Protect your desktops from intrusion

EDITOR'S NOTE: The Buyer's Guide summarizes vendor-submitted information. To find out about future Buyer's Guide topics or to learn how to include your product in an upcoming Buyer's Guide, go to http://www.win2000mag.com/buyersguide. To view previous Buyer's Guides on the Web, go to http://www.win2000mag.com/articles/index.cfm?action=buyersguides.

I can think of three great reasons why desktop firewalls are necessary. First, FBI studies reveal that roughly 50 percent of all network intrusions originate from within a company's own network and are perpetrated by a company employee. Second, border firewalls protect only the network border—if a border is breached for any reason (e.g., bug, misconfiguration), the networks on either side of the border are at risk, and a desktop firewall could help prevent a deeper intrusion. The third reason stems from the surge in the number of telecommuters: A company's border firewall protects mobile users while they're inside the network, but without a desktop firewall, mobile users are vulnerable to intrusion when they take their mobile device outside the network borders.

Desktop firewalls serve a purpose similar to the purpose that a safe serves in your home. Your home's doors certainly have locks, which serve as your primary means of intrusion prevention. However, you might also install a safe within your home because locked doors aren't foolproof deterrents.

For the most part, you'll spend less money to install and maintain desktop firewalls than you'll spend to recover from an intrusion. This issue's Buyer's Guide provides an overview of available desktop firewall solutions. Many reasonably priced solutions are on the market today.

Because firewalls are rules-based, configuration and manageability are important features. To change rules on half a dozen network-border firewalls is a big chore. To change the rules on dozens, if not hundreds, of desktop firewalls is definitely a tedious task—unless your desktop solution supports centralized management. Some vendors offer centralized distribution and management, and others don't. Be sure to consider the time you'll spend initially installing a desktop firewall and subsequently upgrading the product. If you need to manage relatively few desktop firewalls, you probably can't justify the added cost of centralized management. But also take your budget and the future growth of your network into consideration—if you expect your network to grow quickly, you might want to invest now rather than later in a product that has centralized-management capabilities.

Even if you aren't concerned about centralized distribution and management, you should be concerned about rule configuration. Some products listed in this Buyer's Guide are more intuitive because they offer automated rule generation. For example, when you open a desktop application that tries to move traffic to or from the local system, some firewalls recognize that action as a potential vulnerability and ask whether you want to let that traffic pass. The firewall might also ask whether you'd like to make the rule permanent or temporary. Such features make it easier for users to use desktop firewalls, but if you plan to use centralized management, automated rule generation probably won't play a big role in which product you choose.

Another key factor in your decision might concern embedded Intrusion Detection Systems (IDSs). Some desktop firewalls can detect common attack types, such as Denial of Service (DoS) attacks. Some of the listed firewalls can immediately shut down DoS attacks, whereas others simply block all traffic for which no rules exist. Consider the firewall's IDS capability compared with the added cost—you might find the additional security well worth the expense.

You should also remember to consider each product's logging features. Firewall logs are invaluable in forensic analysis, so verify that the logging features of the product you're interested in are adequate.

Desktop firewalls aren't that complex to install, configure, and manage, so you might want to download demos of products that have features that seem to meet your needs. Install each product and take it for a serious test drive—there's really no better way to learn exactly how a product works within your environment.