Personal firewalls a double-edged sword |
 |
By Edward Hurley, SearchSecurity.com News Writer
25 Nov 2003 | SearchSecurity.com |
|
|
Howard Plumley Jr., a network administrator with the University of Florida at Gainesville, makes sure personal firewall software is installed on all workstations to protect systems against worms, Trojans and spyware.
"But the users tend to disable it after the third or fourth [alert asking] 'Do you want xx to access the local internet, Do you want ... ??'," Plumley said.
Increasingly, experts are recommending personal firewalls. They are becoming imperative for small businesses and home users with broadband Internet access. Even some companies are installing them within their corporate networks. Personal firewalls offer benefits such as being able to block certain worms and attacks but only when used properly.
But Plumley's experience is not rare. At this time, using personal firewalls isn't easy, especially for non-technical end-users. "Many of them don't know enough to know what is the right thing to do," said Fred Cohen, an information security luminary and an analyst with the Burton Group.
A misconfigured personal firewall is useless at best. "A firewall is of no value if it isn't properly configured," said Gregg Nicholas, LAN administrator with the Berrien County Courthouse in Saint Joseph, Mo. "When misconfigured, it can either be a cause of many problems -- or it can provide a false sense of security."
Some enterprise-grade personal firewall products have centralized management consoles that allow administrators to push out rules, but this approach isn't trouble-free. "If someone gets control of them, then the company is could be out of business," Cohen said. "Even if someone just makes a mistake, then the company could be out of business."
The reason is personal firewalls, much like traditional gateway firewalls, block ports. Blocking an important one for an application could result in lost business and productivity for an organization.
For example, when the Blaster and Nachi worms surfaced in July, experts recommended blocking RPC-DCOM. This would have meant plugging TCP and UDP ports 135, 137, 138 and 445. The problem with this is many services and applications such as Microsoft Outlook rely on them.
Cohen said it's difficult making blanket statements about which ports a company should definitely block with personal firewalls. Each company needs to figure out what their requirements are. A problem with every firewall is the rules need to be as tightly configured as possible to maximize protection but not too tight so functionality would be affected, he said.
Just blocking ports isn't necessarily enough. Dale Jackaman, who manages the security for a number of hi-tech companies in Canada, recommends personal firewalls as just a start. "As basic port blocking is simply not enough I prefer to use products that combine firewall, application control, intrusion detection systems with auto-blocking capabilities into one unified package -- and always behind a hi-end corporate level firewall," he said during a recent e-mail interview.
If companies are even more security conscious there is a more radical alternative. "You could go to Linux on the most safe install. It would be pretty secure," said Cohen, noting the continually growing range of business applications available for the open-source operating system. "But people must remember protection is something you do, not something you buy."
|
