Firewall Recommendations - Number Two!

[Relyt]

Firewall Recommendations - Number Two!

Reference: Firewalls: Hardware and Software.
http://www.antionline.com/showthread...hreadid=257776

“…I think I’ll get a 5th of Jack Daniels and go sit in a corner somewhere.”

Well I should have done that a couple of times to correct my warped obsession with numbers!

Originally I posted “Firewalls: Hardware and Software.” so our Members and Guests could see what recommendations we make when someone asks the question “Which firewall is the best?” or something similar. I didn’t really intend to make it a living document until yesterday when I encountered the Thread: “Any Recommendation for a Free Good Firewall?” As I thought about it for a while, since people will continue to ask, and we are making recommendations, maybe the name of this Thread should reflect that as well. Additionally, if the inquiring mind did enter “Firewall Recommendations” into our Search, they would encounter a Thread on the first couple of pages that provided a unified response. Thus the name change in the title. And with your approval, I’ll keep tabs on our recommendations and every so often post an update. This update covers the period from 17 Jul 2002 thru 18 Jun 2004 and the information was taken from the “Firewall & Honeypot Discussions Forum”.

In the first Thread, I indicated some trends in popularity in the Windows Compatibles. As you will see in this update, there has been a significant shift in our recommendations during the later part of the period.

So directly from the AO Members:

Software Firewall Recommendations - Windows Compatibles:

Sygate – 60 times *Popularity dramatically increased.
Zone Alarm – 48 times *Popularity declining, switching to Outpost and/or Sygate.
Outpost – 42 times *Really favored 2002-2003.
Kerio - 26 times *More popular 2003-2004 and popularity increasing.
Tiny – 26 times *Really popular 2002.
Norton – 10 times
BlackIce - 9 times
Checkpoint – 8 times
McAfee - 5 times
VisNetic – 4 times
Bordermanager – 2 times
ICF (XP) – 2 times
Look’n’Stop – 2 times
Symantic – 2 times
BitGuard – 1 time
Gnatbox – 1 time
Kaspersky – 1 time
OmniQuad –1 time

Changes:
Sygate from 36 to 60 recommendations
ZA from 44 to 48
Outpost from 40 to 42
Kerio – 22 to 26
Tiny – 25 to 26
Norton – 8 to 10
Checkpoint – 7 to 8
All others: No Change.


Software:
*nix:

IPTables - dominated (had to put it by itself) {duh}

Smoothwall – 12 times
Coyote – 4 times
OBSD (default Install) - 4 times
Astaro – 3 times
IPCop - 3 times
Securepoint – 2 times
Devil Linux – 1 time
Mandrake – 1 time
Sentry – 1 time


Hardware:
Pix: dominated (had to put it by itself)

Linksys router (nat) – 6 times
Sonicwall – 4 times
Dlink – 2 times
Netgear (nat) – 2 times
Watchguard – 2 times
Fortigate – 1 time
Netscreen – 1 time
Raptor – 1 time
Sidewinder – 1 time

*** Minimal changes to all *nix and hardware firewalls because of lack of inquires.

Possible new breed of Firewall around the corner: a memory barrier firewall – Posted by foxyloxley.
http://www.antionline.com/showthread...hreadid=258503

Zone Alarm is now a Check Point Company. It will be interesting to see what changes transpire.

For those that may not know: The original team that developed Tiny left the company and started the Kerio Firewall. It was based on the Tiny’s engine but with many improvements. That may help explain the popularity of Tiny in 2002 and then the Kerio popularity in 2003-2004.

Summary: For Windows Compatible Software Firewalls – Sygate, ZA, Outpost, Kerio, and Tiny were the most recommended. Sygate did a slam-dunk and took the lead from ZA. However, ZA is under new ownership. For Hardware Firewalls – PIX most recommended. For *nix Software Firewalls – IP Tables was most recommended.

Enjoy!

[Spyder32]

Good information and comparison's Relyt. These seem to be about accurate (IMO) in term's of popularity and what I prefer. For window's, Sygate/Outpost and for *nix IP Tables (and of course my trusty linksys router). I had a question though, and this is based on your personal opinion's and dealing's but how is the SonicWall and how does it work? Is the performance optimal? Easy to configure? Opinion's and detail's please...

