OT: Blackice has major security hole...

[Wolfie]

<< Description:

Affected versions of BlackICE Defender, BlackICE Agent, and RealSecure
Server Sensor running on Windows 2000 or Windows XP can be remotely
crashed using a modified ping flood attack. The vulnerability is caused
by a flaw in the routines used for capturing transmitted packets. Memory
can be overwritten in such a manner that may cause the engine to crash
or to behave in an unpredictable manner. It may be possible for
attackers to control which areas of memory are overwritten, leading to
the execution of arbitrary code. >>



Full Description can be read here.


But the patch can be downloaded HERE.

Wolfie

 

[Jay]

What is a good (cheap, or better yet, free Firewall, and don't give me that Linux propaganda, I want something I can learn in 5 minutes, not long term studying). I tried several others (ZAP, TINY, and a few others I don't remember, only NU allowed my NAT32 connections go through (ie Morpheus, etc).

Jay

 

[teriba]

ZoneAlarm. Easily the best free firewall.

 

[RaySun2Be]

I would aslo have to say ZoneAlarm.

Although, for some of the advanced stuff, you may have to purchase ZoneAlarm Pro.

BTW, Steve Gibson has been warning about security issues with BlackIce for a long time. LeakTest & Firewall Info

 

[Russ]

Zone Alarm.

Russ, NCNE

 

[CurtOien]

Just in case nobody else mentions it......
Zone Alarm.
Go here http://www.zonealarm.com and scroll down to the free download.

 

[n0cmonkey]

The less you know the better Zone Alarm is. Not an insult, just a high five (remember those?) to the programming skills they have. It is very simple for people that may not know a whole lot about what is going on. If you want to get into things a little more Tiny Personal Firewall looked great when I tried it.

Mac OS X has a built in firewall (IPFW if I read my links right), OpenBSD has PF (2.9 -current and later), FreeBSD has IPFW (but you can upgrade to IPF through ports I think), NetBSD also has IPF, and Linux has IPChains (2.2) and IPTables (2.4). For Solaris I would still go with IPF. Its free and good, as opposed to expensive and crappy like Checkpoint (the last was incase you dont use a Microsoft OS)

 

[LANMAN]

Another vote for ZoneAlarm.

Or Norton Personal Firewall 2002. Very user friendly.

--LANMAN

BTW:

<<<crappy like Checkpoint>>>

Product is only as good as it's operator. :Q You can lock down Linux very well, but if you don't know it as well as you should, you could set yourself up for a problem. Checkpoint is very much the same. However, for enterprise networks, I haven't seen anything better. (Except the price! I will agree on that! Egad!) (My .02)

 

[n0cmonkey]

<< Another vote for ZoneAlarm.Or Norton Personal Firewall 2002. Very user friendly.--LANMANBTW: <<<crappy like Checkpoint>>>Product is only as good as it's operator. :Q You can lock down Linux very well, but if you don't know it as well as you should, you could set yourself up for a problem. Checkpoint is very much the same. However, for enterprise networks, I haven't seen anything better. (Except the price! I will agree on that! Egad!) (My .02) >>



I will agree to the skill of the admin determines the security of the network. I still think Checkpoint sucks though. The administration of it is good (as far as ease of use goes), but the security it gives you is not necessarily the best.

 

[IJump]

<< Blackice has major security hole... >>

Say it ain't so!!!!!

I would have to go with Zone Alarm, also.

 

[paf077]

Zone Alarm gets another Vote!

<<Or Norton Personal Firewall 2002. Very user friendly>>

I don't use software that takes charge of the OS!!!:frown:

Just my opinion!

 

[LANMAN]

The administration of it is good (as far as ease of use goes), but the security it gives you is not necessarily the best.

What would you recommend for a enterprise firewall? Just curious.

--LANMAN

 

[n0cmonkey]

<< The administration of it is good (as far as ease of use goes), but the security it gives you is not necessarily the best.

What would you recommend for a enterprise firewall? Just curious.

