Network Computingwww.networkcomputing.com

	Issue TOC Print full article Print this page Download as PDF E-Mail this URL Discuss this article Flame the author     In this article Introduction Measuring Protection Sygate Secure Enterprise 3.0 Other Products Reviewed Executive Summary Beyond the Initial Expense The Layering Effect Report Card

Shouldn't antivirus software and an e-mail server scanner be enough to protect desktops inside the LAN? If your organization keeps all its remote users away from the private LAN, all current and former employees are trustworthy, and you keep strict physical security, perimeter firewalls should prevent people from hacking in, while the antivirus software and e-mail server scanner catch any virus or Trojan. Right? Wrong. Antivirus software is reactive, not proactive. And desktop firewalls do only part of the job.

Antivirus software operates by matching a file against a database of existing virus signatures. New viruses and Trojans don't get caught. Antivirus and IDS vendors respond quickly, creating signatures for new viruses; still, a few hosts are always hit first. Attackers that target your organization directly have one advantage: They don't have to mass deploy their Trojan or virus. Your machines may be vulnerable to new Trojans that remain under the antivirus vendors' radar. Correctly configured, desktop firewalls should catch these Trojans and prevent them from sending data.

Firewalls do not replace antivirus software--they won't protect you from a virus aimed at unlinking every file from the system. And they won't eradicate the Trojan or guarantee that your system will be usable after infection, but they will help keep your data out of the wrong hands. At least that's the theory. If your desktop firewall contains bugs, it can crash or be compromised. If a new exploit is found, you're vulnerable until a patch is released. Meanwhile, the more layers you add, the more likely you'll survive an attack.