Firewalls: Hardware and Software

[Relyt]

Firewalls: Hardware and Software.

I had some time to myself so I started strolling through the “Firewall & Honeypot Discussions”. Not too surprised, I noted that there were 513 threads and 4371 posts. Obviously I wasn’t so bored that I wanted to go through all 4371, so I chose to limit myself to 375 threads and narrow my focus down to the ever (not so) popular; “I’m not gonna do any research, search the archives, or google, before I ask: “which firewall is the best?” question.” (After making my eyes bleed from reading all of those, if I see that question again in the near future, I think I’ll get a 5th of Jack Daniels and go sit in a corner somewhere.)

So what was I going to do with this? What the heck, why not tally up the favorites for almost two years? I thought I’d keep it simple and write the name of the firewall down, count how many times it was recommended, and then categorize it into either; hardware or software firewalls. It wasn’t really that boring though! You folks kept me laughing the whole time with your liberal use of descriptions, adjectives, and according to some of our members, Firewalls can even “blow chunks”!

Unfortunately, I did notice a trend among the newer members. One of the most determining factors governing their choice was whether the firewall was “free” and not it’s functionality. The remaining preferences were based on the creature features and ease of operation of the respective firewalls.

No accuracy is promised here and I wouldn’t go buy some stock either. I only looked at the threads that addressed the question and of course a recommendation could have shown up in another thread as well. But it shouldn’t surprise anyone as to the results. Time frame used: 17 Jul 2002 thru 15 May 2004.

So directly from the AO Members:

Hardware:
Pix: dominated (had to put it by itself)

Linksys router (nat) – 4 times
Sonicwall – 4 times
Dlink – 2 times
Netgear (nat) – 2 times
Watchguard – 2 times
Fortigate – 1 time
Netscreen – 1 time
Raptor – 1 time
Sidewinder – 1 time

Software:
*nix:

IPTables - dominated (had to put it by itself) {duh}

Smoothwall – 11 times
Coyote – 4 times
OBSD (default Install) - 4 times
Astaro – 3 times
IPCop - 2 times
Securepoint – 2 times
Devil Linux – 1 time
Mandrake – 1 time
Sentry – 1 time

Windows Compatibles:
Zone Alarm (Free & Pro combined) – 44 times *Popularity stayed steady throughout (especially for ZA Pro), however many members tossed ZA for Outpost and/or Sygate.
Outpost – 40 times *Really favored 2002-2003
Sygate – 36 times *More recently favored 2003-2004
Tiny – 25 times *Really popular 2002
Kerio - 20 times *More popular 2003-2004
BlackIce - 9 times
Norton – 8 times
Checkpoint – 7 times
McAfee - 5 times
VisNetic – 4 times
Bordermanager – 2 times
ICF (XP) – 2 times
Look’n’Stop – 2 times
Symantic – 2 times
BitGuard – 1 time
Gnatbox – 1 time
Kaspersky – 1 time
OmniQuad –1 time


For those that may not know: The original team that developed Tiny left the company and started the Kerio Firewall. It was based on the Tiny’s engine but with many improvements. That may help explain the popularity of Tiny in 2002 and then the Kerio popularity in 2003-2004.

Summary: For Hardware Firewalls – PIX most recommended. For *nix Software Firewalls – IP Tables was most recommended. And for Windows Compatible Software Firewalls – Kerio, Outpost, Sygate, Tiny, and ZA were the most recommended, however Kerio and Sygate were the most popular 2003-2004.

cheers

[Soda_Popinsky]

3 words...


Holy freakin cow.


Organize it so leaders take the top, rather than alphabetical. Otherwise.... lists like this are a good way to test software in the prelims, by word of mouth. Great work.

[Relyt]

Soda_Popinsky,

Done, thanks for the input.

[The Grunt]

AWESOME job man... That must of taken a whole lot of time and effort... kudos on a job well done!

[foxyloxley]

I think I’ll get a 5th of Jack Daniels and go sit in a corner somewhere.

The above quote: I imagine you have recovered from the rather large bottle you MUST have drank, to put this together. I admit to an inability to focus on lists for any length of time, and so, rely on the advice given in this forum. Nicely done. well worthy of the greens you have received.

Just one thing though..............................

This could be the start of something...............

Anyone got the LIVER to do the same to the OS sugestions ?????????????

[KissCool]

Some points should be raised here:
- IPTables is the NetFilter interface. So, you don't need to separate them.
- PacketFilter of OpenBSD is really excellent.
- Even if Outpost Pro is not bad, Outpost Free is a little out of date, now. It's a shame to see this software being forgotten by its publisher. So, if you want a free Windows firewall, try Kerio or Sygate (my favorite one), but not Outpost.

[Relyt]

KissCool,

It sure is, I'll edit that and put it with the IPTables. Thanks.

[Hexem2000]

Im surprised there isn't OpenBSD's PF or FreeBSD's IPFW in that list these are deffnitely my two favourites PF can also be used on FreeBSD which is handy. I wouldn't go out myself and buy a hardware firewall , I'd much rather just use OpenBSD & PF.

[Relyt]

Hexem2000,

Well there was partner.

OBSD (default Install) - 4 times

using their Firewall...lol

I couldn't put down all the notes otherwise there wouldn't be any bandwidth left for anyone else to post.

cheers

[Hexem2000]

Ah my bad wasn't looking closely enough