How Good is Zone Alarm Basic?

[DirtylilTechBoy]

I have a small church wanting to setup about 10 computers with a DSL connection. This is a low budget project. Things need to be free if possible, which is why I am asking about zone alarm basic.

I am going to hook up a cable dsl router to their dsl modem, and two 5 port switches to the cable router. They want one main file server and the rest will be clients. They also want to host a small web site. They already have the static IP and permission to host the site, so I have all of the information. Someone donated a P3 800 with 512 ram, an 80 gig ide drive, a 10/100 nic, loaded with Win2000 server. The rest of the machines will mostly be 350-500mhz win98 machines. I can setup IIS to host sites etc.

My question is this. I'm not going to sign on to be their tech, and the pastor is pretty computer literate (chemist by trade). He needs me to sit down with him, one time, and show him the basics of admining. I have been told there is also an MCSE that goes to the church, but he can't commit to anything.

I know the router already has a built in firewall, but I wanted to put something on the win2k server machine for added protection. I was thinking about zone alarm basic because its free and easy to use.

For a simple setup like this, will I be alright letting them go with ZA basic, or should I demand they use something better?

 

[JackMDS]

Good is a relative term!

It is Not good enough to protect a Bank Site.

It is Not good enough for personal protection if you need total control, and a lot of intrusion info.

It is good has a Basic Firewall to do automatic background protection for regular Internet usage.

I would put a stronger commercial Firewall on the server.

 

[Thor86]

I have to agree with JackMDS, that Zone Alarm pretty much blows for any sort of intrusion detection or statefull packet inspection. But it should be good enough for basic security. If you want something that blows ZA out of the water, take a look at http://www.deerfield.com/products/visnetic_firewall/.

 

[cipher00]

Gotta agree w/ above. One solution I've seen in ZA Basic with Black Ice Defender (for the intrusion stuff).

Me, I use ZA Pro but any sensitive stuff (and that ain't much) I've got is PGP encrypted. FWIW.

 

[DirtylilTechBoy]

I was thinking it would be kinda like having a 12 year old directing parking. As long as all of the drivers of the cars were good and responsible, the kid could probably get the job done, but if a jack ass came tearing through the parking lot, the kid would have a nervous breakdown.

 

[kylef]

I'm just curious here (having never pulled web site admin duty before), but why is a firewall necessary for a basic (no frills) web site these days? Is the site planning on accepting church donations online or something?

From what I know (which isn't much, I admit), crackers generally need a reason to break into systems. They also need an avenue. Running a simple web server (without back-end databases and transaction processing software) doesn't seem like much of an avenue. And a single server on a DSL connection isn't much of an incentive, given the wealth of computers available to crack elsewhere on the Net. There can be no financial motive (unless they were planning to hijack those Church donations mentioned earlier...)

So why, precisely, would ZoneAlarm Basic NOT be enough? To which types of specific exploits would a basic web site be vulnerable, assuming it is updated with IIS and/or Apache patches frequently?

I ask only because I speak from web site admin ignorance, and I would like to know.