As I said previously, I am going to talk more about Sophos and my adventures with it.
The first part that I need to address is Sophos’ firewall. It’s beyond awesome. But the phrase “draconian” is an absolutely accurate description. During the initial setup wizard, Sophos ask you what services you want to allow by default. The default services it configures Remote Access (RDP, VNC, etc), Instant Messaging, VoIP, Email and Web Surfing. You can select any combination of these services
And for the most part, these are all you need for normal usage. It allows normal web traffic. Namely browsing and email. For a commercial/corporate network, this is ideal and all you would want. No unknown traffic will be allowed basically. That means no games, to torrents, no nothing. If it isn’t explicitly allowed, it gets dropped. There are ways around this, but VPN traffic isn’t allowed by default.
Now, if you don’t understand why this is good, then just think about this: what happens if a virus infects your network? First thing they tend to do is to phone home. If it uses a non-standard port to communicate, then it won’t be allowed. That’s great for data mining malware. Just let that sink in for a minute.
However, that’s not a fool proof system. The firewall is only a port based firewall. Well, it’s a bit more complicated than that, but you get the idea. However, by default Sophos also includes and uses an inline proxy. I believe it uses Squid, but I am not sure. However, it filters the web traffic automatically. You can use this to prevent access to all sorts of websites. Such as blocking access to drug/porn/etc websites. And force “SafeSearch” on Google, Bing and Yahoo. Great for a household with a teenager! Especially as you can allow exceptions.
So, as you can see, Sophos is incredibly powerful, and fairly simple to use. And this is all included in the Free/Home license. Doesn’t get better than that.
Well, as I mentioned above, the firewall blocks all unknown traffic. This means that unless you explicitly allow other traffic, it won’t get through. It means that if you have any games that you play, they will not connect. Or any servers or applications that require an outgoing connection on a “normal” port (such as uTorrent, TeamViewer, etc). That is great for controlling the traffic on your network. However, it can make things inconvenient. To regain usage of these applications, you will need to manually allow each of these services through the firewall. This is incredibly secure, but now you may see what I mean by “draconian”.
In the next post, I’ll be going over how to allow access through this firewall.