|
-
September 4th, 2005, 06:49 AM
#1
Firewall Recommendations - Number Six!
Firewall Recommendations - Number Six!
The period covered is 17 Jul 2002 thru 03 Sep 2005 and the data was taken from the “Firewall & Honeypot Discussions Forum”.
The purpose of the Thread: to ensure an updated list of Firewalls recommended by the AO Community is readily available for all who may inquire. Some of our members have suggested that it may be more appropriate to categorize them by Generation or Type. Their recommendations definitely have merit and were considered. However before I ran with this project, we were constantly encountering questions relative to the name of a firewall that we would recommend. Therefore the firewalls are categorized into either: Software Firewalls or Dedicated Appliances, sorted by name, and rank ordered by how many times the name was recommended. Generation/Type Definitions are provided in this Thread and discussions about which type is best suited for you may be the topic of a future thread.
I have kept the same format as the previous threads. Including of course, the trends in popularity of the Windows Compatibles Section. As we found in the other Firewall Recommendations there was a significant shift during the later part of the period.
So directly from the of AO Members:
Software Firewall Recommendations - Windows Compatibles:
- Sygate – 93 times. *Continues to pull away from ZA.
- Zone Alarm – 65 times. *Folks still switching to Sygate, Outpost, and Kerio.
- Outpost – 48 times. *Really favored 2002-2003 and moving up on ZA.
- Kerio - 46 times. *More popular 2003-2005 and continuing to increase.
- Tiny – 27 times. *Really popular 2002.
- Norton – 13 times.
- Checkpoint – 14 times.
- BlackIce - 9 times.
- McAfee - 6 times.
- VisNetic – 4 times.
- ICF (XP) – 3 times.
- Bordermanager – 2 times.
- Look’n’Stop – 2 times.
- Symantic – 2 times.
- Filseclab – 1 time.
- Jetico – 1 time.
- BitGuard – 1 time.
- Gnatbox – 1 time.
- Kaspersky – 1 time.
- OmniQuad –1 time.
Top Changes: (in magnitude of change)
- Sygate from 81 to 93 recommendations. Continues to reign.
- Zone Alarm from 60 to 65. Seems to be more popular with new members.
- Kerio – 42 to 44, continues to climb.
- Checkpoint – 12 to 14.
- Outpost – no change remains at 48.
- Tiny – no change remains at 28.
- Norton – no change remains at 13.
Software Firewall Recommendations - *nix (IP Tables/Chains, Front Ends, etc):
- IPTables – continues to dominated. (had to put it by itself)
- Smoothwall – 23 times. (Could also be listed with the Dedicated Appliances)
- IPCop - 15 times up! (Could also be listed with the Dedicated Appliances)
- OBSD (pf) – 8 times.
- Astaro – 3 times.
- Firestarter – 3 times.
- m0n0wall – 2 times.
- Coyote – 2 times.
- Securepoint – 2 times.
- Devil Linux – 2 times.
- FireHOL – 2 times.
- Trustix – 1 time.
- Shorewall – 1 time.
- Mandrake – 1 time.
- Sentry – 1 time.
Top Changes: (in magnitude of change)
- Smoothwall – From only 15 recommendations moved up to 23.
- IPCOP – From only 7 recommendations moved up to 15.
- m0n0wall – New entrée recommended 2 times.
Dedicated Appliances:
- Pix: dominated (had to put it by itself)
- Linksys router (NAT) – 8 times.
- Watchguard – 6 times.
- Sonicwall – 4 times.
- Dlink – 3 times.
- Sidewinder – 2 timeS.
- Netgear (NAT) – 2 times.
- CyberGuard – 2 time.
- StoneGate – 1 time.
- Fortigate – 1 time.
- Netscreen – 1 time.
- Raptor – 1 time.
- Guantlet - 1 time.
New Additions to our list:
m0n0wall “…based on a bare-bones version of FreeBSD”
Filseclab “…it is very easy to use and also very powerful.”
Firewall Testing:
"How Does Your Personal Firewall Rate?" Check out this thread by thehorse13. As he says, "You'll either sing or cry after reading this report." Sing or Cry
Descriptions of Some Firewall Technologies:
Originally posted here by catch
In order of generation/order developed:
[list=1][*] Packet Filtering : A basic ACL firewall operating at the Network or Transport level.[*] Application Level : These are typically proxying firewalls and run in level seven of the OSI model. Circuit Level firewalls are a variation on the application level that maintains a virtual circuit between the client and the firewall server[*] Stateful Inspection : These operate at the network level and analyze traffic at all OSI levels. By using a state table and operating at a lower level than the application firewalls this firewall is able to offer better performance, a more complete scan of the packets and tracking of "connectionless" protocols like UDP and RCP based applications.[*] Dynamic Packet Filtering : a dynamic firewall that enables real time rule changes, mostly used to provide UDP support. It remembers all UDP traffic for a short time and makes judgments (based on rules of course) on what to and not to allow.[*] Kernel Proxy : a modular, kernel based, multi-layer firewall that runs in the NT executive and utilizes dynamic and custom TCP/IP based stacks to inspect traffic and enforce applicable security policies.[/list=1]
Additionally you have new firewalls like Sidewinder G2 which uses multi-level labeling and strong typing to go along with its filtering.
Also you have "application firewalls" this is different to "application level" firewalls. These "firewalls" do not filter network traffic and are more technically referred to as "sandboxes" though they do offer improved functionality over traditional sandboxes via advanced input and output filtering.
Network Address Translation (NAT) : Two dominant attacks have been the Sasser and Blaster. How did the SOHO Routers with NAT fair against them? The router conceals the IP addresses of the internal network while it displays only one IP to the Internet. The worms mill-about the Internet looking for a Window’s OS that is vulnerable. Although the Router’s IP is visible, it does not have a Window’s OS for them to attack. This only applies to these types of attacks and if NAT is your only line of defense then you could be in big trouble soon. Just consider NAT Routers as one part of your multi-layered defense. And that defense should include an updated, well configured, properly deployed, "stateful inspection" firewall.
***Note: Some firewalls combine several technologies to accomplish their goal. Why not build your own?
Why not work up your own: Firewall Builder “supports iptables, ipfilter, OpenBSD PF and Cisco PIX.”
General Information:
Zone Alarm is a Check Point Company. “Check Point paid approximately $114 million in cash and issued approximately 5.3 million Check Point shares, and will also assume employee stock options of Zone Labs, which could become exercisable for approximately 2.8 million additional Check Point shares.”
For those that may not know: The original team that developed Tiny left the company and started the Kerio Firewall. It was based on the Tiny’s engine but with many improvements. That may help explain the popularity of Tiny in 2002 and then the Kerio popularity in 2003-2005.
Summary:
For Windows Compatible Software Firewalls – Sygate, ZA, Outpost, Kerio, and Tiny were the most recommended. Sygate is in the lead, however ZA is well recommended.
For *nix Software Firewalls – IP Tables was most recommended followed by Smoothwall.
For Dedicated Appliances – PIX most recommended followed by Linksys router (NAT).
Links:
Sygate
ZA
Outpost
Kerio
Tiny
References:
Firewall & Honeypot Discussions
Firewall Recommendations – Number Five!
Firewall Recommendations - Number Four!
Firewall Recommendations - Number Three!
Firewall Recommendations - Number Two!
Firewalls: Hardware and Software.
Enjoy!
Connection refused, try again later.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote