- Windows Defender Firewall – First included with Windows XP, Windows Firewall (now Windows Defender Firewall) uses a profile-based approach to firewall functionality. Access to public networks is assigned the restrictive Public firewall profile. The Private profile is for computers that are isolated from the internet by other security devices, such as a home router with firewall functionality. The Domain profile is the third available profile. It is chosen for connections to a trusted network, such as a business network that is assumed to have an adequate security infrastructure. Windows Firewall has logging functionality and can be centrally managed with customized group security policies from a management server such as System Center 2012 Configuration Manager.
- iptables – This is an application that allows Linux system administrators to configure network access rules that are part of the Linux kernel Netfilter modules.
- nftables – The successor to iptables, nftables is a Linux firewall application that uses a simple virtual machine in the Linux kernel. Code is executed within the virtual machine that inspects network packets and implements decision rules regarding packet acceptance and forwarding.
- TCP Wrappers – This is a rule-based access control and logging system for Linux. Packet filtering is based on IP addresses and network services.
HIDS Examples are Cisco AMP, AlienVault USM, Tripwire, and Open Source HIDS SECurity (OSSEC).
The Spamhaus Project is an example of a free block list service.
Cuckoo Sandbox is a popular free malware analysis system sandbox.
Other online public sandboxes services are VirusTotal, Joe Sandbox, ANY.RUN, and CrowdStrike Falcon Sandbox.
ApateDNS analyze DNS query request from a host.
ProcMonitor, ProcExp64, RegShot catch event on a PC
Examples of popular web proxies are Squid, CCProxy, Apache Traffic Server, and WinGate.
Cisco’s line of NextGen Firewall devices (NGFW) use Firepower Services to consolidate multiple security layers into a single platform
