Discussion in 'other firewalls' started by medz, Dec 24, 2005.
The name is Core Force security and it is entire intrusion detection system with firewall based on Linux Open BSD. I must warn you though that security focus was acquired by a company I deem to be full of flaws in almost all their products:Symantec. Security Focus still produces top quality advanced network security information and I trust them more than most when it comes to security. I attempted to install this program to no avail though, on two different computers. I wish you better luck than I had, and please if you install, post your opinion of this product. Make sure you take a peek at security focus' vulnerability database, it has helped me in making many software decisions.
A recent thread on Core Force: https://www.wilderssecurity.com/showthread.php?t=111181
Perhaps you could clarify, what does this have to do with Core Security or Core Labs?
Crazy M, you ask what this has to do with Core Security, well they are the only people so far as I know recommending Core Security. Security Focus being bought by Symantec means alot of things could happen, if Symantec owns security focus what is to keep them from dictating what is being published on that site. What is for that matter keeping them from requiring security focus to recommend certain products that Symantec has some affiliation with? I'm not saying don't trust security focus, I still trust them almost as much as before they were acquired by Symantec. I just know politics and I know malevolent big corporations and what CAN and MIGHT happen as a result of Symantec acquiring security focus. Let me ask this, why is it that as soon as Symantec bought Sygate the personal and personal pro were discontinued and only available through mirrors such as majorgeeks? The firewall is only part of norton suite, why discontinue sygate, and why have more security vulnerabilities than any other company besides microsoft. Thats what I think the purchase of security focus by Symantec has to do with Core Force Technologies being on their site. I will admit though that you have I'm sure known about Core Force Technologies for some time right? Well I haven't, I admit I am somewhat newbie, and if you have reliable information concerning the pedigree of their work then why not mention it instead of asking me what this has to do with core labs. I was just trying to help not be a smart aleck, and I was trying to let this person know about the acquisition by Symantec in case he/she has certain views similar to mine concerning Symantec being inefficient. A forewarning of sorts, is that a good enough explanation?
I forgot to mention I can't install counter spy or microsoft anti-spyware,couple others,and I assume it has something to do with the fact that I go by Black Viper's recommendations on default services that should be disabled on clean install of xp. This could explain why Core Force will not install but it does not explain one more thing, why when I attempted to install, the program had to connect to the internet and I had went offline and it made no mention in documentation of needing to go online during installation. When it did connect(I only let it do this because of my trust in security focus) it froze up and that caused me to make yey another appointment with Darik's Boot and Nuke.
Hm ok, here are some clarifications that seem to be in order.
Core FORCE is developed by an information security company: Core Security Technologies, not Symantec nor SecurityFocus. The company was founded in 1996 and has an extensive track record in the infosec. field. It is known for its automated penetration testing software, Core IMPACT, its security consulting services and for its long time involvement in security research and particularly vulnerability research. The company's site is at http://www.coresecurity.com
I work for Core Security Technologies, btw.
Core Security & Core FORCE have no particular affiliation with Symantec. I'd say that Symantec, SecurityFocus and many other infosec. vendors have known Core Security for quite some time and that whatever relationships there are at the corporate, professional and personal level are those normally expected from independent organizations and people that have been working in the same area for almost a decade.
Myself, I know a lot of people at many security vendor companies including Symantec and even some personal friends. But that's beside the point.
The point is; If you are looking for a free endpoint security package that can do stateful inbound/outbound firewalling and file & regsitry access control with flexible and extensive configuration capabilities then Core FORCE might be an option.
It is free. It is beta software.
It is up to you to evaluate if it works for you.
- sorry for the anonymous post but I didnt feel like registering and all that just to reply to this message-
I dont know about a iptables clone but recently i stumbled upon a clone of the freebsd firewall's called wipfw.
WIPFW is a MS Windows operable version of well-known IPFW1 for FreeBSD OS. You can use the same functionality and configure it as only you work with IPFW.
IPFW is a packet filtering and accounting system which resides in the kernelmode, and has a user-land control utility, ipfw. Together, they allow you to define and query the rules used by the kernel in its routing decisions.
There are two related parts to ipfw. The firewall section performs packet filtering. There is also an IP accounting section which tracks usage of the router, based on rules similar to those used in the firewall section. This allows the administrator to monitor how much traffic the router is getting from a certain machine, or how much WWW traffic it is forwarding, for example.
As a result of the way that ipfw is designed, you can use ipfw on non-router machines to perform packet filtering on incoming and outgoing connections. This is a special case of the more general use of ipfw, and the same commands and techniques should be used in this situation.
Just today, I stumbled across this description of ipfw elsewhere. No doubt wipfw is its Windows reincarnation:
Customized and most secure firewall (ipfw: IP firewall and traffic shaper control
What is ipfw? ipfw is the user interface for controlling the ipfirewall and the
dummynet traffic shaper in FreeBSD. Too many of you it will look like ipchains
or iptables, but there are slight differences between them and ipfw, that are
important. ipfw is basically a ruleset that will give you FULL controll over your
traffic. Each incoming or outgoing packet is passed through the ipfw rules.
If host is acting as a gateway, packets forwarded by the gateway are pro-
cessed by ipfw twice. In case a host is acting as a bridge, packets for-
warded by the bridge are processed by ipfw once. The rules have it's numbers
so users can name them via numbers and either delete them or know their
exactly location within the ruleset (which is very important)!
ipfw works procedural like basic programming languages: first command,
first served. This is very important when you want to add multiple
rules to a specific protocol, a host, or a port.
A configuration always includes a DEFAULT rule (numbered 65535) which
cannot be modified by the programmer and always matches packets. The
action associated with the default rule can be either deny or allow
depending on how the kernel is configured.
Hey, I just wonder how you write guys?
I sure might have found something to read in this thread, but?
It was all garbled messages, no care to write paragraphs?
I agree, mine here is a a bit too many them, but still easier to read ?
So your messages suck? Really not a good way to understand what you are saying!
Or I suck, nevermind
Just wanted to add, I'm a Core Force user and I'm very happy with it. It is, approach-wise, as removed from Symantec products as it gets. Symantec tends to build security solutions aimed at the "average joe", Core Force is a complex application that I would never recommend to any computer so-called "newbie". It gives an excellent, very configurable, very "fine grained" protection that I haven't seen in any other free HIPS/Firewall so far.
Also, I have been in the web application testing and programming field for quite a few years, and I definitely had heard of Core Security a few times before; they are well known for two things:
- "corporate" security solutions (not solutions aimed at home users): their most well known product, Core Impact, is probably the most famous commercial penetration testing suite around. Frankly, although I DO work doing web penetration tests, I've never used it due to its prohibitive cost ($15,000 for a license, if I remember correctly).
- for releasing security advisories for commercial products.
I do not work for Core Security by the way. Just wanted to point out that this is a respected and well known company in the security field.