Firewall Recommendations - Number Five!

The period covered is 17 Jul 2002 thru 05 Feb 2005 and the data was taken from the “Firewall & Honeypot Discussions Forum”. I have kept the same format as the previous threads. Including of course, the trends in popularity of the Windows Compatibles Section. As we found in the other Firewall Recommendations there was a significant shift during the later part of the period. Additionally, I was going to add some Firewall humor. However when I entered “Firewall Stories” into Google and begin strolling through some of the sites on page 3, pop-ups of body parts and anatomically impossible poses filled the screen (Hint, you’ll need CWShredder and Hijack This-1 if you visit them). So that may have to wait until I find a different source.

We did have some new recommendations and they were: Firestarter, FireHOL, Shorewall, and Jetico.

So directly from the of AO Members:

Software Firewall Recommendations - Windows Compatibles:

- Sygate – 81 times. *Doesn’t even have to look back to see who’s chasing them.
- Zone Alarm – 60 times. *Folks still switching to Sygate, Outpost, and Kerio.
- Outpost – 48 times. *Really favored 2002-2003 and moving up on ZA.
- Kerio - 44 times. *More popular 2003-2005 and continuing to increase.
- Tiny – 27 times. *Really popular 2002.
- Norton – 13 times
- Checkpoint – 12 times
- BlackIce - 9 times
- McAfee - 6 times
- VisNetic – 4 times
- ICF (XP) – 3 times
- Bordermanager – 2 times
- Look’n’Stop – 2 times
- Symantic – 2 times
- Jetico – 1 time
- BitGuard – 1 time
- Gnatbox – 1 time
- Kaspersky – 1 time
- OmniQuad –1 time

Top Changes: (in magnitude of change)

- Sygate from 72 to 81 recommendations. Continues to rein.
- Zone Alarm from 54 to 60. Seems to be more popular with new members.
- Kerio – 36 to 42, climbing significantly!
- Outpost from 46 to 48, use increasing.
- Tiny – 27 to 28
- Checkpoint – 11 to 12
- Norton – no change remains at 13

Software: - *nix:

IPTables – continues to dominated {dar}

- Smoothwall – 14 times
- OBSD (pf) – 8 times
- IPCop - 7 times
- Coyote – 5 times
- Astaro – 3 times
- Securepoint – 2 times
- Devil Linux – 2 times
- Firestarter – 2 times
- FireHOL – 2 times
- Shorewall – 1 time
- Mandrake – 1 time
- Sentry – 1 time


- Pix: dominated (had to put it by itself)

- Linksys router (NAT) – 8 times
- Watchguard – 5 times
- Sonicwall – 4 times
- Dlink – 3 times
- Netgear (NAT) – 2 times
- CyberGuard – 1 time
- StoneGate – 1 time
- Fortigate – 1 time
- Netscreen – 1 time
- Raptor – 1 time
- Sidewinder – 1 time

New Entries:

Firestarter, Supports Linux Kernels 2.4 and 2.6

FireHOL, Stateful packet filtering firewall builder

Shorewall, IP Tables made easy

Jetico, Personal Firewall for Windows 98/ME/NT/2000/XP

SoftPerfect Personal Firewall, is a free network firewall

StoneGate Firewall, also manages Stonebeat Products. Interestingly enough, updates to Check Point’s Firewall-1, can be downloaded here.



Brief Descriptions of Some Firewall Technologies:

Network Address Translation (NAT): Lately, two dominant attacks have been the Sasser and Blaster. How did the SOHO Routers with NAT fair against them? The router conceals the IP addresses of the internal network while it displays only one IP to the Internet. The worms mill-about the Internet looking for a Window’s OS that is vulnerable. Although the Router’s IP is visible, it does not have a Window’s OS for them to attack. This only applies to these types of attacks and if NAT is your only line of defense then you could be in big trouble soon. Just consider NAT Routers as one part of your multi-layered defense. And that defense should include an updated, well configured, properly deployed, "stateful inspection" firewall.

Circuit-Level: Allows packet flow by approved IP’s, ISP’s, networks, etc. After the session is established, all other packets flow unchecked.

Application-gateway: Filters by IP and the specific application, while it may be busy blocking some apps – it will also allow approved apps to be executed.

What is an XML-application firewall?

“XML-application firewalls are a line of defense created to secure Web services.”

“…works at the application level using an in-depth knowledge of the Web services, service requestors, and message content.”,00.htm
Stateful Inspection: examines and analyzes the entire packet for the purpose of determining what type of data is attempting to pass through the firewall.

Packet-Filtering: allows communications only with specific IP’s by monitoring the packets.

***Note: Some firewalls combine several technologies to accomplish their goal. Why not build your own?

Firewall Builder, supports iptables, ipfilter, OpenBSD PF and Cisco PIX.

General Information:

Zone Alarm is now a Check Point Company. “Check Point paid approximately $114 million in cash and issued approximately 5.3 million Check Point shares, and will also assume employee stock options of Zone Labs, which could become exercisable for approximately 2.8 million additional Check Point shares.”

For those that may not know: The original team that developed Tiny left the company and started the Kerio Firewall. It was based on the Tiny’s engine but with many improvements. That may help explain the popularity of Tiny in 2002 and then the Kerio popularity in 2003-2005.

Summary: For Windows Compatible Software Firewalls – Sygate, ZA, Outpost, Kerio, and Tiny were the most recommended. Sygate well in the lead. Outpost and Kerio are hunting down ZA as well. For Hardware Firewalls – PIX most recommended. For *nix Software Firewalls – IP Tables was most recommended.








Firewall & Honeypot Discussions

Firewall Recommendations - Number Four!

Firewall Recommendations - Number Three!

Firewall Recommendations - Number Two!

Firewalls: Hardware and Software.