Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Personal firewalls.
From: "Soderland, Craig" <craig.soderland () sap com>
Date: Fri, 20 Jan 2006 15:28:26 -0500

Time to thrown my .02 cents in. 
 
Zone - Good product, though it requires much thought and proper
configuration for successful installs. does not, always save your
configurations settings when you shutdown. This I find occurs most often
when you upgrade Zone from one version to another and not use the "clean
install option." If this occurs you have 2 options. 
 
1. re-install zone, utilizing the clean install option and then re-enter
your rules. 
2. do not re-install zone but when you have made firewall rules changes,
exit out of the program after making the aforementioned changes, when
Zone exits, not as part of a shutdown it seems to correctly flush the
configuration to disk. 
 
Another issue with zone, is that they have not yet fixed the bug in the
true vector engine. I can can cause true vector, to regularly crash out
and leave the system unprotected from a remote client. I have notified
Zone's engineers, specifically how this was done and to date no response
from their side. To their credit, when this occurs now the system loses
all network connectivity (with recent update.) and the VSMON service now
restarts. So even though the bug in True Vector still exists they have
worked around it so as to not leave your system completely vulnerable as
in the 5.x versions. 
 
But other than this it is a good package, very flexible, and powerful
though requiring a certain level of sophistication to configure it
properly. 
 
However I do wish it had the feature that Sygate PRO has, which will
blackhole a IP if it detects a ports scan coming to it. it then blocks
all activity from the offending IP for approximately 10 minutes. 
 
It however had a similar problem to zone in that we could easily get the
FW to crash out, however when it did crash out all connectivity was
lost. To date this also has not been fixed. 
 
the other firewalls I've played with, all had their own set of feature
issues, With Black Ice being the worst piece of Garbage, I have had my
displeasure of ever installing. Just too damn easy to defeat. 
 
in all cases, I would recommend a firewall software, especially if you
are on a laptop, and might ever be out on he wild wild internet without
being behind a hardware firewall. Preferably something that will also
check on programs attempting to make outbound connections. But I would
not rely on just a software one either. 
 
And with hardware many users/companies make the same mistake, layering
firewalls all of the same vendor/brand. So that in the event of an
exploit weakens they're all penetrated. 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault