DESKTOP FIREWALLS - Infoworld.com Security Newsletter

posted onJanuary 29, 2001
by hitbsecnews

DESKTOP FIREWALLS REQUIRE A REVOLUTION IN THEIR
MANAGEMENT TO BE TRULY EFFECTIVE

Posted at January 19, 2001 01:01 PM Pacific

ABOUT A DECADE AGO, I learned the hard way why
protecting the desktop is one of the most difficult
tasks. A virus infection came into our shop through an
outside contractor, and it spread everywhere. I spent
the better part of the next two weeks scanning local
drives and floppy disks, but I eventually declared
victory. The lesson from that experience is best
expressed by Walt Kelly's Pogo: "We have met the
enemy, and he is us."

Too many companies have focused their efforts on
computer security at the perimeter and ignored the
need to defend against threats from within. Even
companies that recognize the possibility of an
internal threat tend to minimize or misidentify the
nature of the problem. Microsoft's recent trouble with
the Trojan horse "QAZ" didn't come about because an
employee was unhappy, it happened because the employee
and Microsoft's security staff were sloppy and an
unknown party took advantage of it.

Although we all know that perfect security is
impossible, a lot can be gained by beefing up your
current set of tools. For example, 10 years ago, you
may have installed anti-virus software only on key
machines. Today, many PCs come with it pre-installed,
and most companies use anti-virus software on the
desktop, file server, and mail server. It's time that
we treated "desktop" or "personal" firewalls with the
same seriousness.

In the last couple of years, the personal firewall
market has exploded with the increasing use of cable
modems and DSL. Although dial-up connections are also
subject to attack, the "always-on" nature of cable and
DSL technologies makes it a lot easier for attackers
to compromise systems. The personal firewall software
scans network traffic to and from the PC, and permits
or denies the passage of packets based on
predetermined rules, just like the firewall at the
edge of a network.

Personal firewalls usually offer remote workers a
number of predetermined traffic rules, and users
rarely have to perform any configuration. For example,
certain types of application traffic might be allowed
if the application is active on the desktop, but not
if it's coming from a background process.

The current generation of personal firewalls for
Windows systems isn't perfect. The most glaring
problem is that they don't check on applications
trying to pass data through the firewall. If the
executable's name matches one on the "approved" list,
passage is granted. This vulnerability allows a Trojan
horse to pass itself off as, say, netscape.exe or
another application that has transit rights.

The other problem with most personal firewalls is that
they don't play well in an enterprise environment.
Although many vendors tout their remote installation
and configuration, too often that's the limit of the
product's manageability. We learned a long time ago
with anti-virus software that products without central
management and reporting aren't worth using.

Unfortunately, it seems that most of the people selling
personal firewalls missed this lesson. So for their
benefit, let's dust off the Commandments of Manageability:

I Thou shalt enable remote management of desktop configurations.

II Thou shalt send alerts via e-mail, pager, and SNMP trap.

III Thou shalt provide reporting tools that focus on
exceptions, not norms.

IV Thou shalt not update the product by repackaging the
entire code.

V Thou shalt protect the client even if the network
connection is broken.

VI Thou shalt provide the administrator with defaults
that match best practices.

VII Thou shalt provide the administrator with complete
control over how and when clients are updated.

One vision that might provide a model for delivering
enterprise security is McAfee's Security.NET service,
an ASP (application service provider) approach that
offers an alternative to "boxed" security packages.
Whether companies are comfortable with this approach
is another matter.

If you aren't already considering personal firewalls as
part of your security strategy, now is the time to do
so.

P.J. Connolly is a senior analyst in the InfoWorld Test
Center; he has almost 15 years of IT experience
building, maintaining, and securing networks and
clients. Write to him at pj_connolly@infoworld.com.

Source

Tags

Networking

You May Also Like

Other Articles In This Section

Recent News

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes
Apple announces macOS 15 Sequoia with window tiling, iPhone mirroring, and more
Apple integrates ChatGPT into Siri, iOS, and macOS
British police to scan 480,000 Formula 1 fans’ faces at Silverstone
Hackers steal “significant volume” of data from hundreds of Snowflake customers

Friday, June 7th

7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope
FCC pushes ISPs to fix security flaws in Internet routing
Can a technology called RAG keep AI models from making stuff up?
How to Lead an Army of Digital Sleuths in the Age of AI

Thursday, June 6th

Mystery object waits nearly an hour between radio bursts
Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab
Ex-Microsoft security expert torches Windows' new 'Recall' feature
The Age of the Drone Police Is Here

Wednesday, June 5th

Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File
TikTok Hack Targets ‘High-Profile’ Users via DMs