Search and DocFinder
 
Search help/advanced search

  


News NetFlash: Daily News Internat'l News This Week in NW The Edge Net.Worker Features Research Buyer's Guides Reviews Technology Primers Vendor Profiles Forums Columnists Knowledgebase Help Desk Dr. Intranet Gearhead Careers Free Newsletters Subscription Center Seminars/Events Reprints/Links White Papers Partner with Us Site Map Contact Us Awards Corporate info Home






  

Rather than pinpointing a particular product, I want to address a security category that I believe will have significant impact on the computer industry as a whole: personal desktop firewalls. I take this position for many fundamental reasons.

Within the home telecommuting and small-office environments, use of fixed IP addresses with cable modems and DSL service for high-speed connections brings the associated danger of scanning. Hackers scan for new IP addresses on a daily and nightly basis. Once they identify new ones, they scan for port weaknesses. Most users aren't fluent in unbinding protocols such as TCP/IP from Microsoft file and print sharing. If these services are left bound, individuals and small-office operators can suddenly find themselves sharing the contents of their hard disk or network with the rest of the Internet. Personal firewalls protect ports from being displayed to Internet scanners. This alone is a big boon to personal and corporate security and privacy.

What's more, placing personal firewalls at desktops in larger corporations will help fight at least two problems. The first is Trojan horses. Trojans, installed by e-mail attachments, often attempt to communicate with their distant host - as in zombie-based distributed denial-of-service attacks. Some personal firewalls alerts desktop users that a certain program is attempting to make an external connection over a certain port to a distant IP address. A security-aware corporate user can permit or deny the connection based on knowledge of what that connection is attempting to do. (If it says Back Orifice anywhere, that's a big clue!) Otherwise, users should be trained to call IT so an expert can take a look at the desktop and what it's attempting to do. This approach adds to overall virus and malicious code protection.

The second is an attack from a "trusted insider." Personal firewalls can detect internal network scans, penetration attempts from internal addresses and other such illicit activities. In addition, a well-implemented desktop firewall will log and thwart such attempts.

I applaud the visionaries who designed and created the market segment, and hope that both the larger and smaller companies now competing in this space keep in mind a couple of things:

  • Dangers to desktops come from inside and outside a corporate perimeter.
  • The desktop is a network component that receives and transmits information - some of which may be potentially damaging to the sender or the recipient.
  • Users don't want security to get in their way. Desktop firewalls have to be effective and usable by Jack and Jill Average with minimal impact upon their day-to-day jobs.
  • One too many false positive is a sure way to get users to unplug a product meant to help them.

    • Network World asked me to pick the best personal desktop firewall, but I couldn't. The features each offer operate differently for different environments and some require greater technical skill levels. You really have to pick the most appropriate for your needs.

    That said, I do recommend checking out personal desktop firewalls made by Network Associates, Network Ice (one of Network World's 10 start-ups to watch in 2000), Sygate Technologies, Symantec and Zone Labs.

    Schwartau is the president of Interpact, a security awareness consulting firm in St. Petersburg, Fla., co-founder of NiceKids.Net and founder of Infowar.Com.

    Related links

    Review: Personal firewalls - the next step
    Network World, 08/07/00.

    Symantec targets enterprise with desktop firewall
    Network World, 08/28/00.

    Send this article to a colleague

    Recipient's name:

    Recipient's e-mail:
    		 Your name:

    Your e-mail:
    Comments:

    Feedback

    Tell us your thoughts on this article or the issues raised in it. We'll cc: the author and editors on all comments.

    Comments:

    Name:
    E-mail address:

    Can we post your comments in an online forum on the topic?
    Yes No

    What did you think of this article?
    Very useful Somewhat useful Not at all useful

    Would you want to see:
    More articles on this topic
    Fewer articles on this topic

    Thank you! When you click Submit, you'll be taken back to this article.

    Best home page

    Send to a friend Links Submit questions Best shot Best of the rest



    Responsible for insuring the safety of your network?

    NWFusion offers two FREE security e-mail newsletters to help you keep your enterprise network secure.

    Click here to sign-up.

    Advertisement:


    Editorial Partners program
    Three free and easy ways to bring Network World's in-depth editorial content to your own Web site.
    Learn more



      Copyright, 1995-2002 Network World, Inc. All rights reserved.