The following is for educational purposes and also lists based on my experience Firewall products that I have used in the past.
In a nutshell, a firewall monitors and controls the incoming and outgoing network traffic based on predetermined security rules.
The IPS or IDPS (Intrusion Prevention System - IPS/Intrusion Detection and Prevention System - IPDS) are security measures added to a Firewall program in its core.
Within such features, it is where it breaks down to:
Network-based Intrusion Prevention System (NIPS): monitors the entire network for suspicious traffic by analyzing protocol activity.
Wireless Intrusion Prevention System (WIPS): monitor a wireless network for suspicious traffic by analyzing wireless networking protocols.
Network Behavior Analysis (NBA): monitors network traffic to identify threats that generate unusual traffic flows, like for example distributed denial of service (DDoS) attacks, certain forms of malware and policy violations.
Host-based Intrusion Prevention System (HIPS): an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host.
Then we have the methods that IPS/IDPS use (usually one of the following 3):
Signature-based Detection: Signature based IDS monitors packets in the Network and then does a comparison with pre-configured and pre-determined attack patterns (signatures).
Statistical Anomaly-based Detection: A statistical anomaly-based IDS determines the normal network activity —like what sort of bandwidth is generally used, what protocols are used, what ports and devices generally connect to each other — and alerts the administrator or user when traffic is detected which is not part of its normal pattern.
Stateful Protocol Analysis Detection: Identifies protocol states deviations based on the comparing method of events observation with pre-determined profiles of existing definitions of suspicious activity.
Now some known names(disclaimer, some products discontinued while some still available but for older systems):
Sygate Personal Firewall (company was initially aquired by Symantec and since then its products discontinued). Considered one of the best firewalls at the time, going toe to toe with ZoneAlarm and Kerio/Sunbelt. - Still available to be used up to Windows XP if you still run such system
Note that Symantec uses in its Norton products such technology.
Kerio/Sunbelt Firewall - Another "giant" at the time. Kerio's firewall technology was aquired by Sunbelt and Sunbelt 4.6 Firewall still available up to Vista users. Further technology is currently present in VIPRE solutions.
PC Tools - its technology before Internet Security was known as PC Tools Firewall. Was a good firewall, however since acquired by Symantec back a few years ago, none of its firewall components technology can be found, unless they "added" to the list of Sygate code and then fully optimization to current Symantec products. Not sure exactly but its worth the mention.
Agnitum Outpost Firewall - A very good firewall which includes "Component Control" and "Anti-Leak Control" within their HIPS module. Such features are extras which monitor application behaviour to stop malicious software from infecting the system.
Comodo Personal Firewall - HIPS with additional modules (similiar achievement of Outpost, in a different way).
ZoneAlarm - Originally developed by ZoneLabs, later acquired but Check Point. If memory serves me right, it contained the TrueVector Security Engine which basically monitored the internet traffic and generated alerts for not allowed access. It also contained OSFirewall, which monitoered programs and generated alerts based on suspicious behaviours. It also contained a database of trusted program signatures, so users could benefit from existing information to allow or deny internet access based upon programs requests - known as Smart Defender Advisor.
Windows Firewall - Initially only introduced on XP SP2. It was then improved on Vista and since then the same core type of solution been shipped on Windows 7 onwards. Its iteration since vista was based on Windows Filtering Platform (WFP) (please research more on this topic if you wish to learn more about its technicallity).
It also contains outbound packet filtering.
Private Firewall, Windows Firewall Control and others: are considered "stand alone add ons" to Windows Firewall, adding additional layers of security, based on the methods described in the beginning of this post.
Now which firewall you should choose (from those available stand alone or security suites)?
Answer: Depends what you want. Look first at the different types of IPS/IDPS and its methods, then research to see what solutions incorporate what you want.
For a long time I used Sygate, then moved to Kerio/Sunbelt, ZoneAlarm, Comodo, Outpost and now just the standard Windows Firewall. Firewall components used in the past from Security Suites were: Norton, Kaspersky, ESET.
Hope this helps you when choosing what you want as a firewall in your system.
