Firewall testing only

At it basics, control/verification of replies made to requests.

Even with IPV4 there are checks on packets that can be made, which for TCP include flags/sequence numbers. That extra information is within the packet for added security, which most firewalls simply dismiss and dont check.

 

Thank you for the good read!
I really think there is a entity working to suppress this kind of testing, to leave a backdoor open for "big brother".

 

Is this a knock-out criteria?
If so and this would be a FW test - which one did not survive the first round?

Cheers

 

I think SPI will check the packet flags and sequence numbers only,is it right?

If right,as far as I concerned,Outpost Jetico and LNS have SPI only.It means they are better than others?

 

What firewalls seem to work best then in your View Stem ? And I mean ONLY firewall, No added junk.

 

No, SPI is used by Vendors as a check on IP/Port (well, certainly firewalls state SPI when they only filter by IP/Port)

When other checks are being made, they are being named as "Stateful packet filtering" or "Stateful protocol filtering", but dont confuse that with protocol analysis as that can mean other checks (from what I have seen).

Sorry, but it is confusing with different terms used, the only way I actually find out an actual firewalls filtering ability is by testing.


.

 

Unfortunately there are not many stand alone firewalls/packet filters to choose from, there are firewalls within some suits that do filter well, so for me to put forward a choice just based on a standalone firewall/packet filter product would not be good.(Plus:- I would not like to put forward what I think is best, as it could appear as some form of promotion, and if I do post test results in the future, they could appear biased),

So I hope you dont mind my avoiding answering the question.

 

This should be a forum of ideas, and opinions. So what people think or say, thats what it's all about, a pool of opinions.
If you withhold thoughts, and opinions then what good is a forum?

 

Best to try out different firewall software until you find one you like to use. Everyone here going to say (yeah or nay) or like a hit and a miss on the bulls eye!
First layer of your defense it get a good router that offers you extra features for security beyond the NAT/SPI.
Second layer of your defense on each system use OS embedded firewall
Third layer of your defense small low impact security watchdog software to catch things that can sneak on the system or smart AV.
Always have your system updated with patches and repairs so everything is tighten on a security end!