Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Firewall Recommendations - Number Six!

  1. #1
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675

    Firewall Recommendations - Number Six!

    Firewall Recommendations - Number Six!

    The period covered is 17 Jul 2002 thru 03 Sep 2005 and the data was taken from the “Firewall & Honeypot Discussions Forum”.

    The purpose of the Thread: to ensure an updated list of Firewalls recommended by the AO Community is readily available for all who may inquire. Some of our members have suggested that it may be more appropriate to categorize them by Generation or Type. Their recommendations definitely have merit and were considered. However before I ran with this project, we were constantly encountering questions relative to the name of a firewall that we would recommend. Therefore the firewalls are categorized into either: Software Firewalls or Dedicated Appliances, sorted by name, and rank ordered by how many times the name was recommended. Generation/Type Definitions are provided in this Thread and discussions about which type is best suited for you may be the topic of a future thread.


    I have kept the same format as the previous threads. Including of course, the trends in popularity of the Windows Compatibles Section. As we found in the other Firewall Recommendations there was a significant shift during the later part of the period.


    So directly from the of AO Members:


    Software Firewall Recommendations - Windows Compatibles:

    - Sygate – 93 times. *Continues to pull away from ZA.
    - Zone Alarm – 65 times. *Folks still switching to Sygate, Outpost, and Kerio.
    - Outpost – 48 times. *Really favored 2002-2003 and moving up on ZA.
    - Kerio - 46 times. *More popular 2003-2005 and continuing to increase.
    - Tiny – 27 times. *Really popular 2002.
    - Norton – 13 times.
    - Checkpoint – 14 times.
    - BlackIce - 9 times.
    - McAfee - 6 times.
    - VisNetic – 4 times.
    - ICF (XP) – 3 times.
    - Bordermanager – 2 times.
    - Look’n’Stop – 2 times.
    - Symantic – 2 times.
    - Filseclab – 1 time.
    - Jetico – 1 time.
    - BitGuard – 1 time.
    - Gnatbox – 1 time.
    - Kaspersky – 1 time.
    - OmniQuad –1 time.


    Top Changes: (in magnitude of change)

    - Sygate from 81 to 93 recommendations. Continues to reign.
    - Zone Alarm from 60 to 65. Seems to be more popular with new members.
    - Kerio – 42 to 44, continues to climb.
    - Checkpoint – 12 to 14.
    - Outpost – no change remains at 48.
    - Tiny – no change remains at 28.
    - Norton – no change remains at 13.


    Software Firewall Recommendations - *nix (IP Tables/Chains, Front Ends, etc):

    - IPTables – continues to dominated. (had to put it by itself)

    - Smoothwall – 23 times. (Could also be listed with the Dedicated Appliances)
    - IPCop - 15 times up! (Could also be listed with the Dedicated Appliances)
    - OBSD (pf) – 8 times.
    - Astaro – 3 times.
    - Firestarter – 3 times.
    - m0n0wall – 2 times.
    - Coyote – 2 times.
    - Securepoint – 2 times.
    - Devil Linux – 2 times.
    - FireHOL – 2 times.
    - Trustix – 1 time.
    - Shorewall – 1 time.
    - Mandrake – 1 time.
    - Sentry – 1 time.


    Top Changes: (in magnitude of change)

    - Smoothwall – From only 15 recommendations moved up to 23.
    - IPCOP – From only 7 recommendations moved up to 15.
    - m0n0wall – New entrée recommended 2 times.


    Dedicated Appliances:

    - Pix: dominated (had to put it by itself)

    - Linksys router (NAT) – 8 times.
    - Watchguard – 6 times.
    - Sonicwall – 4 times.
    - Dlink – 3 times.
    - Sidewinder – 2 timeS.
    - Netgear (NAT) – 2 times.
    - CyberGuard – 2 time.
    - StoneGate – 1 time.
    - Fortigate – 1 time.
    - Netscreen – 1 time.
    - Raptor – 1 time.
    - Guantlet - 1 time.


    New Additions to our list:

    m0n0wall “…based on a bare-bones version of FreeBSD”

    Filseclab “…it is very easy to use and also very powerful.”



    Firewall Testing:

    "How Does Your Personal Firewall Rate?" Check out this thread by thehorse13. As he says, "You'll either sing or cry after reading this report." Sing or Cry



    Descriptions of Some Firewall Technologies:

    Originally posted here by catch

    In order of generation/order developed:
    [list=1][*]Packet Filtering : A basic ACL firewall operating at the Network or Transport level.[*]Application Level : These are typically proxying firewalls and run in level seven of the OSI model. Circuit Level firewalls are a variation on the application level that maintains a virtual circuit between the client and the firewall server[*]Stateful Inspection : These operate at the network level and analyze traffic at all OSI levels. By using a state table and operating at a lower level than the application firewalls this firewall is able to offer better performance, a more complete scan of the packets and tracking of "connectionless" protocols like UDP and RCP based applications.[*]Dynamic Packet Filtering : a dynamic firewall that enables real time rule changes, mostly used to provide UDP support. It remembers all UDP traffic for a short time and makes judgments (based on rules of course) on what to and not to allow.[*]Kernel Proxy : a modular, kernel based, multi-layer firewall that runs in the NT executive and utilizes dynamic and custom TCP/IP based stacks to inspect traffic and enforce applicable security policies.[/list=1]

    Additionally you have new firewalls like Sidewinder G2 which uses multi-level labeling and strong typing to go along with its filtering.

