Results 1 to 7 of 7

Thread: Firewall Recommendations - Number Five!

  1. #1
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675

    Lightbulb Firewall Recommendations - Number Five!

    Firewall Recommendations - Number Five!

    The period covered is 17 Jul 2002 thru 05 Feb 2005 and the data was taken from the “Firewall & Honeypot Discussions Forum”. I have kept the same format as the previous threads. Including of course, the trends in popularity of the Windows Compatibles Section. As we found in the other Firewall Recommendations there was a significant shift during the later part of the period. Additionally, I was going to add some Firewall humor. However when I entered “Firewall Stories” into Google and begin strolling through some of the sites on page 3, pop-ups of body parts and anatomically impossible poses filled the screen (Hint, you’ll need CWShredder and Hijack This-1 if you visit them). So that may have to wait until I find a different source.

    We did have some new recommendations and they were: Firestarter, FireHOL, Shorewall, and Jetico.


    So directly from the of AO Members:

    Software Firewall Recommendations - Windows Compatibles:

    - Sygate – 81 times. *Doesn’t even have to look back to see who’s chasing them.
    - Zone Alarm – 60 times. *Folks still switching to Sygate, Outpost, and Kerio.
    - Outpost – 48 times. *Really favored 2002-2003 and moving up on ZA.
    - Kerio - 44 times. *More popular 2003-2005 and continuing to increase.
    - Tiny – 27 times. *Really popular 2002.
    - Norton – 13 times
    - Checkpoint – 12 times
    - BlackIce - 9 times
    - McAfee - 6 times
    - VisNetic – 4 times
    - ICF (XP) – 3 times
    - Bordermanager – 2 times
    - Look’n’Stop – 2 times
    - Symantic – 2 times
    - Jetico – 1 time
    - BitGuard – 1 time
    - Gnatbox – 1 time
    - Kaspersky – 1 time
    - OmniQuad –1 time


    Top Changes: (in magnitude of change)

    - Sygate from 72 to 81 recommendations. Continues to rein.
    - Zone Alarm from 54 to 60. Seems to be more popular with new members.
    - Kerio – 36 to 42, climbing significantly!
    - Outpost from 46 to 48, use increasing.
    - Tiny – 27 to 28
    - Checkpoint – 11 to 12
    - Norton – no change remains at 13


    Software: - *nix:

    IPTables – continues to dominated {dar}

    - Smoothwall – 14 times
    - OBSD (pf) – 8 times
    - IPCop - 7 times
    - Coyote – 5 times
    - Astaro – 3 times
    - Securepoint – 2 times
    - Devil Linux – 2 times
    - Firestarter – 2 times
    - FireHOL – 2 times
    - Shorewall – 1 time
    - Mandrake – 1 time
    - Sentry – 1 time


    Hardware:

    - Pix: dominated (had to put it by itself)

    - Linksys router (NAT) – 8 times
    - Watchguard – 5 times
    - Sonicwall – 4 times
    - Dlink – 3 times
    - Netgear (NAT) – 2 times
    - CyberGuard – 1 time
    - StoneGate – 1 time
    - Fortigate – 1 time
    - Netscreen – 1 time
    - Raptor – 1 time
    - Sidewinder – 1 time


    New Entries:

    Firestarter, Supports Linux Kernels 2.4 and 2.6
    http://www.fs-security.com/

    FireHOL, Stateful packet filtering firewall builder
    http://firehol.sourceforge.net/

    Shorewall, IP Tables made easy
    http://www.shorewall.net/

    Jetico, Personal Firewall for Windows 98/ME/NT/2000/XP
    http://www.jetico.com/

    SoftPerfect Personal Firewall, is a free network firewall
    http://www.softpedia.com/public/cat/14/3/14-3-76.shtml

    StoneGate Firewall, also manages Stonebeat Products. Interestingly enough, updates to Check Point’s Firewall-1, can be downloaded here.
    https://my.stonesoft.com/download/fw

    CyberGuard
    http://www.cyberguard.com/news_room/...ses_041007.cfm

    Firebox
    http://www.watchguard.com/products/firebox.asp


    Brief Descriptions of Some Firewall Technologies:

    Network Address Translation (NAT): Lately, two dominant attacks have been the Sasser and Blaster. How did the SOHO Routers with NAT fair against them? The router conceals the IP addresses of the internal network while it displays only one IP to the Internet. The worms mill-about the Internet looking for a Window’s OS that is vulnerable. Although the Router’s IP is visible, it does not have a Window’s OS for them to attack. This only applies to these types of attacks and if NAT is your only line of defense then you could be in big trouble soon. Just consider NAT Routers as one part of your multi-layered defense. And that defense should include an updated, well configured, properly deployed, "stateful inspection" firewall.

    Circuit-Level: Allows packet flow by approved IP’s, ISP’s, networks, etc. After the session is established, all other packets flow unchecked.

    Application-gateway: Filters by IP and the specific application, while it may be busy blocking some apps – it will also allow approved apps to be executed.

    What is an XML-application firewall?

    “XML-application firewalls are a line of defense created to secure Web services.”

    “…works at the application level using an in-depth knowledge of the Web services, service requestors, and message content.”

    http://insight.zdnet.co.uk/software/...2129443,00.htm
    Stateful Inspection: examines and analyzes the entire packet for the purpose of determining what type of data is attempting to pass through the firewall.

    Packet-Filtering: allows communications only with specific IP’s by monitoring the packets.


    ***Note: Some firewalls combine several technologies to accomplish their goal. Why not build your own?

    Firewall Builder, supports iptables, ipfilter, OpenBSD PF and Cisco PIX.
    http://www.fwbuilder.org/archives/cat_about.html


    General Information:

    Zone Alarm is now a Check Point Company. “Check Point paid approximately $114 million in cash and issued approximately 5.3 million Check Point shares, and will also assume employee stock options of Zone Labs, which could become exercisable for approximately 2.8 million additional Check Point shares.”
    http://download.zonelabs.com/bin/fre...2004/pr_8.html


    For those that may not know: The original team that developed Tiny left the company and started the Kerio Firewall. It was based on the Tiny’s engine but with many improvements. That may help explain the popularity of Tiny in 2002 and then the Kerio popularity in 2003-2005.


    Summary: For Windows Compatible Software Firewalls – Sygate, ZA, Outpost, Kerio, and Tiny were the most recommended. Sygate well in the lead. Outpost and Kerio are hunting down ZA as well. For Hardware Firewalls – PIX most recommended. For *nix Software Firewalls – IP Tables was most recommended.


    Links:

    Sygate

    ZA

    Outpost

    Kerio

    Tiny


    References:

    Firewall & Honeypot Discussions
    http://www.antionline.com/forumdisp...&forumid=70

    Firewall Recommendations - Number Four!
    http://www.antionline.com/showthread...hreadid=262916

    Firewall Recommendations - Number Three!
    http://www.antionline.com/showthread...hreadid=260404

    Firewall Recommendations - Number Two!
    http://www.antionline.com/showthrea...threadid=258944

    Firewalls: Hardware and Software.
    http://www.antionline.com/showthrea...threadid=257776

    Enjoy!
    Connection refused, try again later.

  2. #2
    Senior Member
    Join Date
    Oct 2002
    Posts
    314
    Maybe the firewalls should be split into Personal type firewalls and the more indsutrial type network firewalls? As having sygate PFP and Checkpoint (excluding zonealarm which is also on the list) could be slightly misleading (for a start Sygate costs approx $50, and CP costs far far more).

    Otherwise its good stuff.
    Quis custodiet ipsos custodes

  3. #3
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,066
    Isn't Norton and Symantic the same?
    I am the uber duck!!1
    Proxy Tools

  4. #4
    There seems to be a lot of "front end" programs you've listed for Linux that do nothing more than alter ipchains/filter's configuration file.

    Why not just say ipchains/filter instead of all front-ends people have written for it?

  5. #5
    Junior Member
    Join Date
    Feb 2005
    Posts
    2
    AS firewalls go - you can't beat Portus from Livermore Software Labs (lsli.com)
    Pricy - But it's never ben listed in CERT in 10 years.
    No one else comes close!

  6. #6
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Good Day,

    Maybe the firewalls should be split into Personal type firewalls and the more indsutrial type network firewalls? As having sygate PFP and Checkpoint (excluding zonealarm which is also on the list) could be slightly misleading (for a start Sygate costs approx $50, and CP costs far far more).
    R0n1n thanks for the suggestion. I should be able to do that fairly easy since some are easily recognizable and I still have my notes from the beginning.


    Isn't Norton and Symantic the same?
    The Duck I believe this is actually what R0n1n was suggesting. Something like: Enterprise Security = Symantic (i.e. Symantec Gateway Security 5400 Series) and SOHO = Norton (i.e. Norton Personal Firewall).


    There seems to be a lot of "front end" programs you've listed for Linux that do nothing more than alter ipchains/filter's configuration file.

    Why not just say ipchains/filter instead of all front-ends people have written for it?
    a morning chill, thanks for your comments. I don’t believe we would have had as much interest in these threads if instead of their specific recommendation, I only listed IPTables or the number of times the different technologies (NAT, Circuit-Level, Application-gateway, Stateful Inspection, or Packet-Filtering, etc.) were used. Folks seem to like names. Just as an example, which would people prefer: “Outpost” or “The Stateful Inspection Firewall made by 67.15.103.130”?

    And on a humorous note: it wasn’t too long after I began the first thread that I was receiving pms requesting the url for the very popular firewall called IPTables. D’oh!!!!

    cheers
    Connection refused, try again later.

  7. #7
    Just as an example, which would people prefer: “Outpost” or “The Stateful Inspection Firewall made by 67.15.103.130”?
    That's just apples and oranges, though. Outpost doesn't use the Kerio engine. Norton doesn't use the Sygate engine. They each have their own entirley different engine.

    IPtables however is it's own engine, and doesn't need a frontend to function. Which is where my point is. You are just listing front-end interfaces for IPTables versus different firewall engines entirley. IPTables and pf, for example, are two different firewall engines. Just like Kerio and Outpost are two different firewall engines.

    Firestarter, for example, is nothing more than a gui interface for the IPTables engine (which can be ran witout firestarter, because all firestarter is doing (like 99% if the iptable front ends) is running the iptable command-line for you behind the scenes.

    Engine versus front-end. You can't compare Windows' products to Linux one's in this regard.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •