Matousec Test Updated

But I'm a part of the industry and in my neck of the same industry we take it differently. Though, I do not claim our definition absolute, I just say "this term is questionable". The same with your link. It only says how Firewall is defined in "Hitachi ID Systems", and no more. Let you agree, Wiki claims to be more commonly adopted resource, than any individual company. But even Wiki cannot claim on the absolute definition (actually, nobody and nothing can). The problem is this definition is not stable yet, this is why it is questionable. If you take modern firewalls you'll see, they went far beyond your definition. If you take personal and ley us say corporate firewalls, you'll see, they are ABSOLUTELY different. This is life. Definitions can change and vary and shift and adjust.

Let me show you some different definitions:

http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci212125,00.html
===
DEFINITION - A firewall is a set of related programs, located at a network gateway server, that protects the resources of a private network from users from other networks. (The term also implies the security policy that is used with the programs.) An enterprise with an intranet that allows its workers access to the wider Internet installs a firewall to prevent outsiders from accessing its own private data resources and for controlling what outside resources its own users have access to.
===

http://www.webopedia.com/TERM/f/firewall.html
===
(fīr´wâl) (n.) A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.
===

But everybody understands, that a personal firewall cannot protect network, so for a personal firewall those definitions are wrong.

http://searchmidmarketsecurity.techtarget.com/sDefinition/0,,sid198_gci331881,00.html
===
DEFINITION - A personal firewall (sometimes called a desktop firewall) is a software application used to protect a single Internet-connected computer from intruders. Personal firewall protection is especially useful for users with "always-on" connections such as DSL or cable modem. Such connections use a static IP address that makes them especially vulnerable to potential hackers. Often compared to anti-virus applications, personal firewalls work in the background at the device (link layer) level to protect the integrity of the system from malicious computer code by controlling Internet connections to and from a user's computer, filtering inbound and outbound traffic, and alerting the user to attempted intrusions.
===

this goes more interesting, isn't it ?

personal firewall

http://encyclopedia2.thefreedictionary.com/personal firewall
===
Software installed in a user's computer that offers protection against unwanted intrusion and attacks coming from the Internet. Personal firewalls are available from numerous security vendors,
===

This definition is interesting because it allows very wide range of functionality "protection against unwanted intrusion and attacks coming from the Internet".

Is this enough to agree we have not stable definition of a firewall or should I continue to post the different definitions ?

 

Interesting call. But in the both cases the product that takes upper line was tested later. May be this is actual reason ? It would be fair, because it allows any product to take the higher position in a case of a parity, while alphabetical order doesn't allow it

 

My first firewall was when I installed Win2K. I knew nothing about firewalls, and in reading, I discovered there are many opinions about what a firewall is and what it should do.

The idea of a packet filter for inbound connections made the most sense to me, so that became, and still is, my idea of a firewall.

Earlier today, I saw this interesting firewall alert for inbound Port 53 - rather unusual:



I knew the firewall was doing the job I expected for it. Nothing unwanted can intrude.

During the conficker fiasco, I noticed heavier than usual probes to Port 445.

----
rich

 

Is conficker a virus?It wil use Port 445?
Your firewall is so cool.But it seems to be too old.
Form your picture,what information can we get?Was it virus' behavior?Or did someone attack your computer?

 

This is OK, until you start to force your definition on the others. Then it can become a problem.

As for me I think the most acceptable definition for a personal firewall is this:

http://encyclopedia2.thefreedictionary.com/personal firewall

"Software installed in a user's computer that offers protection against unwanted intrusion and attacks coming from the Internet."

 

It's been called various things:

http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx

​

​

It's a probe - that is all I can tell. It doesn't matter as far as I'm concerned.

Here is typical stuff:




Ports 1026-1028 are messenger spam.
Port 135 is the entry point for MSBlaster worm.
Port 139 is the Netbios Session Service.
Port 445 is the entry point for Sasser worm, Conficker

The third showing Port 51132 is typical for those like myself using a dynamic IP address (it changes each time I dial up). The previous user of that IP at the time it was assigned to me may have been in a P2P session using that port.

