Computing in the real world
SEARCH FOR: IN: Advanced Search
Guest  Level 00    Register Log in

Labs

Personal firewalls

[PC Pro]
Introduction
How we tested
See the products
Get pdf

All tests are performed on a 1.6GHz Pentium-M notebook with 512MB of RAM, running Windows XP. Following each test, the computer is returned to its initial state using the same original drive image, and all firewalls are left in their 'default' state to provide a realistic baseline for tests. Those that provided automatic configuration or application awareness scanning are allowed to do so. We run a batch of tests to cover a spread of common security threats, with the exception of the 'exploits' tests - these can be repeated yourself by visiting the testing sites shown.

Stealth test

The PC Flank (www.pcflank.com) stealth test we use sends various packets to IP port 1 including TCP ping, TCP NULL, TCP FIN, TCP XMAS and UDP, which represent the most common probe packets. If the packet isn't trapped by the firewall, the destination PC will send a response, betraying its presence on the Internet and marking it out as a target.

Port scanning

For port scanning, we use ShieldsUP! (www.grc.com). We scan for the common open ports that can compromise your computer security, waving an open invitation to attack by 'script kiddies' who use freely downloadable software to break into your machine. Bearing this in mind, we scan for file sharing as well as an in-depth scan of the first 1,056 ports - used for acceptance of incoming connections and so most vulnerable to attack.

POP-UP MESSENGER spam test

Our tool of choice is myNetWatchman (www.mynet watchman.com/winpopup tester.asp). It's a quick test to see if the firewall stops 'pop-up message' spams, by checking whether inbound traffic on port 135 is blocked, and also UDP ports 1026-1029.

DOS Exploit testing

We subject the test machine to three simulated DoS (Denial-of-Service) attacks, the first sending malformed IP packets that eventually cause a system with IP stack vulnerabilities to crash due to exhausted system resources. Next comes the standard DoS continuous stream of identical but fragmented IP packets, and finally the 'nuke' approach of sending an ICMP packet with a server unreachable message to cause a server connection failure. We won't reveal how we did these tests, as we don't want to be guilty of publishing a 'how to launch a DoS attack' guide.


Back to top
› See more Latest Labs
› See more Latest Reviews