Alternatives to a Firewall.

Discussion in 'other firewalls' started by AaLF, Jan 2, 2007.

Thread Status:
Not open for further replies.
  1. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    Many people including myself have a router / modem as a firewall. Often by default due to our ISP requirements such as ADSL. These routers offer protection for "inbound" internet traffic only.

    Also, most users are aware that 'normal' firewalls also offer control of 'outbound' internet traffic i.e. BLOCK / AUTHORIZE

    I read elsewhere in a thread that there are several security applications/programs that also 'police' outbound traffic as part of there 'duties' yet are not 'firewalls'.

    Can we post up some examples?

    The one I read about was Dynamic Security Agent
     
  2. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    I use appdefend on a couple of systems to control outbound connections.
    I also use system safety monitor's basic network firewall on another setup.
     
  3. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
  4. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    i remember one person mentioned proxyfirewall as an outbound solution.
     
  5. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    Prevx in 'Expert Mode'!
     
  6. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    What about those "LEAK-TESTS" one hears about?

    Can PRIVX / SSM etc handle this situation or is a convential FW the only answer?
     
  7. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    In regards to the leaktests, SSM will intercept each leaktest before it can run so from a certain point of view it will block all leaktests. If you allow the leak test to run i'm not sure how many ssm would catch, i personally haven't tested ssm this way.
     
  8. egghead

    egghead Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    443
    Location:
    The Netherlands
    If you allow the leaktest to run, after this SSM does not intercept this leaktest from running because you just have ALLOWED it to run. :eek:
     
  9. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    I was thinking maybe ssm would pick up some of the activities of certain leak tests after they execute. Not having tested it this way i can only speculate.
     
  10. EASTER.2010

    EASTER.2010 Guest

    Nice Topic tisatashar, Thanks.

    I am only beginning to review DSA myself but what i've noticed in these few days of my testings is that DSA throws up an ALERT! on DNS attempts, so that policing manner you mentioned seems to fit this app. Of course, it also goes beyond monitoring those type events which has my full attention and some encouragement right now that this is a very worthy addition to my own prevention layers of SHIELDING.

    Also noticed it also (to my surprise) monitors if certain system files such as csrss.exe is OVERTAXING cpu cycles and will throw up an alert to that event also.

    Interesting application to say the least from what i gather so far. Looking forward also to reading other's viewpoints to this Dynamic Security Agent program.
     
  11. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
  12. egghead

    egghead Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    443
    Location:
    The Netherlands
    Understand what you mean.
    As far as I can remember (I have thrown every leaktest of firewallleaktester.com and other sites at SSM and SSM intercepts everyone of these:thumb: :thumb: :thumb: ) when you allow a leaktest to run it will run without further intervention of SSM.
     
  13. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    afaik thats not true, but i havent tested it myself.

    once u allow a leaktest to run, SSM (or other HIPS) could still intercept attempts at dll injection, registry modification, or other behaviors that your HIPS covers.
     
Loading...
Thread Status:
Not open for further replies.