THE DESKTOP FIREWALL: DO YOU REALLY NEED IT?

You probably have a firewall protecting your network and you may even have an intrusion detection system. Then, of course, there is anti-virus software, anti-spam software and spyware removal tools. Aren't these sufficient to protect desktop users? What does a desktop firewall get you?

The security components you are most familiar with are complimentary. Each has a specific function that increases the overall security of your desktop computers and your entire network. The desktop firewall adds a few critical protective features that none of the others provide.

What does a desktop firewall do?

All firewalls manage ports. To understand how ports work, consider an analogy to the plain old telephone system. Just as a building location has a central telephone number, a networked computer has a 32-bit address. Often when you dial a central number, you can enter an extension to reach a particular phone. Ports are like extensions. A software application can request the use of specific ports on a computer so that network communications are routed correctly.

A typical PC has over 130,000 ports grouped by two communication protocols, Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). Why do we need so many ports? There are tens of thousands of software applications available to us. All those ports enable application data to be properly routed from sender to receiver even on very busy desktop PC's and network servers.

A firewall performs two primary functions. It closes or locks unused ports so they cannot be accessed by anyone. It also maintains a list of software applications and the ports they are authorized to use. If an application attempts to access a port without prior authorization, the attempt is blocked.

Why block software from accessing the corporate network?

Malicious intruders, or crackers, try to gain access to desktop PC's either to obtain sensitive information such as passwords and credit card numbers or to use those PC's as "zombies". A zombie is an insecure computer that has been infected with malicious software. The zombie attacks or infects other computers without the user of the infected system being aware of this activity.

Malicious intruders crack PC's using two major techniques. They may attempt to gain access to the computer by probing for open ports and establishing communications through them. This is like someone dialing a random phone extension to see if anyone answers. A properly configured desktop firewall will block these incoming intrusions.

The other approach used by crackers is to load rogue software onto a PC by any number of means such as the opening of unrecognized e-mail attachments, downloading software across the Internet, copying files from an infected floppy or CD, etc. In these cases, the malicious software runs in the background and attempts to access the network through any available port for the purpose of sending information back to the cracker or infecting other PC's. A desktop firewall can block the outgoing network connection and prevent the attack from spreading.

If your computer is part of a corporate network and someone on the network has their computer compromised, your system is at risk and a desktop firewall may be your only protection. No matter how good the network security, the weakest and least controllable link is always the human element.

Is a desktop firewall all the protection you need?

Unfortunately, the desktop firewall does not replace any software currently in use. All desktop PC's still require anti-virus, spam filtering and spyware removal tools. No one in the industry has created a single, comprehensive solution to these problems. A few major vendors claim to do it all but their claims should be viewed with skepticism. In addition, there is value in having tools supplied by multiple vendors. In the event that one vendor tool has a flaw, another vendor tool may be able to compensate.

Who offers desktop firewall products?

Much has been written about the Microsoft desktop firewall built into Windows XP. It was called Internet Connection Firewall (ICF) but has been renamed the Windows Firewall in Service Pack 2 (SP2). It is very important to note that the Windows Firewall blocks incoming port access but not outgoing access. This limitation makes it much less effective than other solutions. Other firewall products to consider include BlackIce, McAfee, Norton, Outpost, Tiny, and ZoneAlarm. They all do a good job of protecting Windows PC's with ZoneAlarm being widely recognized as the segment leader.

The Apple Macintosh has a built-in firewall that does a good job though it can be difficult to configure properly. Two products that can help with configuration are Brickhouse and FireWalk. They are well worth downloading. Norton also offers a desktop firewall for the Macintosh. If you are already using other Norton products, this may be the best option.

While it may seem costly and complex to deal with the many vulnerabilities in our desktop systems, the aggravation of dealing with corrupted systems or identity theft is far worse. Take reasonable precautions, never open un-recognized e-mail attachments, only download software from trusted sources, and never supply personal information to anyone unless you have initiated the transaction.

Vin D'Amico is Founder and President of DAMICON, your ADJUNCT CIO™. He is an expert in leveraging open software to drive growth. DAMICON provides Freelance Technical Writing, IT Disaster Response Planning, and Network Security Management services to firms throughout New England.

This article appeared in Vin's monthly Virtual Business column for the IndUS Business Journal in October 2004.

To learn more about how DAMICON can help your business, please take a look at our service programs.