RE: Personal firewall for lambda users

["Corne Van Dyk" <Corne.VanDyk () eu didata com>]

hallo,

having recently worked with Sygate Secure Enterprise, I can tell you
that it´s complex, but you can do lots with it (which also means it
expensive :) ).

just a note: I don´t think that Sygate was bought by Netscreen, rather
Netscreen incorporates the basic Sygate PFW into their VPN Client.

You can expand the Sygate PFW with the Secure Enterprise product, which
allows the admin to control clients from a central point. The client can
do almost nothing about the security policy that has been defined for
him.

hope that helps a bit.

cheers
corne

> -----Original Message-----
> From: Alexandre Zglav [mailto:azglav () heritage ch] 
> Sent: Montag, 21. Juni 2004 11:49
> To: security-basics () securityfocus com
> Subject: Personal firewall for lambda users
>
>
>
>
>
>
>
> Hi all,
>
> I am currently studying various  personal firewal softwares 
> for installation on my company's Laptops. Most of my users 
> are lambda users and I wanted to make sure being firewalled 
> on their laptop would be as transparent for them as when 
> their working in our corporate LAN.
>
> I've recently been testing Sygate Personal firewall ( now 
> owned by netscreen ) and I found it pretty deceiving... The 
> software is clearly designed to be used and administered on a 
> dayly basis by experimented users and the security level is 
> quite low in my opinion: there are continuous popups that 
> come to the user asking for him to choose if he should let 
> the trafic for a specific application in or out ( thats quite 
> normal for a personal  firewall) but a user without the admin 
> password can set a rule just by clicking on a button on the 
> popup (thats quite unusual...) .
>
> So basically what I'm trying to do is to protect my users 
> from themselves by configuring the firewall to let very 
> specific applications ( email client, web browser etc.. ) in 
> and out, and to deny all the rest so that the user doesnt' 
> see any popup. Moreover I want to set real admin passwords 
> that won't let a user set a rule without it ( such as it was in Sygate
> PFW...)
>
> I personally use Kerio at home since three or four years  now 
> and I'm pretty satisfied with it. I wanted to know what you, 
> security experts :) , thought about this product. I know that 
> kerio will let me do what I want with admin password, 
> application specific rules and a "Deny all" rule at the end 
> of the list but I want to know how reliable and secure it is 
> and if the company has any chance to survive the next decade 
> (or years...  :) ). Is there another secure and reliable 
> personal firewall that I sohould try to accomplish what I want to do ?
>
> Thanks for your answers.
>
> Oh and by the way my users are using Windows XP pro.
>
> See you!
> ________________________________________________
>
> IT Projects
> Alexandre Zglav
> Heritage Bank & Trust
> 12 cours des bastions
> P.O. Box 3341
> 1211 Geneva
> Switzerland
> Phone :  ++ 41 22 817 31 11
> Direct Line : ++41 22 817 32 21
> azglav () heritage ch
> www.heritage.ch ________________________________________________
>
> This document should only be read by those persons to whom it 
> is addressed  and  is  not intended to be relied upon by any 
> person without  subsequent written confirmation of its 
> contents. If you have  received  this  e-mail message in 
> error, please destroy it and delete it from your computer. 
> Any  form of  reproduction, dissemination, copying,  
> disclosure, modification,  distribution  and/or  publication  
> of this E-mail message is strictly prohibited. 
> ________________________________________________
>
>
> --------------------------------------------------------------
> -------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and 
> get $545 off 
> any course! All of our class sizes are guaranteed to be 10 
> students or less 
> to facilitate one-on-one interaction with one of our expert 
> instructors. 
> Attend a course taught by an expert instructor with years of 
> in-the-field 
> pen testing experience in our state of the art hacking lab. 
> Master the skills 
> of an Ethical Hacker to better assess the security of your 
> organization. 
> Visit us at: 
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> --------------------------------------------------------------
> --------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------