About InfoWorld : Advertise : Subscribe : Contact Us : Awards : Events : Store
InfoWorld HomeNewsTest CenterOpinionsProduct GuideTechIndex
 COLUMN ARCHIVE  FORUMS
 

COLUMN

 
Security Advisor
P.J. Connolly

Desktop firewalls require a revolution in their management to be truly effective

ABOUT A DECADE AGO, I learned the hard way why protecting the desktop is one of the most difficult tasks. A virus infection came into our shop through an outside contractor, and it spread everywhere. I spent the better part of the next two weeks scanning local drives and floppy disks, but I eventually declared victory. The lesson from that experience is best expressed by Walt Kelly's Pogo: "We have met the enemy, and he is us."

   ADVERTISEMENT
  

Free IT resource

Virtualization Insights from Top Experts - Learn how virtualization gets real!

Sponsored by Dell

Free IT resource

TechNet: More ways to know it, share it, and keep it running.

Sponsored by Microsoft

RELATED LINKS
»  IE 7 bug reopens debate over patch responsibilities
»  Woman ordered to pay for file-sharing will appeal
»  McAfee to buy SafeBoot for $350M
»  Security RSS feed 

IDG ENTERPRISE NETWORK
Research Reports  (CIO)
Ask the Expert  (CIO)

TOP NEWS 


IT SOLUTION SEARCH
Too many companies have focused their efforts on computer security at the perimeter and ignored the need to defend against threats from within. Even companies that recognize the possibility of an internal threat tend to minimize or misidentify the nature of the problem. Microsoft's recent trouble with the Trojan horse "QAZ" didn't come about because an employee was unhappy, it happened because the employee and Microsoft's security staff were sloppy and an unknown party took advantage of it.

Although we all know that perfect security is impossible, a lot can be gained by beefing up your current set of tools. For example, 10 years ago, you may have installed anti-virus software only on key machines. Today, many PCs come with it pre-installed, and most companies use anti-virus software on the desktop, file server, and mail server. It's time that we treated "desktop" or "personal" firewalls with the same seriousness.

In the last couple of years, the personal firewall market has exploded with the increasing use of cable modems and DSL. Although dial-up connections are also subject to attack, the "always-on" nature of cable and DSL technologies makes it a lot easier for attackers to compromise systems. The personal firewall software scans network traffic to and from the PC, and permits or denies the passage of packets based on predetermined rules, just like the firewall at the edge of a network.

Personal firewalls usually offer remote workers a number of predetermined traffic rules, and users rarely have to perform any configuration. For example, certain types of application traffic might be allowed if the application is active on the desktop, but not if it's coming from a background process.

The current generation of personal firewalls for Windows systems isn't perfect. The most glaring problem is that they don't check on applications trying to pass data through the firewall. If the executable's name matches one on the "approved" list, passage is granted. This vulnerability allows a Trojan horse to pass itself off as, say, netscape.exe or another application that has transit rights.

The other problem with most personal firewalls is that they don't play well in an enterprise environment. Although many vendors tout their remote installation and configuration, too often that's the limit of the product's manageability. We learned a long time ago with anti-virus software that products without central management and reporting aren't worth using.

Unfortunately, it seems that most of the people selling personal firewalls missed this lesson. So for their benefit, let's dust off the Commandments of Manageability:

I Thou shalt enable remote management of desktop configurations.

II Thou shalt send alerts via e-mail, pager, and SNMP trap.

III Thou shalt provide reporting tools that focus on exceptions, not norms.

IV Thou shalt not update the product by repackaging the entire code.

V Thou shalt protect the client even if the network connection is broken.

VI Thou shalt provide the administrator with defaults that match best practices.

VII Thou shalt provide the administrator with complete control over how and when clients are updated.

One vision that might provide a model for delivering enterprise security is McAfee's Security.NET service, an ASP (application service provider) approach that offers an alternative to "boxed" security packages. Whether companies are comfortable with this approach is another matter.

If you aren't already considering personal firewalls as part of your security strategy, now is the time to do so.


P.J. Connolly is a senior analyst in the InfoWorld Test Center; he has almost 15 years of IT experience building, maintaining, and securing networks and clients. Write to him at pj_connolly@infoworld.com.




RELATED SUBJECTS

Security
Web Technologies
MORE >


SPONSORED WHITE PAPERS
EMC - Lower costs and improve reliability-Get the EMC CLARiiON white paper!
Ciphertrust - Are you ready for Sobig.G? Learn how to protect your email systems.
CDW - Personal attention. CDW. The Right Technology. Right Away.
EMC - Explore key performance features and capabilities of EMC ControlCenter 5.1.1.
Intel - Free Intel white paper shows you how to deploy a secure wireless LAN
Cisco - FREE WHITE PAPER: BLUEPRINT to design and implement secure VPNs
Verity, Inc. - "Mass Consolidation Hits the Web-Search Market"
McDATA - Download a FREE storage consolidation white paper from McDATA(R).
Lucent Technologies - Overcoming Common Firewall Limitations
Lucent Technologies - Leverage Your Mobile High Speed Data Access. Download Free White Paper!
Nokia - Get the scoop! Mobilizing business white papers & case studies.
BMC Software - Maximize the Potential of Enterprise Data: Free white paper!
Network Associates - Free white paper - Strategies for Optimizing Network Costs and Benefits
Entrust - Manage identities across applications. Improve productivity.
Stalker Software - CommuniGate Pro - Transform your Email and Calendaring
Remedy - A NEW Gartner Research Note:Producing Quality IT Services

Search the IDG White Paper Library:


SPONSORED LINKS

INFOWORLD MARKETPLACE


» IT Compliance Conference: Nov. 5-7 in San Diego
Best Practices, Peer Experiences, & Expert Advice for Building a Defensible IT Compliance Program
» FREE Sophos Threat Detection Test
Is your AV catching everything it should? Free virus, spyware and adware scan.
» IT Audit Checklists
Prepare for your next internal IT audit. Checklists cover security, risk management, PCI, and more.
» FREE White Paper: Mitigating Rock Phish Attacks
Standard anti-phishing methods cannot defeat complex Rock Phish attacks. Learn how to fight back...
» Apply BPM and ITIL at your IT Help Desk
ServiceWise brings BPM to complete IT service while eliminating integration cost. Learn more here.

 HOME  NEWS  TEST CENTER  OPINIONS  PRODUCT GUIDE  TECHINDEX   About : Advertise : Subscribe : Contact Us : Awards : Events 

Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy

All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services.

Computerworld :: Network World :: CIO :: PC World :: Darwin :: CMO :: CSO
IT Careers :: JavaWorld :: Macworld :: Mac Central :: Playlist :: GamePro :: GameStar :: Gamerhelp
ITWorld Canada :: Computerwoche :: Techworld UK :: tecChannel :: IDG.se :: IDG.no