Question for Kerio 2.1.5 users

Discussion in 'other firewalls' started by pcalvert, May 24, 2005.

Thread Status:
Not open for further replies.
  1. pcalvert

    pcalvert Registered Member

    Joined:
    May 21, 2005
    Posts:
    203
    For those people using Kerio 2.1.5, are you aware of this firewall's vulnerabilities?:

    Vulnerability Report >> Kerio Personal Firewall 2.x


    Considering Kerio 2.1.5's vulnerabilities, do you feel it's safe to continue using this firewall? I used Kerio 2.1.5 back in 2003, but switched to the free version of Sygate Personal Firewall because I was nervous about using an old program that's no longer being updated. I also noticed that Kerio 2.1.5 started acting flakey on me, and I wasn't sure why. So I decided that it would be better to switch than to be constantly nervous while I am connected to the Internet.
    :)

    Lately, since I found this forum, I have been looking at Kerio 2.1.5 again. I think it might be a good choice for computers without a lot of RAM, but not if it's an insecure product.


    Phil
     
  2. Meltdown

    Meltdown Registered Member

    Joined:
    Sep 17, 2004
    Posts:
    299
    Location:
    Babylon
    The unpatched vulnerabilities don't look too severe to me.

    I use Kerio for its packet filtering and outbound application capabilities, not for the execution protection.

    No malicious local users here - although I do wonder about the cat sometimes...

    I don't use remote administration.


    Of course, for other users in different circumstances and with different requirements, those vulnerabilities might be a factor.
     
  3. Arup

    Arup Guest

    Run Harden IT from www.yasc.net the TCP vulnerabilites would be all gone.
     
  4. ghost16825

    ghost16825 Registered Member

    Joined:
    Feb 1, 2005
    Posts:
    84
    This is directly related to 4x not 2x (2x can't stop applications from running).

    Otherwise, the ones on that website mostly rely on Remote Admin being enabled. The local privilege escalation one directly relies on a)Administration not being password protected and b) Someone clicking the 'open ruleset' dialog withing the Admin module.

    Securityfocus lists a heap more, but I think you'll struggle to find one that is:
    a)remotely exploitable b)works without remote admin c)proven to work on 2.15 not 4x
     
  5. pcalvert

    pcalvert Registered Member

    Joined:
    May 21, 2005
    Posts:
    203
    Hey guys, thanks for your input. How do you think Kerio 2.1.5 compares to the free version of Sygate? Sygate has anti-application hijacking and DLL fingerprinting, both of which seem quite nice.

    What I don't like about Sygate, though, is that I can't even see what the default rules are. And some of those default rules don't seem like such a good idea. I've seen instances in the log where Sygate has allowed in stuff because of a rule called "allow traceroute." And this appeared to be totally unrelated to anything I had done-- the remote IP wasn't connected with any mail servers or web sites I was visiting, etc. Also, several times Sygate has let in stuff related to VPN, even though I don't use a VPN. I suppose it's not a real big deal since there wasn't a port open for the remote machine to connect to, but it still bothers me a bit because I don't think it should be doing that.

    There have also been numerous times when I have seen both the inbound and outbound arrows on the Sygate system tray icon light up cyan (blue-green), indicating that it was allowing traffic. But when I immediately checked the traffic log, there was no indication that anything was allowed. The log entry always indicates that the traffic was blocked. Well, if that's the case, then why did Sygate's system tray icon indicate that it was allowing a reply to a connection attempt that was initiated by a remote (and probably worm-infected) machine? As the saying goes, "there's something wrong with this picture."

    Phil
     
  6. Arup

    Arup Guest

    Sygate is pretty good if you are not running a proxy and it is fairly easy to write rules for it and has excellent logging which includes packet logging, a feature not available commonly. The anti hijacking app hijacking is only in the Pro version though. The VPN issue is due to Sygate being old, the last upgrade was quite a while back compared to most of the other major firewalls out there and this is its' weakness.
     
  7. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Kerio 2.1.5 is light and does what I want it to do with no problems. Sygate while it is a good FW it is a fairly heavy program. In the future who knows what may come. But for now kerio 2.1.5 is sufficent
     
Loading...
Similar Threads
  1. ttomm1946
    Replies:
    0
    Views:
    505
Thread Status:
Not open for further replies.