Windows IT Pro is the leading independent community for IT professionals deploying Microsoft Windows server and client applications and technologies.
  
  
  Advanced Search 


October 2001

Desktop Firewalls

From the October 2001 Edition
of Windows IT Pro
Mark Joseph Edwards
Buyer's Guide
InstantDoc #22241
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Products / Software Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

Download the Code Here

Protect your desktops from intrusion

EDITOR'S NOTE: The Buyer's Guide summarizes vendor-submitted information. To find out about future Buyer's Guide topics or to learn how to include your product in an upcoming Buyer's Guide, go to http://www.win2000mag.com/buyersguide. To view previous Buyer's Guides on the Web, go to http://www.win2000mag.com/articles/index.cfm?action=buyersguides.

I can think of three great reasons why desktop firewalls are necessary. First, FBI studies reveal that roughly 50 percent of all network intrusions originate from within a company's own network and are perpetrated by a company employee. Second, border firewalls protect only the network border—if a border is breached for any reason (e.g., bug, misconfiguration), the networks on either side of the border are at risk, and a desktop firewall could help prevent a deeper intrusion. The third reason stems from the surge in the number of telecommuters: A company's border firewall protects mobile users while they're inside the network, but without a desktop firewall, mobile users are vulnerable to intrusion when they take their mobile device outside the network borders.

Desktop firewalls serve a purpose similar to the purpose that a safe serves in your home. Your home's doors certainly have locks, which serve as your primary means of intrusion prevention. However, you might also install a safe within your home because locked doors aren't foolproof deterrents.

For the most part, you'll spend less money to install and maintain desktop firewalls than you'll spend to recover from an intrusion. This issue's Buyer's Guide provides an overview of available desktop firewall solutions. Many reasonably priced solutions are on the market today.

Because firewalls are rules-based, configuration and manageability are important features. To change rules on half a dozen network-border firewalls is a big chore. To change the rules on dozens, if not hundreds, of desktop firewalls is definitely a tedious task—unless your desktop solution supports centralized management. Some vendors offer centralized distribution and management, and others don't. Be sure to consider the time you'll spend initially installing a desktop firewall and subsequently upgrading the product. If you need to manage relatively few desktop firewalls, you probably can't justify the added cost of centralized management. But also take your budget and the future growth of your network into consideration—if you expect your network to grow quickly, you might want to invest now rather than later in a product that has centralized-management capabilities.

Even if you aren't concerned about centralized distribution and management, you should be concerned about rule configuration. Some products listed in this Buyer's Guide are more intuitive because they offer automated rule generation. For example, when you open a desktop application that tries to move traffic to or from the local system, some firewalls recognize that action as a potential vulnerability and ask whether you want to let that traffic pass. The firewall might also ask whether you'd like to make the rule permanent or temporary. Such features make it easier for users to use desktop firewalls, but if you plan to use centralized management, automated rule generation probably won't play a big role in which product you choose.

Another key factor in your decision might concern embedded Intrusion Detection Systems (IDSs). Some desktop firewalls can detect common attack types, such as Denial of Service (DoS) attacks. Some of the listed firewalls can immediately shut down DoS attacks, whereas others simply block all traffic for which no rules exist. Consider the firewall's IDS capability compared with the added cost—you might find the additional security well worth the expense.

You should also remember to consider each product's logging features. Firewall logs are invaluable in forensic analysis, so verify that the logging features of the product you're interested in are adequate.

Desktop firewalls aren't that complex to install, configure, and manage, so you might want to download demos of products that have features that seem to meet your needs. Install each product and take it for a serious test drive—there's really no better way to learn exactly how a product works within your environment.

End of Article

Reader Comments
R.e.: Desktop Firewalls
"Desktop firewalls serve a purpose similar to the purpose that a safe serves in your home. Your home's doors certainly have locks, which serve as your primary means of intrusion prevention. However, you might also install a safe within your home because locked doors aren't foolproof deterrents."
Thanks for such as in depth (sic!!!) article! I wish I had known just how technically adept you assumed your readership was when I subscribed.
I thought this was supposed to be a technically 'deep' publication for the Windows world and hoped to learn more about the internals of Windows... (but then on the other hand, that MAY be true and we are witnessing the 'deeper' side of the Windows community with articles such as this! Can you say reboot....reload...
Any chance that we might see the same insightful article about say...a computer?!?!?!Duh!
Sorry guys, but I expected alot more! WHAT A WASTE!!!!!

Mark Sweazey May 20, 2002

You must be a registered user or online subscriber to comment on this article. Please log on before posting a comment. Are you a new visitor? Register now




Top Viewed ArticlesView all articles
Battery Life Issues Almost Certainly Not Windows 7's Fault

While Microsoft is still investigating a notebook battery life issue that was supposedly caused by Windows 7, some interesting trends have emerged. ...

Confirmed: Battery Life Issues Not Windows 7's Fault

Microsoft on Monday issued a lengthy statement about the recent Windows 7 battery controversy, echoing my assessment from earlier in the day, but backing it up with hard, cold evidence. ...

Microsoft Warns of Windows Version Expirations

Microsoft warned that this year will see three out-of-date Windows versions slip into retirement. ...
Security Whitepapers Reducing the Costs and Risks of Branch Office Data Protection

Solving Desktop Management Challenges in Healthcare

Solving Desktop Management Challenges in Education
Related Events The Increasing Threat of Financially Motivated Data Theft

Deep Dive into Windows Server 2008 R2 presented by John Savill

Introduction to Identity Lifecycle Manager "2"

Check out our list of Free Email Newsletters!
Security eBooks Spam Fighting and Email Security for the 21st Century

Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys
Related Security Resources Introducing Left-Brain.com, the online IT bookstore
Looking for books, CDs, toolkits, eBooks? Prime your mind at Left-Brain.com

Discover Windows IT Pro eLearning Series!
Clear & detailed technical information and helpful how-to's, all in our trademark no-nonsense format


ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Collaborate with Confidence
Accelerate deployment and simplify Microsoft SharePoint management with EMC solutions and services.

Calculate your savings now
See how SAN is 57% cheaper than DAS over three years

Announcing Symantec Backup Exec 2010
With integrated deduplication and unified archiving technology.
Feb 25 - Are your IT Systems distributed? Or Convoluted?
Find out why integrated management solutions are more important than ever in today's IT environments and what criteria to consider when evaluating those solutions.

Virtualization Faceoff – Join the Discussion
Blogs, free poster, videos, community commentary – IT experts and peers face off on VMware & Microsoft virtualization solutions.

Should Your Email Live in the Cloud?
This Forrester report shows how-to calculate your on-premise email costs and compare with cloud-based alternatives and offers best practices for reducing email costs.

Exchange Server 2010: Deploying Unified Communications
register for this free virtual event and build your Unified Communications future on a strong Exchange Server 2010 foundation

New from Left-Brain.com - Manage VMware with PowerShell
Learn how to perform everything from simple ad-hoc reporting at the command-line to complex scripts that automate a massive deployment of hundreds of virtual machines.  Solve your old problems using less code than you thought possible!
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro DevProConnections IT Job Hound
Left-Brain.com Technology Resource Directory asp.netPRO ITTV Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 © 2010 Penton Media, Inc. Terms of Use | Privacy Statement