Panda Dome Firewall

Slyguy

Level 31
Joined
Jan 27, 2017
Messages
2,026
OS
Other OS
#1
So far, Panda Dome has one of the most impressive software firewalls I've seen in an AV suite. I will likely post a test video if I get some time and illustrate the kinds of sophisticated attacks it is capable of blocking. For now, here's a rundown.. I'm not sure if this has been posted anywhere else but I deal with these attacks daily so I will try to summarize them so people can get an idea about how powerful this firewall is, and where other products lack in DANGEROUS areas. They've added granular firewall controls, we'll be focused on the available general options.

First, you can select 'Home, Work, Public' network settings. I recommend ALWAYS selecting public. This activates the following rules by default;

On public, basic block rules are;
IIS
Remote Desktop
DTC Connections
NetBios Incoming
NetBios Lateral
ICMP Protocol

These are basic, but important blocks. An attacker will often utilize ICMP as a stage-one indicator for attack, if your systems don't respond with a valid ICMP then the hacking process becomes a bit harder for them to establish your L-IP.

Next, there are toggles for the following;
IP Explicit Path
Land Attack
SYN flood
TCP Portscan
TCP flag check
IP header length check
UDP flood
UDP portscan
Smart DNS
Smart DHCP
Smart ARP
OS Detection
ICMP Unsolicited Drop Responses
ICMP No Echo Requests
Small PMTU
Smurf
Fragmentation Control

These are basically full intrusion protection system rule sets. I can't go into each one individually and I do not clip and paste other peoples crap because it's often wrong. I'll focus on the most important ones and why NOT having them is a big mistake.

Smart DNS - this is a DNS hijack prevention system. What it does is accept DNS requests from validated forwarders in the time allotted. So let's say your system requests a DNS lookup for "Paypal.com", your forwarder requests this then closes the session. Smart DNS ensures that you are requesting from a valid forwarder AND that no hijacks can followup with a DNS redirection, it closes the session and prohibits any additional DNS requests outside of the 'smart' identified session.

Smart ARP - ARP is how your network equipment (router, switches, etc) knows where to send packets. An attacker can flood a network with ARP requests, confusing equipment, slowing networks, slowing packets enough for intrusion, etc. Without this you are totally vulnerable to this form of attack. Also ARP Cache poisoning is a major problem. What this does is an attacker poisons your arp tables then redirects packets destined for a given Mac Address to another desired Mac Address where they can then rip your data.

Smart DHCP functions in a similar manner prevented unvalidated DHCP requests, DHCP overwrites, DHCP pool redirection and other things. So IF a client inits a DHCP call to the local DHCP server it has a few seconds to respond with a valid DHCP reply. Smart DHCP blocks ALL DHCP traversal that isn't pinned to a client DHCP request. (research DHCP attacks if you wish, it's a deep subject)

Portscans are what they are.. UDP/TCP portscans, which are usually not-nefarious but they CAN BE more often than people realize. Any attack, and a lot of malware attempts to figure your network out with ICMP and Portscans. Blocking them is pretty important and usually doesn't impact any applications especially on workgroups as opposed to domains. With these blocks it's much harder to be attacked across the board and for trojans to move laterally.

TCP validation via flag check, header length, etc are basically a defense against packet modification and malformations, think advanced SPI (Quantum).

Small PMTU is designed to stop packet tracing on your network as a prelude to a network attack.

OS Detection - advanced gateway UTM/NGFW's all detect and identify OS's to validate authenticity and to respond correctly to attacks. The premise behind this is detecting anomalies in an OS is often a precursor to a network attack, and hence, will be blocked if the indicators don't match.

Syn, Land Attack, and others relate to DDOS/DOS and Local Area Denial attacks.. All important.

There are many other things above that protect from THOUSANDS of different attacks. I read an older review of Panda from Neil Rubenking, and it was the first time I realized he was a fool.. He said "I expected the firewall to prevent some trojans from executing'... Apparently he has no understanding of the purpose of IPS/IDS... I see Neil come up often, but I really don't think he is worthy of mention beyond this. He's a decent arm-chair nerd, but digging into network security he should not. (as Yoda would say)
 
Last edited:

Opcode

Level 28
Content Creator
Joined
Aug 17, 2017
Messages
1,741
#3
Interesting.

The only thing I don't like about Panda Security is their unwanted extension/tool-bar stuff which is even flagged by other AV vendors as PUPs and their lack of good customer support for home users. That's it though, so not much I dislike.
 

Slyguy

Level 31
Joined
Jan 27, 2017
Messages
2,026
OS
Other OS
#4
Interesting.

