Jump to content
Sign in to follow this  
Tarun

Testing firewalls

Recommended Posts

I've going to be testing out a bundle of firewalls, and I have a nice list already together. If you can think of any additions, please let me know and provide a download link and I will test it. Trial versions are fine. :happybday:

* - Thanks to Ultimate Predator for the links.

** - Thanks to Eldmannen for the links.

After the firewall test, I will more than likely get more malware to infect my virtual system and test a bunch of anti-malware tools.

Share this post


Link to post
Share on other sites

Ashampoo Firewall

pktfilter

Kerio Firewall

Jetico Firewall

Lavasoft Personal Firewall

On download.com there are hundreds of firewall, I never even heard of them.

I don't think Winpooch is a firewall, I think its anti-spyware.

I think thin, slim, light-weight firewalls with extensive possibilities of hardcore in-depth configuration.

The best firewall, I've ever came across is iptables, but its for Linux only though.

Share this post


Link to post
Share on other sites

For the time being I'm going to document the basics on each firewall I test. The good sides and the bad sides as well.

The next series of test I'll run will be on free anti-malware tools. I may do a few that are pay; but the primary goal will be ones that are free for end users to use. I will have to gather a good deal of malware, though. :happybday:

Share this post


Link to post
Share on other sites

For the time being I'm going to document the basics on each firewall I test. The good sides and the bad sides as well.

The next series of test I'll run will be on free anti-malware tools. I may do a few that are pay; but the primary goal will be ones that are free for end users to use. I will have to gather a good deal of malware, though. :happybday:

How do you do the test?

Will you use virtualization todo the test?

Installing 20 different software just for a test doesn't sound like something I would do on my everyday-use machine.

I will have to gather a good deal of malware, though. :happybday:

shouldn't be hard.. just run IE and surf the net for like 10 minutes. =P

LOL! Word. :)

Share this post


Link to post
Share on other sites

You can run leaktest to test them.

You can also use nmap which is the best portscanner that exists. It is widely used in the security industry. Normally I don't think you can scan localhost, but maybe with a virtual PC, I don't know how they work, else you can use it from another PC.

Else you have to settle with something like GRC ShieldsUp!

Share this post


Link to post
Share on other sites

Some day, you have to try out iptables (Linux only).

Most firewalls or personal firewalls for Windows are actually some sort of packet filter/firewall + and IDS (Intrusion-detection system).

iptables is a small little command-line based stateful firewall application. No IDS. If you want an IDS, you can get one separate, such as Snort, etc or whatever IDS you prefer.

It runs, calls the netfilter API in the kernel about the rules you defined, then closes and does not run in the background.

In iptables, you write the rules (or get an application or script to generate them for you), and those rules you can define detailedly such as source port, destination port, source address, destination address, protocol, network interface and even TCP flags, ICMP codes, etc.

There are three tables, but you can add more tables with modules.

  • The filter table for packet filtering which is good for firewalling.
  • The NAT table which is good for routing.
  • The mangle table which is good for QoS (Quality of Service) which allows you to put rate limiters, put priorities, do traffic shaping, etc. Example, you can do so that your VoIP or online game don't lag while you download stuff.

The tables have chains like input/output/forward and prerouting/postrouting. You can put the rules in the chains. And define a target for the chain, so if no packet doesn't match any rule in the chain, it goes to the target which can be like ACCEPT the packet, DROP (stealthily) the packet, or REJECT (gracefully) the packet, LOG the packet, or forward the packet to a third-party application like a logger, alerter or IDS. It supports both IPv4 and IPv6.

You can load modules which extend the functionality with extra tables, chains, targets, and features such as maximum concurrent connections, packets per second, bandwidth quota, packet length, random matches, string matching, time-ranged rules, TTL value match, etc.

With the "ipset" tool, you can load whole lists of IP addresses (blocklists) just as in PeerGuardian, and you can put them in one or more chains. If you put it in the INPUT chain, then none of those IP addresses can connect to you (good if you don't want them to be able to download files from you), and if you put them in the OUTPUT chain, then you cant connect to those IP addresses (good, if you want to unknowingly connect to baits).

iptables is no cute little skinned toy with an ON and OFF button. It is a real security tool.

Share this post


Link to post
Share on other sites

Here's the list so far:

  • Agnitum Outpost Free - Downloaded
  • Agnitum Outpost Pro - Downloaded
  • Comodo Firewall Pro - Downloaded
  • ZoneAlarm Free - Downloaded
  • ZoneAlarm Pro - Downloaded
  • eTrust Firewall - Have on CD, free from Microsoft
  • Look 'n' Stop - Downloaded
  • PCTools Firewall Plus - Downloaded
  • Winpooch - Downloaded
  • McAfee Firewall Trial - Unable to download, not found
  • Norton Firewall Trial - Downloaded
  • pktfilter - Beta only - skipped
  • Ashampoo Free - Downloaded
  • Ashampoo Pro Trial - Downloaded
  • Jetico Freeware Firewall - Downloaded
  • Kerio Firewall - Downloaded
  • Lavasoft Personal Firewall - Downloaded
  • Sygate Firewall - Unable to download, not found

Share this post


Link to post
Share on other sites

# ZoneAlarm Free - Download

# ZoneAlarm Pro - Download

I was just wondering whether its worth downloading the ZoneAlarm Internet Security Suite and just disabling the AV, as it has so much more, including basic stuff that a firewall should have like SmartDefense™ Advisor (it looks really good): http://www.zonelabs.com/store/content/comp.../comparison.jsp

Share this post


Link to post
Share on other sites

I hope the announced testing includes this program. I never saw any follow up on any results. did I overlook any comparison results on the testing of all those firewalls.

Share this post


Link to post
Share on other sites

You can pretty much refer to Matousec, he dedicates research into the best firewall.

At the time of this research, Comodo was one of the very best, Outpost faired quite well too.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×