IT consulting: Secure PC with personal firewall

The hardest thing is how to choose the right method to effectively combine desktop protection products and balance the elements: convenient, secure and simple.

Personal firewalls are no longer 'luxury' only for giants. As more and more users wandered around with the laptop in their hands, working outside the four narrow walls of the office, the risk of being caught by the attackers all day on the Internet was increasing. Many events and signs have appeared, reminding companies to find ways and ways to protect users effectively against continuous attacks over the Internet.

Yes, attacks take place continuously. A recent study by the Center for Risk and Reliability Research at the University of Maryland Clark School in conjunction with the Institute of Systems Research found that an attack by a hacker was conducted every 39 minutes. on a computer with an Internet connection. ' Our data provides reliable evidence that the attack takes place non-stop with all Internet-connected computers ,' said Michel Cukier, research author and professor of engineering. teaching in the university said. The computers in Cukier's study were attacked, averaging 2,244 times / day.

The old e-mail virus attacks seem to be mild and mild when compared to today's dangerous security threats. ' Risks don't go down, ' said Richard Weiss, security product marketing manager at CheckPoint Software. ' We have seen very clear changes in the attack. Now there is no longer the type of children who are obsessive and destructive and sophisticated. Because they are redirecting their goals from outstanding pits, proving their bravery to profit, making money from the underworld through stealing and buying and selling business data and confidential information . ' Trojans are now four times more popular than viruses and worms, according to Shophos antivirus software maker. This rate doubled compared to the first half of 2005.

Travel laptops often connect to many different local networks, both wired and wireless. ' They are networks that businesses cannot control ,' said Monte Robertson, a consultant at Software Security Solutions and a distributor of free security products. The time has come for companies to start planning mobile protection devices, such as laptops and PDAs, with the same classification methods used for their corporate networks.

Two basic methods

The hardest thing is how to choose the right method to effectively combine desktop and balance protection products between convenience, security and simplicity. There are two basic methods provided by security firms that are still commonly used so far.

The first method is to use hardware to protect the perimeter, or network boundaries, and work with the software on each desktop. These devices can be used in a wide range of large firms such as CheckPoint, Cisco, Juniper and Symantec. The advantage of this method is that a single firm can also control both the security of the belt and desktop security. But even so, in other respects, it is possible that many companies will not find the most suitable component they need.

The second option is to use security software that works with the business gateway or a centralized antivirus solution. For example, the software suite may be:

1. Symantec Client Security v3.1
2. McAfee Host IPS for desktops v6.0.1
3. Windows Live OneCare

The beauty of this method is that users do not need to install or configure any component on their own system. Enterprise software suites (or in the case of Windows Live, a Web-based service) will manage their own update program. This means that the attack signature database is automatically updated centrally so that the protection program always does the same job. The drawback in this approach is that solutions are often compromised due to the absence of the best protection program and the opportunity to exploit may slip through. In addition, they do not support all older versions of Windows.

IT managers looking for ways to control a PC are not subject to any management such as those of home workers or temporary workers, not official employees. 'A few years ago, after the attack of the Blaster worm they found that traditional anti-virus and intrusion detection systems are now too simple and have no effect,' Weiss said.

Weaknesses of Windows Firewall

The biggest drawback of Windows Firewall is based on Windows' built-in personal firewall (or Mac OS). The 'personal' label makes Windows Firewall distinguishable from enterprise firewalls, which protect the entire corporate network from attacks. Personal version only works on desktop computers.

Based on the built-in personal firewall provided by the operating system is not a good security solution, because users can easily turn off the firewall (by accident or intentionally) but forget to turn it back on when needed. With many older versions of the operating system, namely Windows XP and some earlier versions, built-in firewalls often provide a protection program that does not satisfy users, even giving a false sense of security.

For example, Windows XP only starts to integrate a firewall with operating systems from Service Pack 2 and above. However, the XP firewall only protects internal connections, not preventing threats from outside the network boundary. That is, any potential danger, for some reason finding a way to penetrate a user's hard drive, can take control of the computer and use this computer to send it away. Attacks or botnet attacks. ' The key factor in computer security is to protect the network from attacks from outside the border, where sensitive information goes out ' (Robertson).

' SP2 has patched a lot of bugs, made XP stronger and Internet Explorer much safer ,' said Igor Pankov, Agnitum's product marketing manager. ' But SP2 doesn't do much to improve overall security integrity, because malware, whether more or less, always sends personal data out of network boundaries .'

Vista and Windows Live OneCare management services are always built with their own firewall with slightly more advanced capabilities. But the default Vista firewall can only protect connections in the border. It is possible to configure the protection program on the border but it is not simple and somewhat beyond the reach of the average user. " Vista inherits many features and is more secure than previous versions of Windows, but not perfect ," said Shane Coursen, a Kaspersky Labs expert technical consultant.