--LANMAN >>



I have not used these but I have heard good things about them:

Raptor (not sure what it is called now that symantec owns it). The interface for earlier versions was considered crap, but it was supposed to be a great proxying firewall. I have talked to atleast one US government admin that loved Raptor and was very angry his site was moving to Checkpoint.

Sidewinder: Some of the features in Sidewinder are very interresting. I like how it uses a seperate driver and a seperate tcp/ip stack for each nic . It is also a proxying firewall.

PIX: It doesnt have the greatest security history, but what does? Plenty of security administrators have recommended this one.


Checkpoint is not necessarily bad, but some of the problems I have read about worry me. Check out phoneboy.com (checkpoint help site) and do a search on the word "vanish". Interresting read. I also lik ethe Nokia Checkpoint solution. The one patch for OS and firewall fixes appeals to me. With NT/Solaris I have read about OS patches breaking Checkpoint and vice versa.

If this was my firewall and it does not need to be increadibly complex, OpenBSD + IPF would be a decent solution. Even Linux with IPTables. The biggest problems I see with these is 1. management 2. failover.

1. Neither IPTables or Internet Packet Filter (IPF) have a true gui. Now this is not a problem for me at home on my dsl line, but when you have 6 sites that have to interact and each have their own configuration it can be a pain. This is why I believe management is an issue with those solutions.

2. Now you can create a failover with these solutions but the solutions I have seen feel like bad hacks. They are not something I want to rely on day in and day out. Also, along the same lines, the best hardware for these solutions would be x86 hardware. x86 hardware basically sucks in situations like these. sparc4u would be a much better hardware solution. If nothing else you can get some nice help from Sun. But this is expensive and if you are running ultra sparc hardware you might as well run Solaris. IPF works on Solaris btw, so this would still be a possibility, but you come into problems with failover again.

Anyhow, just a couple of thoughts, please add to them, offer counterpoints, and correct me where needed

 

[RaySun2Be]

We used to use Raptor, now called Velociraptor (I think) now Symantec owns it. The GUI interface was fine, just a lot of configuration to do. Once configured, it worked like a champ. We had 5 nics in the firewall server, all routed through the Raptor firewall, Internet, Citrix, several IP schemes, and never a problem. We did some interesting things routing our Webserver in and out of the firewall which worked great.

I found out tonight that we are moving to a Nokia/Checkpoint firewall setup. I'll let you know how it works out, or if anyone is using that combo now, let me know things to watch out for!

 

[n0cmonkey]

<< We used to use Raptor, now called Velociraptor (I think) now Symantec owns it. >>



Velociraptor is a firewalling appliance. It looks like they just call the big firewall product symantec enterprise firewall. (link).




<< The GUI interface was fine, just a lot of configuration to do. >>



I think v6.5 was where the gui was supposed to be a lot better. Not sure though.



<< I found out tonight that we are moving to a Nokia/Checkpoint firewall setup. I'll let you know how it works out, or if anyone is using that combo now, let me know things to watch out for! >>



Its expensive, but its supposed to be a lot better than the usual Checkpoint installation. I like how the OS (a modified FreeBSD I believe) and the firewall are integrated well.

 

[LANMAN]

<<< I found out tonight that we are moving to a Nokia/Checkpoint firewall setup. >>>>


Make sure you include the techsupport package. (Which you probably will, however...)

(Pre-req)You have to subscribe to the "Software update" package before you can gain support which is of course another charge. :Q

That all reminds me of of M$'s retirement of NT 4.0 as of July 03', No support. Either upgrade to Win2k or your out there when problems happen.
(All OEM's will stop selling as of July 02') Doh??

Change is good they say. Until the next service pack that kills your system.

Wow we really got "OT" on this thread or what?

--LANMAN

 

[LANMAN]

Just some good FYI Linkage. to comment Wolfie's link.

Current vulnerabliities, virus (worms), along with links to patch them.

--LANMAN

 

[MoFunk]

My Dad uses Zonealarm. If he can use it and figure it out. ANYONE can! So another vote for ZA.