lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri Jan 20 20:28:42 2006 From: craig.soderland at sap.com (Soderland, Craig) Subject: Personal firewalls. Time to thrown my .02 cents in. Zone - Good product, though it requires much thought and proper configuration for successful installs. does not, always save your configurations settings when you shutdown. This I find occurs most often when you upgrade Zone from one version to another and not use the "clean install option." If this occurs you have 2 options. 1. re-install zone, utilizing the clean install option and then re-enter your rules. 2. do not re-install zone but when you have made firewall rules changes, exit out of the program after making the aforementioned changes, when Zone exits, not as part of a shutdown it seems to correctly flush the configuration to disk. Another issue with zone, is that they have not yet fixed the bug in the true vector engine. I can can cause true vector, to regularly crash out and leave the system unprotected from a remote client. I have notified Zone's engineers, specifically how this was done and to date no response from their side. To their credit, when this occurs now the system loses all network connectivity (with recent update.) and the VSMON service now restarts. So even though the bug in True Vector still exists they have worked around it so as to not leave your system completely vulnerable as in the 5.x versions. But other than this it is a good package, very flexible, and powerful though requiring a certain level of sophistication to configure it properly. However I do wish it had the feature that Sygate PRO has, which will blackhole a IP if it detects a ports scan coming to it. it then blocks all activity from the offending IP for approximately 10 minutes. It however had a similar problem to zone in that we could easily get the FW to crash out, however when it did crash out all connectivity was lost. To date this also has not been fixed. the other firewalls I've played with, all had their own set of feature issues, With Black Ice being the worst piece of Garbage, I have had my displeasure of ever installing. Just too damn easy to defeat. in all cases, I would recommend a firewall software, especially if you are on a laptop, and might ever be out on he wild wild internet without being behind a hardware firewall. Preferably something that will also check on programs attempting to make outbound connections. But I would not rely on just a software one either. And with hardware many users/companies make the same mistake, layering firewalls all of the same vendor/brand. So that in the event of an exploit weakens they're all penetrated. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060120/e7f7d012/attachment.html
Powered by blists - more mailing lists