Balancing a safer and easier to use problem has created a built-in firewall replacement market on Windows. These programs can also be used for remote users or mobile users, working outside their organization's intranet.

Third-party personal firewall

The two basic methods do not meet the requirements and instead, the third one is frequently used: combining a more powerful firewall on each desktop with centralized security device or a security suite honey. This is the core of existing security products in the market, such as Cisco, Consentry, Juniper, Lockdown Networks and Mirage Networks. They all implement a tool to monitor the status of each network device and ensure they are safe.

But these solutions are often very expensive and take a long time to deploy. A better option is to use a third-party personal firewall such as Zone Labs of CheckPoint Software, Panda Software, Prevx and a number of others, as shown in the summary table below:

Product Address (URL) Main component

Panda Software Client Shield 2006

Pandasoftware.com

Support Windows 98/2000, enterprise version.

Zone Alarm Internet Security Suite v7.0, CheckPoint Integrity

Zonelabs.com

There is a free version (only firewall) and money collection;The suite includes an IM and antivirus / spyware protection program

Prevx v1.0

Prevx.com

Free blocking, but it costs $ 25 a year to change or reorder.

Jetico Personal Firewall v1.01

Jetico.com

Free, for Win98 / 2000

Agnitum Outpost Pro v4.0

Agnitum.com

For Windows 64-bit and Win98 / 2000;Function: anti-malware / spyware

Kaspersky Internet Suite v6.0

Kaspersky.com

For Windows 64-bit and Vista support;Components: anti-malware / spyware

Third party personal firewall product

Benefits from using these products have been shown in practice. They effectively protect the desktops and better prevent the exploitation of a vulnerability against the attacks of many people across the enterprise network.

A good example is the telecommunications company VAR Tele-Verse, which uses Symantec's Norton antivirus software to protect Windows 2000 20-plus devices about 9 months ago, when a detected computer was attacked. by viruses and spread to all machines in the company. ' It took us almost a day to find the program that could kill this virus, including updating the latest version of Norton on all machines, ' said Scott Rendell, managing Tele's operations. Verse recounted. ' Finally we found Prevx and it saved the company. It works very easily and quickly detects the problem, then immediately isolates the virus. We didn't have any trouble after that time . '

Prevx regularly checks for updates with new signs and also detects the virus-like activity of the application. Several other third-party personal firewall products have also begun to incorporate similar techniques. And security researchers are spending a lot of time checking and finding ways to remove malware without requiring specific signs.

Finding the best personal firewall is not easy. IT managers will need to check a large number of desktop and application configurations before making any decisions. They must ensure two factors: what can be protected and easy to use in everyday computing activities. ' The challenge lies in how to minimize the additional software management burden for additional desktop protection programs ,' said Weiss's CheckPoint. ' Enterprises always have a certain limit on the number of different software they want to support .'

A number of independent testing has been conducted to determine the effectiveness of personal firewalls. One of them is Firewall Leak Tester. A variety of different products are included and a test program to determine whether firewalls can prevent certain types of attacks from any threat. IT managers can evaluate the test program and determine the corresponding strength on each product.

One of the surprising points discovered from these test programs is the difference between the free version and the paid version of Zone Alarm. The free version can only eliminate 27 different types of attacks while the paid version can eliminate nearly 20 more.

The personal firewall rated at the top is Jetico. The firewall is completely free, but it is not easy to configure. If using this product, IT managers will need a lot of time to set up and put it into operation for each user. The test shows that Jetico is difficult to configure, especially for users using Internet multi-function applications, not just e-mail and Web browsing.

Two other firewalls at the top are Outpu Pro firewall of Agnitum and Internet Labs of Kaspersky Labs. Both are commercial products, which have been marketed for several years. Both integrate personal firewalls with anti-virus and anti-spyware programs. Kaspersky supports Vista as well as older Windows versions.

Some manufacturers start putting personal firewalls as part of a comprehensive unified security solution for companies. Often they distribute endpoint security software better or simply combine separate business and personal product lines together. An example is the case of Symantec with Client Security, Integrity of CheckPoint Software and Open Space Security of Kaspersky. All three personal firewall lines are combined with overall enterprise management tools.

The problem is not where you choose which product, but it is important to quickly start evaluating personal firewalls. ' For laptops, you should choose the best security solution with anti-virus, anti-spyware and firewal functions ,' said Robertson of Software Security Solutions. ' It's time to start thinking about the required requirements in personal firewalls as an extremely important tool for remote users '.