[Dshield] Please skip this one unless you read fast. Thank you in advance, fast reader(s).

Peter Stendahl-Juvonen peter.stendahl-juvonen at welho.com
Mon Aug 11 19:22:50 GMT 2003


Dear fast reader(s),

Scenario-

Specific router/switch + software firewall
vs.
Another specific router/switch/VPN endpoint with firmware firewall +
software firewall


In the users guide documentation for a specific router/switch, two
separate and individual software products by other vendors are endorsed
in order to provide enhanced network security to the product.

Enhanced network security is said to be achieved by using these other
vendors' software products in addition to the hardware and firmware
included in the router/switch itself.

The statement reads in the router's configuring guidelines. (Please see
further below for details.)

Is any kind soul familiar with this in depth in practice?

Experience finding answers to some questions challenging without
actually testing the products involved.

Moreover, the hardware, even though being inexpensive volume products,
sells mostly by order, at least on this side of the globe. (Inexpensive
especially when comparing to, e.g. Cisco firewall appliances, Check
Point or SonicWall firewalls, etc.)

Therefore would humbly like to address these questions to proficient and
interested enough fellow DShielders, who might have insights with both
general and specific security issues regarding specific combinations of
hardware, firmware and software.

Would appreciate all enlightenments and graciously thank for possible
input in advance.

Performing modest research on routers/switches vs. routers/switches with
built-in firewalls and valuating alternatives, when utilized in
conjunction with specific proprietary software.

(All solutions have, e.g. network address translation in common. Some
product lines provide support for IPSec virtual private network tunnels,
but at this part of the evaluation disregarding the VPN tunnel
capability difference).

As part of the comparisons, looking at, e.g. the following setups-

A) A specific router/switch + software firewall + antivirus software
vs.
B) Another specific router/switch/VPN endpoint with built in firewall +
antivirus software + software firewall (especially for outbound traffic
control).

(In both scenarios additional protection acquired also by other
malicious code detection and destruction systems, etc. following
defense-in-depth principle.)

One of the vendors of routers, namely Linksys (a division of Cisco
Systems, Inc.) offers, e.g. the following products:

A) The Linksys EtherFast(r) Cable/DSL Router with 4-Port Switch
(BEFSR41)
and
B) The Linksys Instant Broadband(tm) EtherFast(r) Cable/DSL Firewall
Router with 4-Port Switch/VPN Endpoint (BEFSX41).

1) Would be interested whether one of the products in question offers
additional or enhanced security when used in conjunction with the
following products: ZoneAlarm Pro and Norton AntiVirus 2003.

2) In addition curious to know how to interpret the following statement
in the user guide:

"When adding security enhancements to your other networked computers,
you can either copy the downloaded files to the other PCs or re-download
the software on each individual PC without incurring any more costs."

I.e., does the number of PCs to be protected by ZoneAlarm Pro have an
effect, or rather not, on the software licence purchase price when
downloading the software through the Internet Security Center?

(Please see full citation(s) of respective paragraph(s) of user guide
documentation further below.)

3) Is the version of ZoneAlarm Pro utilized in conjunction with the
Linksys hardware + firmware the standard, i.e. an unmodified version of
ZoneAlarm Pro?

4) Does use of PC-cillin offer additional or enhanced security when used
in conjunction with the Linksys hardware + firmware, compared to
security provided when using, e.g. Norton AntiVirus2003 instead with
this router (hardware + firmware)?

How about the following scenario:

Using the Linksys Instant Broadband(tm) EtherFast(r) Cable/DSL Firewall
Router with 4-Port Switch/VPN Endpoint (BEFSX41) together with ZoneAlarm
Pro and Norton AntiVirus2003.

5) What is the estimated or known (for fact) affect on security?

Does this hardware and firmware combination provide equal, less strong
or presumably strengthened security in comparison to Linksys
EtherFast(r) Cable/DSL Router with 4-Port Switch (BEFSR41) used together
with ZoneAlarm Pro and Norton AntiVirus2003?

6) What preparation and what vehicle(s) (for submissions) required for
submitting logs gathered by the router/switch with firewall (BEFSX41).

7) Is there possibly a difference in the ease of submitting logs to
DShield, comparing BEFSX41 vs. BEFSR41 cases, assuming submitting logs
gathered by ZoneAlarm Pro and VisualZone is business as usual in the
BEFSR41 case?

To serve a possible reader, please find below extracts from the hardware
user guide in question.

Thanks in advance for any helpful facts.

Regards,
Peter

         "Try to learn something about everything and
                everything about something."
      Thomas Henry Huxley (1825-1895); English biologist.


In the Linksys' users guide documentation two separately sold software
products by other vendors are endorsed in combination with the Linksys
EtherFast(r) Cable/DSL Router with 4-Port Switch (BEFSR41) as follows.
*)

The user guide chapters "Security" (Figure 9-13) and "Software Download"
both on page 59, state the following:

Please find enclosed the entire, brief chapters for contextual reasons.

(DIRECT QUOTATION STARTS)

Security, Figure 9-13, page 59

The Security tab, shown in Figure 9-13, enables configuration of the
Router to provide enhanced network security using ZoneAlarm Pro and
PC-cillin (each sold separately). The Router provides a built-in
Internet NAT firewall. ZoneAlarm Pro enhances the Router's security
capabilities for increased protection against hackers and other threats
from the Internet. PC-cillin protects against viruses. ZoneAlarm Pro and
PC-cillin work independently of each other. For more information on
ZoneAlarm Pro, PC-cillin, and DSL or cable network security, please
click on the on-screen link to the Internet Security Center.

Software Download, page 59

Click this button to purchase and download ZoneAlarm Pro and/or
PC-cillin at the Internet Security Center. Print the summary page, which
contains the licence key needed for installation, or write down the
licence key if you are unable to print the page. You will also be
e-mailed a confirmation invoice with the key included. When adding
security enhancements to your other networked computers, you can either
copy the downloaded files to the other PCs or re-download the software
on each individual PC without incurring any more costs."

(DIRECT QUOTATION ENDS)


(*) SOURCES:
The Linksys EtherFast(r) Cable/DSL Router with 4-Port Switch (BEFSR41), 
http://www.linksys.com/products/product.asp?prid=20&grid=5 
"User Guide" (providing download link for the .pdf file)

The Linksys Instant Broadband(tm) EtherFast(r) Cable/DSL Firewall Router
with 4-Port Switch/VPN Endpoint (BEFSX41).
http://www.linksys.com/products/product.asp?grid=23&prid=433
"User Guide" (providing download link for the .pdf file)


In the user guide of the router/switch with firewall/VPN endpoint
(BEFSX41), there is no similar endorsement for the respective software
products. This user guide mentions ZoneAlarm Pro once in an irrelevant
context only.





More information about the list mailing list