Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Desktop Firewalls Bring Security Closer to Home

How They Work

Software-based desktop firewalls act as a kernel shim between the networking hardware device and the IP stack, which intercepts and inspects all network traffic. The traffic is compared to an ACL (access-control list) and run through signature scanners. If approved, the traffic passes through. Rejected traffic is dropped or logged to a file, and an alert is sent to the user. (Some desktop firewalls attempt to detect buffer overflows and abnormal code as well, but dedicated host intrusion-prevention systems do a better job at this. See "All-in-One Desktop Security," page 82, for more on these hybrid systems.)

Hardware desktop firewalls are specialized PCI or PCMCIA cards. They come with their own operating system via an onboard CPU and work like a standalone hardware firewall. The trade-off is they can't do application blocking or system-policy verification like software firewalls can. But unlike software ones, hardware firewalls can't be disabled from the operating system purposely or by malware.

Off-Limits to Users

Choose a desktop firewall suite that supports centralized policy management so you don't have to touch each user's machine to configure or verify a policy. And don't let users disable or set security policies on the firewalls, such as which ports are open and which programs can access the network. Internet Security Systems' RealSecure and Zone Labs' Integrity desktop firewalls make this easy for you by hiding the firewall interface from the user, with no visible user-interface components and no shutdown option. A user might disable the firewall if he or she wants to download a game, for example, but some files--like "Shoot Osama"--are Trojans masquerading as games. Disabling the firewall leaves your organization wide open to an attack.

  • 1