 |
||||
|
|
|
||
|
Contents 
Introduction
D-Link
Dynalink
Netgear
Nortel
Linksys
Allied Telesyn
Specifications
How we tested
Sample scenario
Editor's choice
About RMIT |
|
||
|
|
||||
|
|
||||
Interoperability
What features are included that enable the device to play well with other equipment?
Futureproofing
Upgrade paths and expansion capabilities?
ROI
What features & performance do the $$$ get?
Service
What is included, what isn't, and how long is the warranty?
Each firewall was initially setup and tested with the factory default or manufacturer recommended settings. Our test rig comprised of a target machine -- a generic Intel PC with Microsoft Windows XP Professional. This was placed initially on a fully open public IP address and we ran our tests across it from another Windows XP Professional PC running behind the firewall router.
We tested firewalls from a local network aspect, also from the outside in. The first of these testing tools was Nmap v3.10Alpha4 which was run in a Windows environment and allowed us. while offline, to firstly configure our firewall and then, with no risk of blocking half the companies network traffic, test the box before setting it live on the network.
Nmap amongst other things has a very handy port scanning and reporting utility. Remember that port scanning is one of the first foot-printing tools a script kiddy would use to identify what ports are open on a system and thereby identify potential weaknesses in that box. So instead of sniffing from port 1 to 65,000 in a row simultaneously, Nmap in stealth mode scans random ports on the target machine at user defined intervals and builds up its report from there. For the purposes of this test we ran tests on the basic 1605 "common" ports.
The second test was from the inside out and uses a LeakTest v1.2 from the target machine back to itself, simulating a Trojan horse.
The third test was a simple throughput test. We basically downloaded and uploaded data to and from central sever located in a high-quality datacentre.
Data Throughput
We initially decided to run throughput tests on all the routers. But as we ran these tests over different times of the day we got inconsistent scores. It was interesting to note that we managed to get throughput rates of 1249kbps down and 216kbps up when only using the Dlink ADSL modem. When plugging in the DLink firewall throughput rates had dropped to about 1000kbps for downloading. The other routers managed scores between 400 and 700kbps for downloads. Again we can't place too much emphasis on these results as the tests were run at different times of the day. But they at least give you an indication that a firewall will somewhat reduce your throughput speeds.
Internet connection
Alpahlink Internet Services was used to connect all the routers to the outside world. The service that we employed uses a 1500kbps down and 256kbps up stream which Alphalink offers for AU$99.90 a month. Alphalink also support speeds of 256/64, 512/128 & 512/512. See www.alphalink.com.au for more information.
Final notes
We decided there was no point in creating our own rulesets as it would defeat the purposes of the test. Remember all firewalls can be customised by the user for their own purposes.