----
rich

 

Rmus I take it that you are not sitting behind a Router?

 

I think that is what a packet filter does.

----
rich

 

Correct - I am not.

----
rich

 

Yes, packet filter does a small part of this job.

 

are we talking here about firewalls (general) or about personal firewalls? Matousec testing personal firewalls HIPS etc. and not "corporate" firewalls, definition of personal firewall is what we need here, in thread about Matousec tests...
personal firewall must be able to distinguish which application made network request, if it cant do that properly it is then bad PFW.
leak tests segment of Matousec testing suite is almost all about above premise

 

Thank you.I learned many things.

 

Hi Mike,

Well we do not have to argue about the term. But if a word is not defined is meaningless using it, since we will not understand each other.

I agree, security products should be able to protect themseleves, but termination tests of their guide should not be a penalty for them unless the protection is lost.

And I agree Matousec should have renamed his test a long time ago, but he didn't and this is the reason http://www.google.com/trends?q=matousec . (when he started to lose popularity he changed it)

Panagiotis

 

No, it's not.
None of the definitions that you list is not already included in the one I gave you. (or if you prefer none of them is exluded from it).

Maybe your way to use the word definition, is different from mine. In greek and in italian the word definition has the meaning described here

http://translate.google.com/translate?sl=it&tl=en&u=http://it.wikipedia.org/wiki/Definizione

Panagiotis

 

Definition you referenced starts with "A Firewall is a system which limits network access between two or more networks". This is definitely not a case for a personal firewall, this is why we cannot use it in this thread.

 

A "system" can be a dedicated hardware firewall, another pc, a software, a driver, etc., etc. Of cource we can use it!
And the definition does not start with "A Firewall is a system which limits network access between two or more networks". That is the definition; everything after that is a description or if you prefer an example.

http://en.wikipedia.org/wiki/System

Panagiotis

 

We cannot use it not because "System", but because "between two or more networks". Personal firewall has nothing to do with limiting access between the networks.

 

You are discussing something about the defintion "system"?

 

In his definition he didnt mention "personal" so that def may be correct but totally off topic for this thread...
of course, for personal FW is not essential "two or more networks" and thus that definition of firewall can not be used for personal firewall

 

I see, that you like to play with the words.

A personal firewall is sub group, of the term firewall, further speciallised.

For example there is the definition of animal. But there are different classes of animals: Vermes, Insecta, Pisces, Amphibia, Aves, and Mammalia; with further speciallised carracteristics.

Anyway, I am not willing to continue on this kind of linguistic joke.

Panagiotis

 

it is not joke, you are OT all the time, Matousec testing personal firewalls etc. and not firewalls and their scope of protection, here features of personal firewalls

 

Personal firewalls are used also in "internet connection sharing" enviroments. This mean that the generic definition covers personal firewalls too.

Panagiotis

 

yes, but that is not essential for them

 

OK, since controlling/restricting network traffic is not essential for a personal firewall, I guess I really am out of topic.
The 3-4 years "Firewall Challenge" of matousec recently renamed to "Proactive Security Challenge" really was a great firewall test and never mislead the readers.

At least he decided to change it, but yet most users point to it as a source of how good a personal firewall is.

over and out,
Panagiotis

 

I intentionally did not use the word "definition." I described my idea of what a firewall should do as part of my security strategy: block the intrusion of any unwanted network stuff. Looking at different products and their logs, the product I chose fulfills that requirement.

And I intentionally used the qualifier "my," meaning it didn't necessarily apply to anyone else.

"Definitions" lead to confusing, irrelevant discussions. Like with "HIPS." Define HIPS. No one can agree on a definition, but you can look for what you want in a "HIPS" product and go from there.

The proof is in the pudding. Look for exploits in the wild: if your security product nullifies them (firewall logs in my case prove this), what does is matter how you define it?

----
rich