Personal firewalls aren't a luxury anymore. As more users roam with their laptops in and out of corporate networks, it's easy for their devices to become infected. This has prompted companies to look for ways to shield them from the continual attacks raging across the Internet.
Yes, continual attacks. A recent study from the University of Maryland Clark School's Center for Risk and Reliability and Institute for Systems Research finds that attackers attempted to breach the average Internet-connected computer every 39 seconds. "Our data provide quantifiable evidence that attacks are happening all the time to computers with Internet connections," says Michel Cukier, the author of the study and an engineering professor at the school. The computers in Cukier's study were attacked, on average, 2,244 times a day.
The old days of simply getting a virus via e-mail seem benign compared to today's security risks. "Threats haven't relented," says Richard Weiss, director of endpoint security product marketing at CheckPoint Software. "We've seen a very clear change in the kinds of attacks. It isn't a bunch of script kiddies, but now very sophisticated and professional hackers who are trying to make money by breaching enterprise security and getting confidential information." Trojan applications are now four times as prevalent as viruses and worms reports antivirus software vendor Sophos. That's double the ratio from the first half of 2005.
Traveling laptops connect to different local networks, both wired and wireless. "They're networks over which corporate IT has no control," notes Monte Robertson, a consultant at Software Security Solutions, an independent security reseller. Companies need to start protecting mobile devices, including laptops and PDAs, with the same layered approach that they use to protect their corporate networks, Robertson says.
|Personal Firewalls Checklist|
|Do inventory of Windows versions of remote users first to understand potential population dynamics|
|Collect typical Internet-based applications that these users will be running|
|Test two or three third-party personal firewalls with this collection of OS versions and typical applications|
|Examine firewallleaktester.com results for your selected products|
|If more protection required, begin to examine more expensive total endpoint security products from Juniper and others|
Two Basic Approaches
The hard part is picking the right combination of protection products for the desktop and understanding the tradeoffs between convenience, security, and simplicity that result from these choices. There have been two basic approaches by security vendors, and until recently, these have been fairly distinct product lines.
One approach is to sell a hardware appliance for perimeter protection that works in conjunction with software for each desktop. These appliances are available from a wide range of vendors, including CheckPoint, Cisco, Juniper, and Symantec. The advantage of this approach is that a single vendor handles both perimeter and desktop security. On the flip side, though, companies might not get the features that best suit their needs.
A second choice is to use a security suite of software that works in conjunction with an enterprise gateway or centralized antivirus solution. Examples of these kinds of products include:
The advantage of this method is that users don't need to install or configure anything on their own; the enterprise suites (or in the case of Windows Live, a Web-based service) manage their own updates. This means that the attack signature databases are automatically updated centrally so the protection stays current. A downside of this approach is that these solutions are often compromises that don't have best-of-breed protection, and exploits can slip through. In addition, they don't always support older versions of Windows.
IT managers are finding that neither of these approaches can handle unmanaged PCs such as those used by home workers or guest workers that aren't full-time employees. "IT managers discovered several years ago with the Blaster attack that traditional antivirus and intrusion-detection systems were simply not getting the job done," says Weiss.