    Also you have "application firewalls" this is different to "application level" firewalls. These "firewalls" do not filter network traffic and are more technically referred to as "sandboxes" though they do offer improved functionality over traditional sandboxes via advanced input and output filtering.

    Network Address Translation (NAT) : Two dominant attacks have been the Sasser and Blaster. How did the SOHO Routers with NAT fair against them? The router conceals the IP addresses of the internal network while it displays only one IP to the Internet. The worms mill-about the Internet looking for a Window’s OS that is vulnerable. Although the Router’s IP is visible, it does not have a Window’s OS for them to attack. This only applies to these types of attacks and if NAT is your only line of defense then you could be in big trouble soon. Just consider NAT Routers as one part of your multi-layered defense. And that defense should include an updated, well configured, properly deployed, "stateful inspection" firewall.


    ***Note: Some firewalls combine several technologies to accomplish their goal. Why not build your own?


    Why not work up your own: Firewall Builder “supports iptables, ipfilter, OpenBSD PF and Cisco PIX.”


    General Information:

    Zone Alarm is a Check Point Company. “Check Point paid approximately $114 million in cash and issued approximately 5.3 million Check Point shares, and will also assume employee stock options of Zone Labs, which could become exercisable for approximately 2.8 million additional Check Point shares.”

    For those that may not know: The original team that developed Tiny left the company and started the Kerio Firewall. It was based on the Tiny’s engine but with many improvements. That may help explain the popularity of Tiny in 2002 and then the Kerio popularity in 2003-2005.


    Summary:

    For Windows Compatible Software Firewalls – Sygate, ZA, Outpost, Kerio, and Tiny were the most recommended. Sygate is in the lead, however ZA is well recommended.

    For *nix Software Firewalls – IP Tables was most recommended followed by Smoothwall.

    For Dedicated Appliances – PIX most recommended followed by Linksys router (NAT).


    Links:

    Sygate

    ZA

    Outpost

    Kerio

    Tiny


    References:

    Firewall & Honeypot Discussions

    Firewall Recommendations – Number Five!

    Firewall Recommendations - Number Four!

    Firewall Recommendations - Number Three!

    Firewall Recommendations - Number Two!

    Firewalls: Hardware and Software.


    Enjoy!
    Connection refused, try again later.

  2. #2
    Senior Member hesperus's Avatar
    Join Date
    Jan 2005
    Posts
    416
    Thought it would be useful to include a reference to a recent post by thehorse13 in which many of the windows firewalls are tested against common attacks :

    http://antionline.com/showthread.php...976#post856976

    /edit

    "you must spread your APs around, blah, blah . . "
    .

  3. #3
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Hey Thanks Hesperus,

    Done plugged the bugger in right after "New Additions".

    !~cheers~!
    Connection refused, try again later.

  4. #4
    Banned
    Join Date
    May 2003
    Posts
    1,004
    Hey, what gives?

    I know that myself and others have suggested FWTK and/or Guantlet several times on this site, yet I don't see them in your list. I am also sure that Checkpoint must also have been recommended at least once or twice. (Something is seriously wrong with this community otherwise.)

    cheers,

    catch

  5. #5
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Catch,

    Well "Checkpoint" was recommended 14 times. And if the others weren't mentioned in the "Firewalls & Honeypot Discussions Forum", then they are probably not listed. I read each and every post in that forum so I don't miss any. I'd be glad to put them on there for you though.

    cheers
    Connection refused, try again later.

  6. #6
    Banned
    Join Date
    May 2003
    Posts
    1,004
    Why isn't checkpoint under appliances? That is why I didn't see it.

    The others may have been mentioned in other forums... they really should be mentioned, at least Guantlet anyhow... makes us look like rubes otherwise.

    cheers,

    catch

  7. #7
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Good Evening,

    Checkpoint offers both software and dedicated appliances. I'll add Guantlet in just a few.

    Thanks
    Connection refused, try again later.

  8. #8
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Bumping Thread...Welcome to the Anti-Troll Thread Bumping Project

    This is getting out of hand!
    Windows 9x: n. A collection of 32 bit extensions and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprocessor. Written by a 2 bit company that can\'t stand 1 bit of competition.


  9. #9
    Very interesting! I've been using ZA for a while, but I'm becoming increasingly annoyed with it, so this gives me some ideas as to what I could try as alternates. Thanks!
    \"The future stretches out before us, uncharted. Find the open road and look back with a sense of wonder. How pregnant this moment in time. How mysterious the path ahead. Now, step forward.\"
    Phillip Toshio Sudo, Zen Computer
    Have faith, but lock your door.

  10. #10
    Senior Member
    Join Date
    Jun 2003
    Posts
    188
    I use the firewall from Trendmicros's AV product ( i stripped it out of the AV package). It works fine and never gives me any troubles. It is also light and not cpu intensive.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •