Security Testing
 

Hey

Does anyone here have any advice on which firewall is the best. I'm using Tiny Personal now...and it seems pretty good.

Also I'd like to recommend a site that let's you test your firewall:
http://www.grc.com

Try the shields up program. Should be a link somewhere on grc.


Do any of you have any other links to sites that test your security ?

NMAP is a really good software to test your firewall... (it's free of course...)

Get it from here

I primarily use Broadband Reports security tools: http://www.broadbandreports.com/tools

I have used Security Space in the past, be they appear to have undergone some changes since I the last time I used them:
http://www.securityspace.com/sspace/index.html

I use Sygate. Its worked pretty well for me so far.

If you want the best results and the most control, have a friend run nmap against your computer - so you get an "external" viewpoint. I've had some experienced with the GRC Shields Up scanner, and not to sound like a broken record (as I've said this on serveral other threads) their scan is very lacking in both comprehensiveness and accuracy. I've specifically opened ports on my firewall, had services listening on those ports, and received a clean bill of health from them.

Basically, nmap is your best bet.

Kerio Personal Firewall 2 (2.1.15 i think is the last version of it?) is the best.

An excellent program with a GUI would be Retina... Tells you what's exploitable, and how to fix it. It also updates itself, so you can always know if your system is secure.

Yep, I used to work for a company that do network security, when we'd g out to clients networks to run checks on their networks Retina would be my weapon of choice, a lot of the other guys use it to.

There is no single definate solution, you need to combine Retina with nmap, do some external scans, do scans from your machine.

Have a gander at http://www.grc.com/default.htm for gibsons shields up, thats a good quick test, but as well as firewalling you need to make sure your machine is secure (software vurnaribility wise).

The best firewall is ofcouse an hardware firewall, but if you have to go with a software based one, go with kerio or that other one I used that I cant remember the name of ;)

Not true.

Agreed, hk-. Any firewall, hardware or software, is as strong or vulnerable as the ruleset it consists of. If they're both set with identical rules, there really isn't a major advantage of one versus the other. The only difference is that with "hardware firewalls" you can use that machine as a NAT box as well, and therefore protect a larger number of machines with a single ruleset, instead of having individually configured software packages on each machine.

The key is being thorough when establishing what you absolutely have to let through the firewall (inbound and outbound), not what type of firewall you have.

^^ Indeed, I just couldnt be arsed to go into all of that. Also with hardware firewalls you have their vurnability issues, if your running a n*x box as a firewall for example with ipchains/iptables/whatever as your firewall, you have to make sure that the box running the firewall is secure.

The number of times I have been pen testing for a company and they show me their firewall and the damn thing is running telnetd... well i've lost count.

(Telnet can be made to fall over in the time it take to blink, thus giving access to the firewall box, thus an attacker can turn off the firewall, whats worse is they control a box on your network... fun!).

The fact that a software firewall can be disabled by e.g. a virus is enough to make me get an hardware firewall.

^^ That's still a software firewall.
When I'm refering to a hardware firewall, i mean a box from cisco or the likes.

Cisco PIX boxes still aren't the be all and end all of firewalls.

To repeat: Any firewall, unless you set it up properly, is insecure. This includes PIX firewalls.

I've got an OpenBSD machine I use as my "firewall" - it's got very few open ports (less than the fingers on one hand), and OpenBSD is a very secure OS (Only one remote hole in the default install, in more than 7 years). I consider that to be "good enough" for my purposes.

Given OpenBSD's security record, I feel that I can discount the "firewall getting hacked" possibility and concentrate on just the packet filtering job of the firewall.

And, just for fun, I did a quick google search for you, -Anders:
A year-ish old vulnerability report from Cisco on their PIX firewalls. Everything has holes. Everything. :p

Even the "hardware" firewalls run SOFTWARE... using CISCO as the example, their rapid blaze switches, thats hardware switching, but it still runs software, point proven by the fact that about 4 months ago we (the company I work for) found a hole in their management software which meant that we could make any CICSO switch of the same model start generating random malicious packet data.

Whats the relevance? Even if its a "hardware solution" its still running some form of software. There is no way other than physically unplugging a system, to make it "safe" or not vunrable to attacks. Trust me on this, I get paid mega bucks to do this kind of shite :D