The UK Home Automation Archive

Archive Home

Group Home

Search Archive
Advanced Search

The UKHA-ARCHIVE IS CEASING OPERATIONS 31 DEC 2024

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Firewalls?

To: <ukha_d@xxxxxxx>
Subject: RE: Firewalls?
From: "Timothy Morris" <timothy.morris@xxxxxxx>
Date: Sun, 23 Sep 2001 22:05:31 +0100
Delivered-to: mailing list ukha_d@xxxxxxx
Mailing-list: list ukha_d@xxxxxxx; contact ukha_d-owner@xxxxxxx
Reply-to: ukha_d@xxxxxxx



> -----Original Message-----
> From: Mark Hetherington (egroups)
> [mailto:mark.egroups@xxxxxxx]
> Sent: 23 September 2001 21:47
> To: ukha_d@xxxxxxx
> Subject: RE: [ukha_d] Firewalls?
>
>
> It has been a while since I actually did the investigation (a
> little over 12
> months) but fom what I have heard from some people not much is likely
to
> have been changed.
>
> I first began seriously looking at firewall software for my home PC
while
> using the BT Internet Freephone number and then later Surftime sue to
the
> increased online time and increasing number of attacks. I tried
various
> options as detailed below:
>
> Black Ice Defender
> Quite poor. Alarm triggers for non events. A DCC chat in IRC would
triger
> multiple alarms. Blocks some trojans but many security holes. No
stealth
> capabilities. Log files difficult to parse and require an add on
> package. No
> application specific rulesets.
>
> LockDown 2000
> A more comprehensive solution that was less prone to false alarms. A
neat
> inbuilt utitily to track offending IP addresses back to their source
and
> automatically generate complaints. Limited stealth capabilities. Poort
> Trojan protection. Does not protect completely so I originally
> used this in
> conjunction with BlackIce Defender. Lockdown was a good way to detect
BID
> false alarms. No application specific rulesets.
>
Lockdown 2000 is "scare-ware". Very expensive generates false
alerts and
tells you you've been protected. The idea is, you download the trial, get
scared, and then pay an exhorbitant fee for the software.

> Zone Alarm
> Limited stealth capabilities. Lack of configurability. Not extremenly
> compehrensive protection. Preferable to either BID or LD2K but syill
had a
> number of false alarms. I belove later versions addressed some or all
of
> these but reports I have seen from people online seem to indicate
there is
> still a problem with false alarms.
>
May be relevant to earlier versions, but according to testing that I've
done, ZA offers full stealth on all ports except those that you have
explicitly opened. Reading through the logs does require a limited
knowledge
of TCP/IP. When used with the "Attack Analyser" feature of
ZoneLog you can
easily differentiate between casual probes and determined attacks.

Tim.

Prev by Date: RE: Firewalls?
Next by Date: RE: Firewalls?
Previous by thread: RE: Firewalls?
Next by thread: RE: Firewalls?
Index(es):
- Date
- Thread

Home | Main Index | Thread Index

Comments to the Webmaster are always welcomed, please use this contact form . Note that as this site is a mailing list archive, the Webmaster has no control over the contents of the messages. Comments about message content should be directed to the relevant mailing list.