I have a Cisco ASA 5505 in my house. Overkill? Maybe... but I don't mess around with the internet, esp. when my kids are on it. That being said, Doug is right - it's a start and only a start.
If you game online (Xbox, PS3, etc.) try to find a firewall that will do multiple VLANs. The ASA I use has the Security Plus license; my Xbox and DVR are on a separate network and VLAN - on the DMZ side. I don't care what happens to those things. Everything else gets nailed down and scrutinized like crazy.
What you people do for network security? Is Firewall a good option?
A firewall is usually a good place to start yes
I doubt a hardware firewall is enough for most people in this day and age though, doesn't really make sense to just control which ports can communicate, does make sense to take at least some steps to avoid any nasty'n nefarious traffic taking place over those ports
A lot depends I guess on the environment and the type of usage the computers in it get
Usually firewalls work by blocking incoming traffic to most ports unless you've clicked on something to let it allow traffic through specified ports
Obviously they usually allow incoming traffic to some 'standard ports' like those used for things such as web browsing, email etc, so usually the only open ports you would have that could be 'dangerous' would be ones you have allowed zonealarm to open yourself
If you aren't sure what you may have opened I'm sure zone alarm has something that would let you look at your rules for the information, that's all a software firewall really is, a set of rules for what to allow and what not to allow
If you use a router for your internet then the router itself will generally have a section in it's config screens to control which ports are allowing both incoming and outgoing traffic
The windows firewall giving the most specific control over ports and protocols access that I've come across is Agnitum's Outpost Firewall, but just remember the more control a firewall gives you generally the more work and complexity is involved in setting things up and to be fair if you're not running things like http/mail/dns/database/etc type servers then zone alarm is probably good enough
look into intrusion prevention systems [IPS]
outpost is free and all the options look great. however, once installed, it'd changed my network adapter driver so i could no longer connect to the internet. maybe it will work fine for you..?
honestly, i'd steer clear of comodo. i have a strong feeling theyre information harvesters for advertising purposes.
It depends which type of security u needed. Some time u can secure your network from simple firewall software and some time it needs Cisco security routers is use. Fire is good and cheap option for simple Network.