lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: kf_lists at secnetops.com (KF (lists))
Subject: Firewall solution for Windows 2003 Server

I personally like how Visnetic lets you take Local SYSTEM rights.
-KF


Irwan Hadi wrote:

>On Sat, Apr 24, 2004 at 06:18:50PM +0200, Ondrej Krajicek wrote:
>
>  
>
>>Greetings to all disclosers ;),
>>
>>I would like to see your opinion on currently available firewall
>>products for Windows Server 2003. I am looking for simple
>>firewall solution as an _additional_ protection measure
>>for our servers. 
>>
>>We all surely know about poor Windows logging (when it comes
>>to information coverage). I want a simple packet filter
>>running as a service logging everything. I was happy with
>>Kerio Personal Firewall, but Kerio no longer supports
>>Windows servers with this product.
>>
>>I do not need router capabilities, just local packet filter.
>>
>>Could someone recommend me something? Preferably without,
>>nice overcomplicated GUI is not a requirement
>>(and I hope it could be avoided :).
>>    
>>
>
>I'm using Visnetic Firewall (from deerfield.com) on all of my Windows
>servers, and probably on all of my Windows clients pretty soon. One thing I
>like from Visnetic is:
>- It is just a packet filter. Doesn't do any application level filtering,
>which is a good thing for a server. Who would keep watching the console of
>the server for popup generated by a firewall asking "do you want to allow
>this application to send packets to that destination"
>- As far as I know, since it is simple, it hasn't had any security issues,
>like Zone Alarm did, Kerio did, and the funniest one was Blackice, which was
>exploited by witty worm. My principle is, a firewall suppose to protect the
>system it's protecting. If a firewall since it is made quite complex, with
>all kind of unnecessary features, then have some vulnerabilities in it, which
>instead protecting its host now is threatening its host then what good does
>it have?
>- It is now configurable both by GUI and command line
>- Has sequence number hardening and tarpit
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>  
>


Powered by blists - more mailing lists