[AngelicKnight]

It would be a lot of work, but it'd be nice to see what reasons are most commonly posted for/against certain firewalls. I'm curious as to why ZA use to be so popular but has fallen so. I'm gonna have to download Sygate soon and play with it a bit, maybe I'll be won over yet. We'll see.

This is an excellent things you're running with Rely, keep it up!

[pooh sun tzu]

Zone Alarm – 48 times *Popularity declining, switching to Outpost and/or Sygate.

With as many holes and exploits as blackice, it's about time people moved away from it. To me, it seemed like the Brittney spears of the firewalls... just a temporary fad because someone thought it was cool.

Cast my vote in for Linux: iptables+tcpwrappers (two layers of security, yay!) and Windows: Kerio personal firewall

[AngelicKnight]

So how about Kerio vs. Sygate? I don't think anyone's compared those two to each other yet (it's usually ZA vs. everyone else). Does either one have an edge over the other? From what I've read in AO threads, these two seem to be at the top of the list, and of course Rely shows that here.

[pooh sun tzu]

To me, sysgate has a ton of features I feel a firewall should not have, while kerio sticks to doing what it is supposed to do and doing it well.

For example, last time I checked, sysgate could filter the web for ads, popups, banners and the like. I do not want a firewall that filters my HTML (making page loading slower) and rewrites the code to possibly break the site. If I don't want ads, I'll use the appropriate browser. It's the whole "right tool for the right" job kind of thing. Some people want everything possible in one single package, while I view that as not only bloated but dangerous.

Kerio works as a firewall, allows indepth filtering (deep..deep.. configurations) as well as a built in intrusion detection system. I don't need it to filter things on the web for me, because it is not it's job. I want the processor and footprint of my firewall to only have to worry about stateful ip filtering instead of spreading out it's processing, requiring more juice from my computer, and opening up new security holes. ZA and old sygate had this problem. The way they parsed the html to remove the banners could be exploited by adding special chars to commented code in the HTML page.

I don't need to add features to a firewall that turns it into something beyond a firewall, while opening up security holes.

So, to summarize: Some people like an all in one web package, in which it blocks ads, popups, active X, and preforms the functions of a firewall. Some people prefer just a firewall.

[Relyt]

Thanks all for your comments. I was hoping it would also turn into a great discussion as it has!

At home I have an old 500mhz box setup with Smoothwall that I use as a pseudo router/firewall. Actually it works pretty good it stays pretty busy and it’s a stripped down version of RH that comes with snort. I have several operating systems on two hard drives that I boot from based on the hormones rumbling around at the time. SuSE 9 & Win98 and XP & Slack on the other drive. So IP Tables and Sygate is currently being used, but Pooh's a pretty good salesman as well. So I'm downloading Kerio to add to the quiver and remove any that don't stand up. (And I do enjoy attacking ZA on my laptop! )

Spyder32: knowledge of Sonicwall – exercises NAT, VPN’s, Tunneling etc. An Accounting Dept doesn’t need to know what Engineering is doing, more or less what the IT staff might be up to. That privacy is provided by different encryption for different services as well as for multiple TCP/IP applications. Setup can be complex but not too difficult. (That was my wife whispering over my shoulder… . She's the wizard, I have never used Sonicwall.)


cheers

[Relyt]

pooh sun tzu

last time I checked, sysgate could filter the web for ads, popups, banners and the like. I do not want a firewall that filters my HTML (making page loading slower)

Is it safe to assume that this happens in almost all default installs of ZA & Sygate? I ask because I have experience much slower page loading with those two than others.

thanks

[pooh sun tzu]

Is it safe to assume that this happens in almost all default installs of ZA & Sygate?

I have not used either for some time now, but I do recall ZA setting it up by default on installation. However, I do not remember for sygate. You could just give a quick check I suppose?

[spurious_inode]

I'd have to go with a combination Pix and OpenBSD+pf combination myself with a Soho and Solaris+SunScreen solution coming in a close second.

-- spurious