The only thing I don't like about Panda Security is their unwanted extension/tool-bar stuff which is even flagged by other AV vendors as PUPs and their lack of good customer support for home users. That's it though, so not much I dislike.
That toolbar is utter crap, we all laughed and unchecked it on installation. It's totally not needed and I cannot believe they just don't remove it altogether. Support I have no idea, never used it. But most AV's have spotty support (or no support, LOL) so I will take your word on that!

I tend to pay close attention to the lateral movement prevention and IPS/IDS of products moreso than other areas folks such as yourself focus on. Most products utterly fail to protect users properly in this area, but there are a few rockstars in this field, and those are the only products I would personally consider. ESPECIALLY if you don't have a UTM/NFGW on your gateway with IPS/IDS, you NEED software to do the IPS lifting for you.
 

Opcode

Level 28
Content Creator
Joined
Aug 17, 2017
Messages
1,741
#5
so I will take your word on that!
Apologies, it wasn't from personal experience of requesting the support. However, I took a look at the support forum a few months ago when the talk about the Panda Security toolbar/extensions had a spike of reference in some private chats I was in with a few friends, and I didn't like what I saw.

What did I see? I saw a helpless customer complaining that the toolbar/extension "hijacking" the start page to one from MyStart, which is really what can happen with the toolbar/extension. If you check the Chrome Store reviews for the official extension you'l find heaps of complaints about such behavior. Instead of the customer support representative repairing the issue quickly for the customer, it took several groups of replies from the representative... And then it escalated to a PM.

It should have been fixed from the very first response, it doesn't take much effort to help someone reset their browser settings and prevent an extension from consistently re-hijacking it. It's just unwanted, PUP-like behavior and the origin of it being from a security vendor doesn't automatically make the behavior non-PUP like.

My guess is that it escalated to a PM because Panda Security felt embarrassed that it was going on for so long for simple assistance on a public thread, that way it could continue for as long as eternity without it maintaining public view.

I believe the original thread is still on their support forum though, I'll try and dig it out for you so I can use it as a source. It was quite funny.

Apart from the bad forum support based on what I witnessed and the toolbar/extension, I've nothing against Panda Security. The firewall information you've shared here is quite interesting to me as well, thank you for that. :)
 

AtlBo

Level 24
Joined
Dec 29, 2014
Messages
1,389
Antivirus
Qihoo 360
#6
Slyguy Slyguy . Not a fan boy of FortKnox Firewall for a number of reasons, but do you have knowledge of any up sides it might have or any down sides features-wise? I like where I hope this program is going I think I would say for now.

If Panda has the logging and also full configuration capabilities, then it's off the charts for a software bundled firewall from the sounds of things. Really envisioned some others getting to that stage with firewalling first, especially ESET. Good, but I don't think it's as good as Panda must be...

Here is a picture of ICMP settings. Wondering if you can makes sense of these for me and anyone else using FortKnox:

Fort Knox 2.png


Thanks
 
Likes: askmark

Slyguy

Level 31
Joined
Jan 27, 2017
Messages
2,026
OS
Other OS
#7
Slyguy Slyguy . Not a fan boy of FortKnox Firewall for a number of reasons, but do you have knowledge of any up sides it might have or any down sides features-wise? I like where I hope this program is going I think I would say for now.

If Panda has the logging and also full configuration capabilities, then it's off the charts for a software bundled firewall from the sounds of things. Really envisioned some others getting to that stage with firewalling first, especially ESET. Good, but I don't think it's as good a Panda must be...

Here is a picture of ICMP settings. Wondering if you can makes sense of these for me and anyone else using FortKnox:

View attachment 184961

Thanks
These are general ICMP tweaks, relatively useless to be honest. ICMP = Fancy word for 'ping'. So all of these settings really just deal with pings and ping response. Incoming you should just disable echo and leave Dest. Unreachable checked. Outgoing you can just tarpit them with Dest. Unreachable UNLESS you need pings on for a specific purpose, it's pretty harmless outbound.

None of these really enhance security much other than putting dest. unreachable inbound, that's good to have on.
 

AtlBo

Level 24
Joined
Dec 29, 2014
Messages
1,389
Antivirus
Qihoo 360
#8
Any long term hope for FortKnox?

Any knowledge of the tech any any of these protection elements?

FortKnox 2.png


Thanks for taking the time to put the information about Panda. Hope it's an indication of where things are headed in general and thanks for input on FK...
 

Slyguy

Level 31
Joined
Jan 27, 2017
Messages
2,026
OS
Other OS
#10
Any long term hope for FortKnox?

