applied. Is there any proper guideline or 'thinks to remember' for implementing a performance and security affective IPsec or any firewall structure.
     
    Thanks in advance.
     
    Regards,
    Kamran Muzaffer

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Marc Fossi: "SecurityFocus Microsoft Newsletter #156"

    Relevant Pages

    • Interoperability of Win2000 IPSec with personal firewall software
      ... Windows 2000 IPSec policy (the one that comes built-in to Windows ... Norton Personal Firewall, and it's utterly incompatible with my setup ...
      (comp.security.firewalls)
    • Re: IpSec filtering
      ... I think you would be better served with a personal firewall such as many of the free ... ones available from Zone Alarm, ... However to your question on ipsec. ... > I tried to open UDP port 53 for DNS, ...
      (microsoft.public.win2000.security)
    • Re: Using IPSec to Lock Down a Server
      ... > ports allowed for oubound traffic instead of anything goes. ... Ipsec is an added layer of protection, but IMHO a personal firewall is ... server sits on a business DSL connection doing the "internet" related ...
      (microsoft.public.win2000.security)
    • Re: IPSEC filters on port ranges
      ... A personal firewall works a lot better in that ... Of course if you need to configure port ... filtering on a bunch of computers quickly, remotely, and for free it has ... > I started testing IPSEC on a test server. ...
      (microsoft.public.win2000.security)