Note: not all firewall solutions were mentioned as I did not use them all in one way or another.
In a nutshell, a firewall monitors and controls the incoming and outgoing network traffic based on predetermined security rules.
The IPS or IDPS (Intrusion Prevention System - IPS/Intrusion Detection and Prevention System - IPDS) are security measures added to a Firewall program in its core.
Within such features, it is where it breaks down to:
Network-based Intrusion Prevention System (NIPS): monitors the entire network for suspicious traffic by analyzing protocol activity.
Wireless Intrusion Prevention System (WIPS): monitor a wireless network for suspicious traffic by analyzing wireless networking protocols.
Network Behavior Analysis (NBA): monitors network traffic to identify threats that generate unusual traffic flows, like for example distributed denial of service (DDoS) attacks, certain forms of malware and policy violations.
Host-based Intrusion Prevention System (HIPS): an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host.
Then we have the methods that IPS/IDPS use (usually one of the following 3):
Signature-based Detection: Signature based IDS monitors packets in the Network and then does a comparison with pre-configured and pre-determined attack patterns (signatures).
Statistical Anomaly-based Detection: A statistical anomaly-based IDS determines the normal network activity —like what sort of bandwidth is generally used, what protocols are used, what ports and devices generally connect to each other — and alerts the administrator or user when traffic is detected which is not part of its normal pattern.
Stateful Protocol Analysis Detection: Identifies protocol states deviations based on the comparing method of events observation with pre-determined profiles of existing definitions of suspicious activity.
Now some known names(disclaimer, some products discontinued while some still available but for older systems):
Sygate Personal Firewall (company was initially aquired by Symantec and since then its products discontinued). Considered one of the best firewalls at the time, going toe to toe with ZoneAlarm and Kerio/Sunbelt. - Still available to be used up to Windows XP if you still run such system
Note that Symantec uses in its Norton products such technology.
Kerio/Sunbelt Firewall - Another "giant" at the time. Kerio's firewall technology was aquired by Sunbelt and Sunbelt 4.6 Firewall still available up to Vista users. Further technology is currently present in VIPRE solutions.
PC Tools - its technology before Internet Security was known as PC Tools Firewall. Was a good firewall, however since acquired by Symantec back a few years ago, none of its firewall components technology can be found, unless they "added" to the list of Sygate code and then fully optimization to current Symantec products. Not sure exactly but its worth the mention.
Agnitum Outpost Firewall - A very good firewall which includes "Component Control" and "Anti-Leak Control" within their HIPS module. Such features are extras which monitor application behaviour to stop malicious software from infecting the system.
Comodo Personal Firewall - HIPS with additional modules (similiar achievement of Outpost, in a different way).
ZoneAlarm - Originally developed by ZoneLabs, later acquired but Check Point. If memory serves me right, it contained the TrueVector Security Engine which basically monitored the internet traffic and generated alerts for not allowed access. It also contained OSFirewall, which monitoered programs and generated alerts based on suspicious behaviours. It also contained a database of trusted program signatures, so users could benefit from existing information to allow or deny internet access based upon programs requests - known as Smart Defender Advisor.
Windows Firewall - Initially only introduced on XP SP2. It was then improved on Vista and since then the same core type of solution been shipped on Windows 7 onwards. Its iteration since vista was based on Windows Filtering Platform (WFP) (please research more on this topic if you wish to learn more about its technicallity).
It also contains outbound packet filtering.
Private Firewall, Windows Firewall Control and others: are considered "stand alone add ons" to Windows Firewall, adding additional layers of security, based on the methods described in the beginning of this post.
Now which firewall you should choose (from those available stand alone or security suites)?
Answer: Depends what you want. Look first at the different types of IPS/IDPS and its methods, then research to see what solutions incorporate what you want.
For a long time I used Sygate, then moved to Kerio/Sunbelt, ZoneAlarm, Comodo, Outpost and now just the standard Windows Firewall. Firewall components used in the past from Security Suites were: Norton, Kaspersky, ESET.
Hope this helps you when choosing what you want as a firewall in your system.
Note: not all firewall solutions were mentioned as I did not use them all in one way or another.