Any knowledge of the tech any any of these protection elements?

View attachment 184975

Thanks for taking the time to put the information about Panda. Hope it's an indication of where things are headed in general and thanks for input on FK...
Now these are the meat and potatoes of a firewall. This is where your IPS is, and where the best features are found.

FortKnox essentially mirrors 'most' Panda Firewall features in this section minus a few other features Panda has that are a bit more advanced than this. But this is very good. You have your traffic anomolies blocked, DOS, portscan, DNS and MAC spoofing, netbios, all here.. Even the OS Fingerprint protection is here (called OS Detection on Panda). The only thing missing are ARP protection systems, some additional DDOS protection, and a couple other things - which MAY be here under a different name.

FortKnox looks like something most people should run if their AV doesn't have a fairly robust firewall. I wonder how Fortknox would pair with FortiClient since FC has no firewall at all? Note, Windows Firewall has NO IPS features for the most part and is pretty poor overall. I sort of cringe when AV firms rely on Windows Firewall boosted, without any IPS additions.
 

AtlBo

Level 24
Joined
Dec 29, 2014
Messages
1,389
Antivirus
Qihoo 360
#11
$23 for 5 lifetime keys, and the dev responds to messages. I have a funny good feeling about this particular program, so I think it's worth the meager expense if you get a chance to take a look. I won't bore you with the details of the logs that don't reliably update in the GUI or that there isn't support for IP ranges or port ranges. The logging I like better than Comodo in spite of the quirks, and the records are there, even if you can't see them sometimes...just so you don't rage remove...:)

Apologies...it's 1 key for 5 machines, but it is lifetime. Sorry about that...
 
Last edited:
Joined
Jan 5, 2018
Messages
173
OS
Windows 10
Antivirus
Isolation
#13
$23 for 5 lifetime keys, and the dev responds to messages. I have a funny good feeling about this particular program, so I think it's worth the meager expense if you get a chance to take a look. I won't bore you with the details of the logs that don't reliably update in the GUI or that there isn't support for IP ranges or port ranges. The logging I like better than Comodo in spite of the quirks, and the records are there, even if you can't see them...just so you don't rage remove it...:)

Apologies...it's 1 key for 5 machines, but it is lifetime. Sorry about that...
If it provides really secure protection then that pricing is fantastic.
 

AtlBo

Level 24
Joined
Dec 29, 2014
Messages
1,389
Antivirus
Qihoo 360
#14
Chimaira Chimaira , I would like to see it in a test like a efficacy test, where it has to handle a large volume of connection attempts in a relatively short period of say 15 minutes...maybe a hundred or 200...just to make sure it can handle alerts without crashing. Hasn't crashed on me so far, but it is an interesting GUI that doesn't give off that shaky feeling but it still feels a tiny bit shaky...like Comodo but in a slightly different way I guess. It's been solid for about a month for me so far. No problems.

Also, would be nice to see if it has task kill protection and general run-time protection of the process and the service. I think it does actually, but it would be great to see it in action. It does have password protection for the settings...(y)
 

Umbra

Level 61
Content Creator
Verified
Joined
May 16, 2011
Messages
17,642
OS
Windows 10
Antivirus
Default-Deny
#15
I see Neil come up often, but I really don't think he is worthy of mention beyond this. He's a decent arm-chair nerd, but digging into network security he should not. (as Yoda would say)
Digging into computer security he should not...
 

Slyguy

Level 31
Joined
Jan 27, 2017
Messages
2,026
OS
Other OS
#18
Slyguy Slyguy , any decent standalone software Firewall you know of that is as good as Panda?
Is Panda Firewall as good as Eset's?
Eset and Panda are both pretty robust and feature rich with true IPS.

No clue if any third party SW FW's offer this level of protection, but I know hardware appliances are usually where we see this level of IPS.
 
Joined
Apr 13, 2014
Messages
175
OS
Windows 10
Antivirus
G Data
#19
Opcode said....
“Apart from the bad forum support based on what I witnessed and the toolbar/extension, I've nothing against Panda Security. The firewall information you've shared here is quite interesting to me as well, thank you for that. :)

You nailed it!!! Their forum is AWFUL :mad:
 
Likes: spaceoctopus
Joined
Jul 13, 2014
Messages
564
OS
Windows 10
Antivirus
ESET
#20
Nice to note that Panda has been doing some hard work on their firewall:)
Slyguy Slyguy
Panda and Eset have great firewalls, but do you think they are as good like a product such as ZoneAlarm Pro Firewall? It's a pretty advanced firewall.

ZoneAlarm PRO Firewall - Professional Firewall Protection