Security Basics mailing list archives
RE: Client End Firewalls
From: "Shawn Jackson" <sjackson () horizonusa com>
Date: Thu, 30 Sep 2004 08:02:47 -0700
How much protection do you believe client side firewalls provide? My boss has asked for my thoughts on a system like Zone Labs are now offering. Can anyone provide me with their thoughts on what benefits this actually provides?
Good client side firewalls can control what applications open ports and send/receive traffic. In a corporate LAN which is protected by firewalls and other network security equipment you are really just setting up more pain for yourself by installing client firewalls. Using a product like Symantec Enterprise Edition with their NIS firewall is extremely useful for roaming (read: laptop) clients. Any of the 'Enterprise' class client software firewalls usually have centralized management. Client firewalls provide a good level of protection, but don't offer the Layer 4 and higher inspection of traffic like 'normal' firewalls. Pros: ----- Protects against malicious applications on the host Can control what applications have network access Adds another level of protection to the host and network Assists in prevent prorogation of virii and worms inside the network Cons: ----- Can be hard to manage Can confuse the user Uses host resources (Memory, CPU time) Increases network complexity Can cause compatibility issues Recommended Deployment: ----------------------- High Risk/High Security Networks Roaming Systems (i.e. Laptops) DMZ Servers/Systems Shawn Jackson Systems Administrator Horizon USA 1190 Trademark Dr #107 Reno NV 89521 www.horizonusa.com Email: sjackson () horizonusa com Phone: (775) 858-2338 (800) 325-1199 x338 Fax: (775) 858-2330
Current thread:
- Client End Firewalls Grant . Orchard (Sep 29)
- Re: Client End Firewalls Steve (Sep 30)
- Re: Client End Firewalls GuidoZ (Sep 30)
- RE: Client End Firewalls Brent Clark (Sep 30)
- SV: Client End Firewalls Kim Guldberg (Sep 30)
- Re: Client End Firewalls David Parsons (Sep 30)
- <Possible follow-ups>
- RE: Client End Firewalls Shawn Jackson (Sep 30)