We all know about firewalls protecting your network from outside attacks, but what can you do when those pesky users keep taking their computers outside your network? And what if the attack isn’t coming from the outside at all?
The corporate network might be reasonably secure, layered behind its firewall, traffic analysis modules, and virus defence, but what about laptops out in the field connected through dialup or broadband connections? What about protection from other people on the inside of your network who might have agendas of their own?
Ideally, desktop firewalls provide two basic functions. They protect your system from unsolicited packets coming in from the Internet, and they offer control over the packets going out. There are several ways to go about setting a security policy, but the safest is to simply block everything and then let what needs to pass through, pass through. This will take some learning to work out what needs to go through, but many of these software packages simplify the task. The trick is to make tiny pinprick holes in your firewall, not huge doorways with a welcome mat on the outside.
In this roundup we looked at some of the Desktop Firewall packages that you can install directly onto a Windows PC to keep the outside world where it belongs—outside. These programs are designed to watch the traffic coming in, and also to insulate you from attacks by passing each packet through a filter to decide weather it should be sent through to the operating system or not.
Check Point SecureClient
The Check Point System is very secure and complex and involves a Check Point Secure Platform, a management station (Smart Dashboard), and SecureClient itself. If you are already using Check Point products, this will match together nicely with your system. Installation of the various parts was fairly simple and well documented, but certainly took much longer than the other systems.
The client by itself comes without any security policy and waits for a policy server to provide it with its firewall rules. There are no default rules defined on the Smart Dashboard, so the security policy will have to be specifically crafted by the security administrator.
This is a great solution for an experienced admin, but makes for a steep learning curve for the beginner.
The Smart Dashboard Configuration program is a large and complex tool, but it is designed to manage the security setting for an entire large organisation. It is relatively easy to use once you have been shown how, but it is really the sort of package you need some specific vendor training on.
All results would depend totally on the security policy defined by the organisation. This software is very powerful and has huge scope for many policies for different departments within an organisation, but it requires considerable investment in time to configure properly.
Computer Associates eTrust EZ Firewall
The EZ Firewall installs quickly from the downloaded version and comes up with its default protection after a reboot. The default policy allows selected incoming traffic and all outgoing traffic, which we feel is a little too relaxed. If there are any attempted connections, a popup window reports details of host, protocol, and service, and gives the option to permit or deny the traffic. In the default learning mode, this information will be remembered and the same rule applied to further connections. There is also a default to auto deny in 30 seconds, although the window never changes to reflect this—and simply stays on the screen. This is a little confusing, as you are not sure whether the traffic arrived recently and is still waiting for an answer or not.
The initial configuration screen looks a little confusing; there is no real information about what a lot of the icons do. There are traffic lights for incoming and outgoing traffic, with each having the option to deny all (red), allow selected (yellow), or allow all (green). Clicking again on any of the options allows you to view the firewall rules that apply in this case. There are four icons along the bottom of the screen for daily information, help, close, and about. There does not seem to be any information beyond one day kept at all in the logs.
The port scan produced some unusual results, with all ports below 1024 filtered, but a variety of ports above 1024 open. The test was able to fingerprint the OS correctly. There was no reaction to the ping flood at all, and CPU utilisation was quite high while the flood continued. There were no problems connecting to the Windows share, opening Web pages, or reading e-mail.
There is an option to save all the created firewall rules into a single file and import them to another system, which is handy if you need to set up many systems, but this is the only concession to external management in this product. EZ Firewall has a pair of sister applications; EZ Antivirus and EZ DeskShield, that provide antivirus and desktop e-mail protection respectively, and in fact there is a package called EZ Armor that rolls all three into a single install.
Overall this system is easy to install, but the lack of configuration, logging, and management options mean it is much better suited to the individual/home user than corporate environment. There are other, larger Computer Associates systems that are more relevant, but we were unable to access them in time for the review.
1%
4%
