Firewall Recommendations - Number Four!

This edition is posted to keep you updated of any new additions to the list and display the status of your current firewall recommendations. With that in mind, we did have four new firewall recommendations. They were: SoftPerfect, StoneGate, CyberGuard, and Firebox-3.

The period covered is 17 Jul 2002 thru 11 Oct 2004 and the data was taken from the “Firewall & Honeypot Discussions Forum”. Since the other threads were well received, I have kept pretty much the same format. Including of course, the trends in popularity of the Windows Compatibles Section. As we found in the other Firewall Recommendations there was a significant shift during the later part of the period.

So directly from the keyboards of AO Members:


Software Firewall Recommendations - Windows Compatibles:

- Sygate – 72 times. *Doesn’t even have to look back to see who’s chasing them.
- Zone Alarm – 54 times. *Folks still switching to Sygate or Outpost.
- Outpost – 46 times. *Really favored 2002-2003 and moving up on ZA.
- Kerio - 36 times. *More popular 2003-2004 and continuing to increase.
- Tiny – 27 times. *Really popular 2002.
- Norton – 13 times
- Checkpoint – 11 times
- BlackIce - 9 times
- McAfee - 5 times
- VisNetic – 4 times
- Bordermanager – 2 times
- ICF (XP) – 2 times
- Look’n’Stop – 2 times
- Symantic – 2 times
- BitGuard – 1 time
- Gnatbox – 1 time
- Kaspersky – 1 time
- OmniQuad –1 time


Top Changes: (in magnitude of change)

- Outpost from 42 to 46, increasing and could be past ZA pretty soon.
- Kerio – 32 to 36, climbing significantly!
- Sygate from 69 to 72 recommendations.
- Zone Alarm from 51 to 54.
- Checkpoint – 8 to 11
- Tiny – 26 to 27
- Norton – 12 to 13


Software: - *nix:

IPTables – continues to dominated {dar}

- Smoothwall – 13 times
- OBSD (pf) – 7 times
- Coyote – 5 times
- Astaro – 3 times
- IPCop - 3 times
- Securepoint – 2 times
- Devil Linux – 2 times
- Mandrake – 1 time
- Sentry – 1 time


Hardware:

- Pix: dominated (had to put it by itself)

- Linksys router (NAT) – 8 times
- Sonicwall – 4 times
- Dlink – 3 times
- Netgear (NAT) – 2 times
- Watchguard – 2 times
- CyberGuard – 1 time
- StoneGate – 1 time
- Fortigate – 1 time
- Netscreen – 1 time
- Raptor – 1 time
- Sidewinder – 1 time


New Entries:

SoftPerfect Personal Firewall, is a free network firewall
http://www.softpedia.com/public/cat/14/3/14-3-76.shtml

StoneGate Firewall, also manages Stonebeat Products. Interestingly enough, updates to Check Point’s Firewall-1, can be downloaded here.
https://my.stonesoft.com/download/fw

CyberGuard
http://www.cyberguard.com/news_room/...ses_041007.cfm

Firebox-3
http://www.watchguard.com/products/firebox.asp


Brief Descriptions of Some Firewall Technologies:

Network Address Translation (NAT): Lately, two dominant attacks have been the Sasser and Blaster. How did the SOHO Routers with NAT fair against them? The router conceals the IP addresses of the internal network while it displays only one IP to the Internet. The worms mill-about the Internet looking for a Window’s OS that is vulnerable. Although the Router’s IP is visible, it does not have a Window’s OS for them to attack. This only applies to these types of attacks and if NAT is your only line of defense then you could be in big trouble soon. Just consider NAT Routers as one part of your multi-layered defense. And that defense should include an updated, well configured, properly deployed, "stateful inspection" firewall.

Circuit-Level: Allows packet flow by approved IP’s, ISP’s, networks, etc. After the session is established, all other packets flow unchecked.

Application-gateway: Filters by IP and the specific application, while it may be busy blocking some apps – it will also allow approved apps to be executed.

Stateful Inspection: examines and analyzes the entire packet for the purpose of determining what type of data is attempting to pass through the firewall.

Packet-Filtering: allows communications only with specific IP’s by monitoring the packets.

***Note: Some firewalls combine several technologies to accomplish their goal.


Possible new breed of Firewall around the corner: Memory Barrier – Posted by foxyloxley
http://www.antionline.com/showthrea...threadid=258503

Check Point VPN-1 ASN.1 Buffer Overflow Vulnerability
http://www.antionline.com/showthrea...threadid=260309


Zone Alarm is now a Check Point Company. “Check Point paid approximately $114 million in cash and issued approximately 5.3 million Check Point shares, and will also assume employee stock options of Zone Labs, which could become exercisable for approximately 2.8 million additional Check Point shares.”
http://download.zonelabs.com/bin/fre...2004/pr_8.html


For those that may not know: The original team that developed Tiny left the company and started the Kerio Firewall. It was based on the Tiny’s engine but with many improvements. That may help explain the popularity of Tiny in 2002 and then the Kerio popularity in 2003-2004.

Summary: For Windows Compatible Software Firewalls – Sygate, ZA, Outpost, Kerio, and Tiny were the most recommended. Sygate well in the lead. Outpost and Kerio are hunting down ZA as well. For Hardware Firewalls – PIX most recommended. For *nix Software Firewalls – IP Tables was most recommended.


http://smb.sygate.com/products/spf_standard.htm

http://www.zonelabs.com/

http://www.agnitum.com/products/outpost/

http://www.kerio.com/kpf_home.html

http://www.tinysoftware.com/


References:

Firewall & Honeypot Discussions
http://www.antionline.com/forumdisp...&forumid=70

Firewall Recommendations - Number Three!
http://www.antionline.com/showthread...hreadid=260404

Firewall Recommendations - Number Two!
http://www.antionline.com/showthrea...threadid=258944

Firewalls: Hardware and Software.
http://www.antionline.com/showthrea...threadid=257776


Most notable quotable for the period: “OOF! It seems that Zone Alarm is quickly going down the same path as a certain former heavyweight champion.... ”, gn0min0mic0n


Enjoy!