IT Pro Briefing: How To Secure Desktop PCs With Personal Firewalls - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

08:43 AM
Connect Directly

IT Pro Briefing: How To Secure Desktop PCs With Personal Firewalls

The hard part is picking the right combination of protection products for the desktop and understanding the trade-offs between convenience, security, and simplicity.

Personal firewalls aren't a luxury anymore. As more users roam with their laptops in and out of corporate networks, it's easy for their devices to become infected. This has prompted companies to look for ways to shield them from the continual attacks raging across the Internet.

Yes, continual attacks. A recent study from the University of Maryland Clark School's Center for Risk and Reliability and Institute for Systems Research finds that attackers attempted to breach the average Internet-connected computer every 39 seconds. "Our data provide quantifiable evidence that attacks are happening all the time to computers with Internet connections," says Michel Cukier, the author of the study and an engineering professor at the school. The computers in Cukier's study were attacked, on average, 2,244 times a day.

The old days of simply getting a virus via e-mail seem benign compared to today's security risks. "Threats haven't relented," says Richard Weiss, director of endpoint security product marketing at CheckPoint Software. "We've seen a very clear change in the kinds of attacks. It isn't a bunch of script kiddies, but now very sophisticated and professional hackers who are trying to make money by breaching enterprise security and getting confidential information." Trojan applications are now four times as prevalent as viruses and worms reports antivirus software vendor Sophos. That's double the ratio from the first half of 2005.

Traveling laptops connect to different local networks, both wired and wireless. "They're networks over which corporate IT has no control," notes Monte Robertson, a consultant at Software Security Solutions, an independent security reseller. Companies need to start protecting mobile devices, including laptops and PDAs, with the same layered approach that they use to protect their corporate networks, Robertson says.

Personal Firewalls Checklist
Do inventory of Windows versions of remote users first to understand potential population dynamics
Collect typical Internet-based applications that these users will be running
Test two or three third-party personal firewalls with this collection of OS versions and typical applications
Examine results for your selected products
If more protection required, begin to examine more expensive total endpoint security products from Juniper and others

Two Basic Approaches
The hard part is picking the right combination of protection products for the desktop and understanding the tradeoffs between convenience, security, and simplicity that result from these choices. There have been two basic approaches by security vendors, and until recently, these have been fairly distinct product lines.

One approach is to sell a hardware appliance for perimeter protection that works in conjunction with software for each desktop. These appliances are available from a wide range of vendors, including CheckPoint, Cisco, Juniper, and Symantec. The advantage of this approach is that a single vendor handles both perimeter and desktop security. On the flip side, though, companies might not get the features that best suit their needs.

A second choice is to use a security suite of software that works in conjunction with an enterprise gateway or centralized antivirus solution. Examples of these kinds of products include:

The advantage of this method is that users don't need to install or configure anything on their own; the enterprise suites (or in the case of Windows Live, a Web-based service) manage their own updates. This means that the attack signature databases are automatically updated centrally so the protection stays current. A downside of this approach is that these solutions are often compromises that don't have best-of-breed protection, and exploits can slip through. In addition, they don't always support older versions of Windows.

IT managers are finding that neither of these approaches can handle unmanaged PCs such as those used by home workers or guest workers that aren't full-time employees. "IT managers discovered several years ago with the Blaster attack that traditional antivirus and intrusion-detection systems were simply not getting the job done," says Weiss.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 4
Comment  | 
Print  | 
More Insights
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll