Personal Firewall Test: TermiNET

An Analysis of Mini-firewalls for Windows Users

By Seán Boran (sean at boran.com)


Subscribe to our weekly newsletter
Email:
Name:

March 27, 2001 - This article is a part of a series of tests on Personal Firewalls/Intrusion Detection Systems. Refer to [1] for an introduction to personal firewalls, risks, tips on "hardening" your Windows even without a firewall, a feature comparison, and a summary of analyses.

This report focuses on TermiNET by DANU Industries.


Security Effectiveness Tests

Key criteria in choosing a Personal Firewall are:

How did we test attack defense effectiveness?

  1. Ping and accessing shares to and from the test host.
  2. A powerful, well known 'remote control' trojan (Netbus Pro v2.1) [3] was installed on the system on a non standard port (to make detection more difficult), the Netbus server started and attempts made to connect from a remote system.
  3. An nmap [2] scan was run, to check that incoming ports were effectively blocked. With no firewall installed, the test PC (WinME) presented nmap with port 139 being open.



Overview

Terminet, by DANU Industries [4], is a relatively simple firewall. From the website:

Costs $49.95 (it should be reduced to $39.95 by the time you read this)

V1.6.5.4 was tested on Windows ME (millenium).

To get a feel for the GUI, check out the "test drive":
http://www.privacyware.com/pf_testdrive2.html
.


Security Model



Security Effectiveness

The system was tested in the default "stealth mode":

  1. Ping & shares tests

    Incoming ping and access to local shares is blocked; outgoing ping and access to remote shares work fine.

  2. The Netbus server
  3. Nmap scan

    All ports are filtered; the operating system version was not detected. The logs are filled with alerts, one for each port scanned.

  4. Other tests



Advantages

  1. Simple but quite powerful.
  2. Installation and deinstallation were painless.
  3. Evaluation version can be downloaded to test.
  4. Works on most Windows versions.
  5. Stable.
  6. Available in 11 different languages.
  7. Firewall rules:

Disadvantages

  1. Documentation: online help is limited.
  2. User Interface: The GUI is OK, but could be improved.
  3. Protection
  4. Intrusion Detection
  5. Reaction
  6. No corporate features such as feature lockdown, creating of custom installs, remove administration, central logging etc. are available.



Summary

TermiNET has some interesting concepts such as multi-user profiles and is available in many languages. However, it could do with some improvements and is not cheap.




References

  1. Personal Firewalls/Intrusion Detection Systems (The base reference for this article).
    pf_main20001023.html
  2. Nmap
    http://www.insecure.org/nmap

  3. Netbus Pro: Remote control program often used as an attack tool to control remote PCs.
    http://netbus.nu

  4. TermiNET by DANU Industries
    http://www.danu.ie/terminet.htm
    http://www.danu.ie/tnet_use.htm

 


About the Author

Seán Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook.

Changes to this article

19.Mar.01 sb First release

© Copyright 2000, Seán Boran, All Rights Reserved     Last Update: 17 August, 2001