Online Armor Firewall preview

Discussion in 'other firewalls' started by MikeNash, Sep 13, 2006.

Thread Status:
Not open for further replies.
  1. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Hi Everyone,

    We've been discussing a firewall as part of Online Armor for a long time now, and it's very nearly ready. Like Online Armor, we've designed it to be easy to use - however, with the firewall we've started to put in a separate "advanced mode" for those who want more control. This is a theme that we'll be implementing throughout OA.

    It's currently in private beta, and we expect to release it to public beta in the next few weeks, once we've confirmed everything is fine with it and got the last few wrinkles out.

    For those that would like a sneak-peek at the way it works there's a thread over at the Tall Emu support forums here.

    One thing I'd like to clarify - this will be a free upgrade to Online Armor *even if your subscription has finished*. It took us a lot longer than we thought to get the firewall ready, and that shouldn't adversely affect the "early adopters" who supported OA in the early days.


    Cheers

    Mike
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi MikeNash,
    It looks interesting,...
    From the screenshots,... a question,... is it possible to restrict local ports used for outboud and restrict remote ports for inbound?

    Regards,
    Stem
     
  3. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Hi Stem,

    This is not currently possible. We care in the OA FW about which remote port we're trying to connect to, and which of our local ports people are trying to connect to.

    cheers

    Mike
     
  4. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Hi Stem and Mike,

    Correct me, Mike, if i'm wrong but you can specify remote or local ports by editing rules and by manual creation.
     
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    O.K. thanks,.. I was just thinking of such rules as DHCP, and the possibility of restricting to needed local/remote ports.

    Regards,
    Stem
     
  6. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Hi MaB69,

    With the firewall I can create a rule which says for example: "disallow TCP 80, Outbound, all apps" - or disallow, 80, TCP, inbound, all apps (although this would be there by default)

    But, its not possible to say "Dont allow port xxxx (local) be used to connect to port 80 (remote).


    Mike
     
  7. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Hi Stem,

    The default situation with OAFW is that all ports are blocked in both directions by default. If a program requests either a connect or listen, then OA will intervene. If the program is trusted (centrally, not by the user) then the request will be allowed. (assumes standard mode, with default settings)

    Certain ports are added to the restricted port list by default (also, centrally managed, but overrideable by the user in advanced mode) - these ports are not allowed to accept data from off the local lan and are stealthed.

    To lock down DHCP with the current OA you could make use of a global (or rule-level) endpoint restriction and add your local subnet. Do you think that's sufficient, or am I missing the point somewhere?

    Cheers


    Mike
     
  8. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Looks nice...

    Your program are getting better every new version ;)

    Nice work :thumb:
     
  9. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Thanks Vampiric Crow :)

    I've just updated the thread with the promised screenshot of the firewall status screen :)


    Mike
     
  10. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Possibly yes. But without using the firewall I am unable to comment further.

    I look forward to the release,... so I can have a play.

    Regards,
    Stem
     
  11. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Was there a recent program update ? I am running 1.1.1.826.
     
  12. dog

    dog Guest

    Just adding a comment after viewing the screenshots at your forum Mike - Nice to see the ability to import a peer block list. Having two user modes is a good idea - the standard mode will make it very easy for less knowledgeable users and advance mode will give control to those that desire it. The layout looks nice an intuitive too.

    For the first release of this module it looks great.

    I wish you the most success. ;)

    Steve
     
  13. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    826 is the current release version. We've been criticised before for too many releases, so the next release will be the version that includes the firewall.

    The only release in recent times has been an updated KAV Engine key, and some definitions/configs. No major program upgrades in the last month or two.


    Cheers

    Mike
     
  14. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Thanks Steve,

    Standard mode is very cool :) On my PC after running OAFW, I get *one* popup about internet access because the version of Yahoo IM I am running is not in the trusted apps list. Aside from that, everything just works.

    The last critical bug just got fixed - so now, the focus is shifting to making sure we're not leaky :)

    Thanks for the kind words...

    Cheers

    Mike
     
  15. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Thanks Mike and best wishes with the project...
     
  16. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    I am not a big suporter or user of Online Armor as of yet, just wanted to drop in and say that the new firewall looks like it has some serious potential. GL.

    Edit: BTW, if you keep treating your customers with the amount of respect you are now you will go far!
     
  17. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Hi AJohn,

    Thanks for the kind words. I'm looking forward to the public beta when everyone will have the opportunity to play :)


    Mike
     
  18. sosaiso

    sosaiso Registered Member

    Joined:
    Nov 12, 2005
    Posts:
    601
    Wow, I am loving the look for the new firewall module.

    Best of luck to the project Mike. I look forward to playing with this piece of software when it goes beta. Keep up the nice work.
     
  19. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    i hesitate to try OA while i still have months left of Prevx1, but i still look foward to the new release. good job Mike :thumb:
     
  20. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Thanks sosaiso

    Don't think just about the look - some of the features are pretty neat as well :)

    Aside from the auto config, the feature that I am most excited about is the integrated blacklist management - take any of the bluetack blocklists and you can import them into OA and apply them either globally, or against a specific rule(s).

    So you could use the ad-block list on Firefox and the emule list against emule.


    Mike
     
  21. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    can u just import a blocklist and use it globally? also if i were to use block list manager, what format should i choose?
     
  22. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Hi WSFuser,

    Yes - you can import one(or more) blocklists and use globally. OA will natively import the bluetack lists at the moment, and we'll likely extend this so you can blocklists formatted in "hosts" format as well. I haven't used their blocklist manager - so can't answer that right now. I might download it next week and have a play.

    If there are any other formats you'd like to see, let me know. If we can get them in before release, we will.

    Cheers

    Mike
     
  23. sosaiso

    sosaiso Registered Member

    Joined:
    Nov 12, 2005
    Posts:
    601
    Any future thoughts about an implementation of SNORT rules? That was one feature of Kerio I've always wanted to try out.
     
  24. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Looking at Snort is certainly on the todo list - just need to think about when. There are lots of other ideas we have for the firewall/OA - and probably more will come once we get it out there.
     
  25. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Hi Everyone,

    I've been receiving emails and PM's regarding the OA Firewall and its status so I thought I'd post a brief update here.

    At the current stage, OA Firewall is pretty much functionally complete - we've spent the last 2 weeks fixing lots of cosmetics and a troublesome stability issue in the GUI. That phase is pretty much done, and (tempting fate here) I expect that tonight's build will be nice and stable.

    A SheildsUP test will pass with flying (and stealthy) colors.

    The next step is to "leak proof" it. This process will be starting later this week as we get the wrinkles out of the new OA Driver.

    At this time, I'd like to ask that anyone who is interested in giving the "leaky" version of the firewall a go is welcome to register over at the TE forums and send me a PM.

    You'll still need that "beta testing spirit" but I think the core is now stable enough to let people who are interested have a play with it. Prior to the release of OA (with firewall) there will also be a public beta test... but I'm trying to make sure that we get as much done before then as we possibly can.

    Cheers


    Mike
     
Loading...
Thread Status:
Not open for further replies.