Re: [fw-wiz] Firewalls Compared

• Previous message: Paul D. Robertson: "Re: [fw-wiz] Web server security?"
• In reply to: Dave Piscitello: "Re: [fw-wiz] Firewalls Compared"
• Next in thread: Paul D. Robertson: "Re: [fw-wiz] Firewalls Compared"
• Reply: Paul D. Robertson: "Re: [fw-wiz] Firewalls Compared"
• Reply: Laura Taylor: "RE: [fw-wiz] Firewalls Compared"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Dave Piscitello <yodave@hargray.com>
Date: Tue, 22 Jun 2004 09:18:24 -0700 (Pacific Daylight Time)

Good comments on reviewing firewalls...However, at this point I am
convinced that personal and home network firewalls and desktop anti-viral
software for Windows are the most critical components of national if not corporate security.
All of the most devastating attacks (worms, viruses, DOS, e-mail
attachments, terrorist attacks) of the last 2 - 4 years leverage the mass
of unguarded PCs. Traditional concepts of firewalling networks ultimately
seemed useless and incomplete to guard against these type of attacks.

I don't know where I would find statistics on how many home or corporate
broadband networks have hardware firewalls or personal firewalls. If I had to
guess for home users...I would say less than 10% have hardware firewalls
and less than 20% employ personal firewalls. Fewer would employ both
together Most users I know just ride bareback against a cable modem or
DSL which is relatively amazing considering that GIAC trained
professionals now are recommending that home users consider both hardware
and software firewalls simultaneously. (See something like
http://www.giac.org/practical/GSEC/Barbara_Kupiec_GSEC.pdf). Considering
the number of intrusions that I see break throught my hardware firewall
and get stopped by my personal firewall...I would say this is excellent if
not underwhelming advice.

Amazingly, even as a professional I find all the application protection
options of Zone Alarm Plus worth some serious study. I can't imagine most
home users working their way through the when and how of granting (or not
granting) generic host process access to an "open process".
Other personal firewalls I have worked with approach the problem with
greatly varying interfaces and functionality. Some are really quite
disastrous to install or work with or just plain uninformative for the
desk top.

There are a few sites around that offer personal firewall reviews and
comparisons...but they are cursory in nature. In truth, the personal
firewall industry is unstandardized and rapidly evolving - a fascinating
state given the probability that home firewalls with soon eclipse
corporate firewalls as the most significant component of national computer
security.

Ryan M. Ferris
rferris@rmfdevelopment.com
rferris@rmfnetworksecurity.com

On Mon, 21 Jun 2004, Dave Piscitello wrote:

> Paul, good list (I'd love to have your permission to publish it at
> LOOP.interop.com, with your attribution, of course). I would add:
>
> 11. What methods does the firewall provide to assist me in
> asserting my security policy is enforced: specifically, are
> the log entries generated sufficiently detailed?
> 12. Perhaps included in your thinking regarding upgrade path,
> but authentication rather than performance-focused: does the
> firewall support all present and projected auth methods; if
> PKI, who's certs?
>
> I'd also add related checks if you intend to use
> an IPsec VPN for remote access
> - origin of client SW (who wrote it),
> - availability of non-Windows clients (if appropriate),
> - reliability/track record of client SW vis-a-vis install across
> different Win OS and hardware
> - suitability of client for use with other firewalls (if multi-
> organizational collaborative/B2B/B2C is something you must satisfy)
> - client policy administration/enforcement method
> I know this goes beyond "just a firewall" so if O/T ignore.
>
>
> At 11:47 AM 6/21/2004 -0400, Paul D. Robertson wrote:
>> 1. How well do the boxes implement my proposed security policy.
>> 2. Do they pass testing for implementing my security policy.
>> 3. How do the boxes perform implementing my security policy[1.]
>> 4. What is my upgrade path should my performance requirements change?
>> 5. How well can the devices be administered by multiple levels of
>> people if my security policy defines and requires such.
>> 6. Historically, how well has the vendor done.
>> 7. What does it take to make them fall over. If you can't make them fall
>> over, you're not testing hard enough.
>> 8. How intuitive is my security policy when added to the systems.
>> 9. Failover/backup issues (test both.).
>> 10. License issues (how do they handle license failure, and how long
>> does it take to recover.)
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
>
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Paul D. Robertson: "Re: [fw-wiz] Web server security?"
• In reply to: Dave Piscitello: "Re: [fw-wiz] Firewalls Compared"
• Next in thread: Paul D. Robertson: "Re: [fw-wiz] Firewalls Compared"
• Reply: Paul D. Robertson: "Re: [fw-wiz] Firewalls Compared"
• Reply: Laura Taylor: "RE: [fw-wiz] Firewalls Compared"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]