What firewalls besides Tiny have good IDS protection?

Discussion in 'other firewalls' started by Mr. Y, May 1, 2006.

Thread Status:
Not open for further replies.
  1. Mr. Y

    Mr. Y Registered Member

    Joined:
    Jan 11, 2006
    Posts:
    257
    What firewalls besides Tiny Personal Firewall have good IDS protection?

    Thankyou
     
  2. godzillex

    godzillex Registered Member

    Joined:
    May 28, 2004
    Posts:
    57
    Yes, there is one that I know: BlackICE.

    BlackICE's claim to fame is its sophisticated IDS, and I know that it's varients are in use by many fortune 500 companies.

    During my research however, I discovered that Tiny has perhaps one of the best IDS, and IPS (Intrusion Prevention System) capabilities of any firewalls out there.

    Why?

    Because Tiny's IDS/IPS engine is compatible with the latest SNORT database, and it can import that data through a utility called SnortImp.

    As a Sygate Pro user, I have been in search of a good personal firewall for sometime now (still am), and have come to an understanding that just because a particular firewall is immune to numerous types of attacks (such as LeakTest, etc.), it does not make it a great firewall.

    Why?

    Because, I already have several security-related software (anti-trojan, process guard, etc.) which have been specifically designed to protect my system from similar types of attacks. Why would I need a firewall which duplicates that type of functionality, yet it skimps on the more important features (such as IDS/IPS)?

    The answer is, I don't!

    What I like to have instead, is a very configurable firewall which is application-based, and most importantly can protect my system from the dangerous packets moving in and out. That is why I place such a high value on a firewall with a great IDS/IPS capabilities.

    This is exactly what a sophisticated firewall is supposed to do: detect the intrusion before it has had a chance to roam around the system, and (possibly) be caught by other security processes.

    So my search continues...

    If anyone has a good suggestion, please let me know :)

     
    Last edited: May 4, 2006
  3. Mr. Y

    Mr. Y Registered Member

    Joined:
    Jan 11, 2006
    Posts:
    257
    Thankyou for the great post
     
  4. slinkygn

    slinkygn Registered Member

    Joined:
    May 4, 2006
    Posts:
    1
    Jetico. Why it doesn't get more credit for its IDS features, I have no idea.
     
  5. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, godzillex

    I thought Latest Tiny Firewall 2005 no longer supports SNORT?

    Take Care,
    TheQuest :cool:
     
  6. godzillex

    godzillex Registered Member

    Joined:
    May 28, 2004
    Posts:
    57
    Hi TheQuest,

    I have heard that rumor too. But according to Tiny's website, it's still supported via the SnortImp utility.
    Checkout the following link (and click on more in the IDS/IPS section): http://www.tinysoftware.com/home/tiny2?s=2583689172951987299A6&&pg=content05&an=tf6_home

    The point that I was driving to was that more firewall vendors should adopt the SNORT for their IDS/IPS.
    Why should a firewall vendor spends its valuable resources, and money trying to re-invent the wheel?
    SNORT is free, and it's constantly updated. And more importantly, it's open source.

    If you don't mind me asking, what firewall have you settled on, and what were your selection criteria?

    Thanks.

    Regards,
    Godzillex
     
    Last edited: May 4, 2006
  7. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, godzillex

    That link says 1999-2004, not been updated.

    Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.
    This is from Snort Forums Archive, post by CVSCorp:- Tiny Software Firewall and Snort Rules.

    No! I do not mind you asking. I have no real selection criteria.

    The Paid for Firewalls I have are Agnitum's Outpost [LTL] and Look'n'Stop with PhantOm's Ruleset v7 [build 4], for use with WinXP Pro and W2K x32.

    And Tiny Firewall AMD64 2005 [6.5.126] for use with WinXP Pro x64 my main OS now. [trying to learn how use it to its Max strength which seem like some sort of game and I am alway playing catch up o_O ]

    I only have one system but use removable ViPower HDD for the OS's.

    Take Care,
    TheQuest :cool:

    PS: [WBOLITY] I have asked Agnitum if I can beta test their new to be release Outpost 4.0 which has x64 Support. [no answer as yet :doubt: ]
     
    Last edited: May 4, 2006
  8. godzillex

    godzillex Registered Member

    Joined:
    May 28, 2004
    Posts:
    57
    Yes, quite strange. But, if you were to go to their main page (http://www.tinysoftware.com/), you'll see that the copyright notice there also indicates 1999-2004!
    Wonder why they continue to advertise this capability?
    I can't possibly fathom the reason for dropping this rather important functionality from their product.
    Perhaps they will add it in their upcoming (non-beta) Tiny64 at a later point.

    I also visited the link that you supplied above, and it appears that the last SNORT ruleset supported by the Tiny was version 2.0, but the current version is 2.6 -- obviously out of date. It now appears that some of the Tiny's users are asking (pleading?) the SNORT.ORG to continue to provide them with this feature!

    Regardless, the main point of my earlier post was to highlight the importance of having the capability to include the SNORT database into a firewall, so that the vendors will not have to start from scratch. Tiny provided a great example of doing this the right way.

    By the way, I have enough trouble keeping up with just one firewall, let alone three. How do you keep your sanity? :)

    Worse yet, just as I was getting comfy with the old Sygate Pro, Symantec decided to pull its plug.
    From now on, I'll have to add yet another criteria to my list of things to watch out for in a firewall: that of its propensity to be acquired by the competition (and get axed).

    I'll be giving Jetico firewall a real workout in the next couple of weeks.

    Thanks for sharing your info.

    Cheers! :D
     
    Last edited: May 5, 2006
Loading...
Thread Status:
Not open for further replies.