Kerio 2

Discussion in 'other firewalls' started by Beavenburt, Dec 8, 2007.

Thread Status:
Not open for further replies.
  1. Beavenburt

    Beavenburt Registered Member

    Joined:
    Dec 17, 2006
    Posts:
    566
    I absolutely love this FW, always have and it's the one I always go back to. The only thing that bothers me is it still safe to use it? I'm on a XP machine that is well hardened, running minimal services but not behind a router. My rules are tight and I also run Avira and Threatfire. I've read some older threads on the subject, however i'd like opinion whether this great FW is still relevant today, in the here and now.
    I almost forgot to add, I have no concern for leatests/advanced outbound.
     
    Last edited: Dec 8, 2007
  2. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Many people still run it on XP for basic control, for the most part I rarely get prompts unless I have a new program, or I update a program. I don't care enough to mess with a new firewall, and have to deal with 20 prompts on a daily basis at this time setting one up while learning its quirks/bugs/limitations at this time. I've said it before, it has as 'simple complexity' where it was easy to make a simple or complex configuration from one interface, not spread out over multiple modules which might have higher priority than others. Nice clean rules, and only one set of rules....
     
  3. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    I tried many Firewalls but always come back to Kerio 2.1.5

    I have a router and I use it for basic control with XP. I also love this Firewall, easy to use and not bother with constant prompts like some other Firewall.
    Before I had my router, I also use Kerio 2 without any problems.
     
  4. minacross

    minacross Registered Member

    Joined:
    May 12, 2002
    Posts:
    657
    where can I d/l Kerio 2.1.5 ?
     
  5. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
  6. Beavenburt

    Beavenburt Registered Member

    Joined:
    Dec 17, 2006
    Posts:
    566
    Spot on there BZ. I've flirted with just about all the other well known FW's. But, nothing compares to the simple complexity (great phrase) of Kerio. I was just a little concerned about running it on a direct connection. However, my system is well protected and my rules tight. I even get all closed at GRC without a FW. So I don't really know what i'm worried about! :)
     
  7. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Kerio 2.1.5 is fine, there is nothing like it's elegant rules interface IMO. I used to love it. So there's no reason why not to use it even though it's now dated, as long as you're not looking to it to stop every leak-test known to man... ;)
     
  8. herbalist

    herbalist Guest

    I ran Kerio 2 without a router or firewall for about 2 years with absolutely no problems. Several of my clients also use it. None have been compromised because of a firewall related issue. It works as well now as it did when it was new. With or without a hardware firewall, I consider it a necessity. I like its ability to give detailed control over loopback connections.
    Rick
     
  9. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Kerio 2.1.5 has a great design, but a serious flaw in my opinion: the one concerning not filtering fragmented packets.
     
  10. herbalist

    herbalist Guest

    The fragmented packet vulnerability is more theoretical than real. As far as I know, there are no instances of it being sucessfully used outside of a lab. With XP, this can be fixed with a registry tweak instructing your system to drop fragmented packets. The built in windows firewall will also do this. I haven't seen any instances of Kerio and the XP firewall conflicting.

    The problem facing an attacker is causing those fragmented packets to be reassembled in a way that would do something useful, some type of command. On a system where Kerio 2 is the entire security package, it's theoretically possible. On PCs with a reasonable security package, other apps can prevent a malicious command from executing. Many AVs would see the command as potentially malicious. A decently configured HIPS would intercept the command.

    The net result is that even if it can be done, either your systems configuration or another part of your security package should stop the command or the packets themselves. You're also looking at a theoretical vulnerability that affects an older version of one firewall. The attack would have to be specifically designed for Kerio 2 and the OS it's running on, not something that's done by malware. That requires a live person with a specific interest in your system, highly unlikely unless you've given someone a reason to try to hack you. In such a case, you'll need more than just Kerio to protect you, especially if you use XP.
    Rick
     
  11. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    The fragmented packet issue can be exploited to sneak UDP packets in thru Kerio regardless of your OS registry tweak. I watched it happening here for many months before I finally figured it out. But as you say, the odds are nothing truly harmful can be done. If I wanted to use Kerio 2 now without any other protection, I'd go ahead and do it.
     
Thread Status:
Not open for further replies.