Government Security
Network Security Resources

Jump to content

Photo

Core Force

- - - - - tools intrusion prevention firewall hash
  • Please log in to reply
1 reply to this topic

#1 Baphomet

Baphomet

    Corporal

  • Members
  • 191 posts

Posted 25 April 2008 - 11:03 AM

This review is about a product designed for all those people who are running a Win2000 or WinXP system and are looking for reliable and advanced, yet free and more or less easy to use HIPS (Host Intrusion Prevention System).

Core Force from Coresecurity (well known for their penetration testing application Core Impact) is a freeware personal firewall, based on the OpenBSD packet filter and released under Apache license. Its functionality isn't limited to the usual features a firewall comes with (filtering packets and creating access rules for programs), but also includes ways to protect the entire system. It is possible to prevent execution hooks, set read / write / delete policies for every program and have a complete overview about any process or network activity. Every option of core force is available via a structured and intuitive GUI, additionally a user guide explains the – especially in the beginning rather complicated- security concept step by step.

The installation of core is self - explaining when the admin knows his network settings.

By default, some security levels, from to low to very high, are designed. To name an example: While in high modus the outgoing SMB traffic needs to be confirmed, it can pass in low modus.

The system protection works with a kernel level filter. Permissions can be set for any program, registry or folder. For the whole system, unspecified traffic is blocked, only traffic covered by a rule is allowed to pass. Although it is comfortable to configure the rule set for a browser (and using some predefined policies, like “allow outgoing HTTP traffic”), some chat networks require difficult rule tweaking until everything works. The integrated learning wizard helps in creating rules by monitoring the typical behaviour a user performs with the application, but afterwards, core force will at least require confirmation for everything beyond the allowed rules (until the user decides to make his reply permanent), what makes it sometimes very annoying and requires time to make it work properly.

It is also possible to sandbox programs using core force, simply by starting them in a directory which was marked with a red flag in the permissions set. Even if the user is usually considered to be allowed to write into the folder, core force will stop him.

Core Force generates a strong SHA – 1 hash to ensure every program still contains the same content like the last time it was run. So far, no public rat is able to bypass this mechanism.

The integrity of every program isn’t only controlled in its behaviour, modifications which took place in RAM are noticed as well. Still, the usage of the system ressources isn't exaggerated at all.

From an admin account, almost anything in the system can be modulated, including the management of external USB devices.

The OpenBSD packet filter isn’t converted completely to the windows desktop, so core force doesn’t support all its options. However, the firewall is able to filter many network protocols, and supports TCP / ICMP flags.

Every option is saved in a XML file to share it with other users. Unfortunately, the core force community wasn’t too active in creating security profiles for applications, so that only a few programs actually have unique profiles on the core force homepage.

To summon it, a system, even if it lacks security updates, has a good chance of surviving most attacks when it is secured by core force. I would consider it as one of a very few tools appropriate to give an WinXP or Win2000 system a solid level of security. Off course, it can’t make the user redundant, but he can control his system in a very effective way.

In Meanwhile, core force is available in version 0.95.172, but unfortunately the end of development was announced due to the incompatibility with windows vista. The developers considered to turn it into an open source platform, but didn’t decide the subject yet.
He who sacrifices freedom for security deserves neither ~ B. Franklin
You can fool all the people some of the time, and some of the people all the time, but you cannot fool all the people all the time ~ A. Lincoln

#2 walidzak

walidzak

    Private

  • Members
  • 4 posts

Posted 25 April 2009 - 02:23 AM

The integrity of every program isnít only controlled in its behaviour, modifications which took place in RAM are noticed as well. Still, the usage of the system ressources isn't exaggerated at all.
hello every body





Also tagged with one or more of these keywords: tools, intrusion prevention, firewall, hash