Papers on inbound tests and other non-leak tests of firewalls

MrBrian · Mar 6, 2014

From The 2010 Personal Firewall Robustness Evaluation:

Abstract

With the advent of cheaper Internet connections, the number of Internet connections among home users is on the rise. Generally, home users have little understanding of the security concerns associated with Internet connectivity. To protect against computer attacks, generally a home user may install a personal firewall on his/her computer. To determine the effectiveness of personal firewalls, evaluation tests were performed against the ten firewall products available to users at local electronic stores and listed on popular firewall security websites. The firewalls were tested in their default and maximum security mode. The investigation was carried out by performing a port scan and vulnerability scan attacks against a computer with no firewall protection and computers running personal firewalls. The results of the investigation established that the computers running the firewalls exhibited some or all of the vulnerabilities detected on a computer with no firewall protection.
Click to expand...

----------

From "Security Vulnerability Evaluation of Popular Personal Firewalls and Operating Systems" (2010):

In this thesis, experimental evaluation of security vulnerabilities has been performed under DoS attacks for popular personal firewalls from McAfee, Norton and Kaspersky; and for operating systems namely Apple’s Leopard and SnowLeopard, and Microsoft’s Windows XP and Windows 7. Our experimental results show that the firewalls and operating systems behave differently under a given DoS attack. Some of the firewalls crashed under certain DoS attacks especially when they were configured to prevent and block packets belonging to such attacks. Operating systems evaluated in this thesis were also found to have different built-in security capabilities, and some of them even crashed under certain DoS attacks requiring forced reboot of the system. Comparative performance of firewalls and operating systems under DoS attacks has been presented.
Click to expand...

Pdf at hxxps://portal.utpa.edu/utpa_main/daa_home/ogs_home/ogs_imagesfiles/surisetty.pdf .

----------

From Testing and Analysis of Personal Firewalls (2010):

Abstract

The rapid growth of internet has directed a collinear increase of internet users. The majority of people using internet have limited understanding and knowledge of computer systems. The majority of users rely on the security software's that are provided by different firewall vendors to ensure the secure communication. These security software's design and developed by very highly qualified professionals to ensure threat detection against viruses, malware and spywares. The basic purpose of our thesis is to test and analyze the security firewalls against TCP ACK, TCP SYN, TCP FIN, TCP Connect, Echo Ping, UDP and Denial of Service attacks (Ping of Death, Teardrop, and Land Attack) to check security issues. We also have discussed the similarities and differences between them.
Click to expand...

----------

From Analysis of Vulnerabilities in Internet Firewalls (2003):

Abstract

Firewalls protect a trusted network from an untrusted network by filtering traffic according to a specified security policy. A diverse set of firewalls is being used today. As it is infeasible to examine and test each firewall for all possible potential problems, a taxonomy is needed to understand firewall vulnerabilities in the context of firewall operations. This paper describes a novel methodology for analyzing vulnerabilities in Internet firewalls. A firewall vulnerability is defined as an error made during firewall design, implementation, or configuration, that can be exploited to attack the trusted network that the firewall is supposed to protect. We examine firewall internals, and cross reference each firewall operation with causes and effects of weaknesses in that operation, analyzing twenty reported problems with available firewalls. The result of our analysis is a set of matrices that illustrate the distribution of firewall vulnerability causes and effects over firewall operations. These matrices are useful in avoiding and detecting unforeseen problems during both firewall implementation and firewall testing. Two case studies of Firewall-1 and Raptor illustrate our methodology.
Click to expand...

----------

From "Performance and Information Security Evaluation with Firewalls" (2013):

Abstract

Firewalls are an essential part of any information security system being the first defense line against security attacks. The sea-saw effect between firewalls and network performance is most concerning to network users; where strict security settings result in weak network performance and permeant security settings allow for a stronger one. Hence, evaluating firewall platforms and their impact on network performance is important when assessing the effectiveness of network security. In this paper, we present an assessment methodology to analyze the performance of different firewalls platforms. The analysis considers the following metrics: delay, jitter, throughput, and packet loss. Moreover, the information security of the firewalls is also tested by applying a set of attacks and observing the reaction of the firewalls. The proposed assessment methodology is tested by performing real experiments on different types of firewalls including those that are personal and network-based. Moreover, a quantitative study is conducted to explore the level of knowledge among the educated category in the community, represented by a sample of college students, on the importance of firewall and their use.
Click to expand...

Pdf at hxxp://www.sersc.org/journals/IJSIA/vol7_no6_2013/37.pdf .

MrBrian · Mar 8, 2014

Unfortunately, the author(s) of the papers that tested the built-in Windows 7 firewall didn't specify (if I recall the papers' contents correctly) the network location (e.g. Public, Home, Work) used, and didn't test different network locations.

CoolWebSearch · Mar 8, 2014

MrBrian said:

From The 2010 Personal Firewall Robustness Evaluation:

----------

From "Security Vulnerability Evaluation of Popular Personal Firewalls and Operating Systems" (2010):

Pdf at hxxps://portal.utpa.edu/utpa_main/daa_home/ogs_home/ogs_imagesfiles/surisetty.pdf .

----------

From Testing and Analysis of Personal Firewalls (2010):

----------

From Analysis of Vulnerabilities in Internet Firewalls (2003):

----------

From "Performance and Information Security Evaluation with Firewalls" (2013):

Pdf at hxxp://www.sersc.org/journals/IJSIA/vol7_no6_2013/37.pdf .
Click to expand...

Sorry, Brian; to me, this is a bit too much to understand; what does this all mean: all of the software firewalls except Outpost and Eset are vulnerable to these attacks?
So every single software firewall, except Outpost and Eset, is vulnerable to these mentioned attacks?
Why should I use; let's say, Comodo Firewall or Private Firewall than, if this is all true?
Sorry, Brian, but I'm a bit confused.

MrBrian · Mar 8, 2014

CoolWebSearch said:

Sorry, Brian; to me, this is a bit too much to understand; what does this all mean: all of the software firewalls except Outpost and Eset are vulnerable to these attacks?
So every single software firewall, except Outpost and Eset, is vulnerable to these mentioned attacks?
Why should I use; let's say, Comodo Firewall or Private Firewall than, if this is all true?
Click to expand...

Here is a ports tutorial: http://www.bleepingcomputer.com/tutorials/tcp-and-udp-ports-explained/.

One issue is whether there are ports open that other computers on the Internet (or others computers behind the same router, if you use one) could send data to. If a program listening on an open port is vulnerable, then an exploit of that vulnerability could be used to achieve remote code execution in some cases. You can use sites like https://www.grc.com/x/ne.dll?bh0bkyd2 to test whether open ports are "reachable" from other computers on the internet, and programs like Advanced Port Scanner to test whether open ports are "reachable" from other local computers. You should test your own system if you're concerned about your current setup. I use the built-in Windows 7 Firewall.

Another issue tested is Denial-of-Service.

MrBrian · Mar 8, 2014

MrBrian said:

I use the built-in Windows 7 Firewall.
Click to expand...

With network location=Public.

fblais · Mar 8, 2014

MrBrian said:

With network location=Public.
Click to expand...

Nice tip, thanks!

MrBrian · Mar 8, 2014

fblais said:

Nice tip, thanks!
Click to expand...

You're welcome .

That setting doesn't guarantee that no open ports will be reachable from other computers, but it's the most restrictive setting.

MrBrian · Mar 8, 2014

Understanding Windows Firewall Network Location

MrBrian · Mar 8, 2014

Types of attacks against firewalls: see https://www.wilderssecurity.com/showthread.php?t=361143.

MrBrian · Apr 3, 2014

AV-Comparatives Firewall Test 03/2014

Log in or Sign up

Papers on inbound tests and other non-leak tests of firewalls

MrBrian Registered Member

MrBrian Registered Member

CoolWebSearch Registered Member

MrBrian Registered Member

MrBrian Registered Member

fblais Registered Member

MrBrian Registered Member

MrBrian Registered Member

MrBrian Registered Member

MrBrian Registered Member

Log in or Sign up

Papers on inbound tests and other non-leak tests of firewalls

MrBrian Registered Member

MrBrian Registered Member

CoolWebSearch Registered Member

MrBrian Registered Member

MrBrian Registered Member

fblais Registered Member

MrBrian Registered Member

MrBrian Registered Member

MrBrian Registered Member

MrBrian Registered Member

Useful Searches