RE: Personal Firewalls

[Nigel Willson <NWillson () tbg com>]

This is a significant topic as enterprises extend their security
perimeters into employee homes and, for mobility, hotels. A
personal firewall configured and/or used improperly can invite
more issues than it prevents.

It most definitely needs to be complemented with a good and
regularly updated anti-virus solution because the greatest risk
comes from within, targetted trojans from our dynamic executable
society. A major risk is an employee owned desktop that serves
the role of both entertainment and business or a home network
that has *other* connections.

I'd recommend a mix of firewall (that ties into the enterprise
perimeter), anti-virus and, integrity checker (for those with
secure desktop standards) -- if standards and policy can be
applied to a home-based PC. Then an IPsec tunnel with stronger
authentication -- you'd be surprised what hotel networks capture!

Vendors are working on integration towards a convergence and
there should be some announcements in 2Q01.

These personal firewall technologies are very new, evolving, and
do not yet fully support enterprise use. The problem is that they
are easy to deploy but do not scale well to enterprise needs, so
deployment/investment should be limited/tactical initially to
those that warrant it.

A badly deployed solution will result in users disabling the
annoying hindrance or tampering with it and, poor configuration/
policy enforcement can exacerbate perception that security is
invasive on a locked down workstation.

20% Technology, 80% Process/Planning. There are a number of 
requirements to consider in user grouping, firewall policy,
logging, use, management, together with an all important set of
processees to accomodate configuration, education, support, 
maintenance, etc.

http://securityportal.com/articles/pf_main20001023.html has an
interesting review of the technology options.

Hope this helps,

Nige.

Senior Consultant, iSecurity Program
The Burton Group
http://www.tbg.com
 

> -----Original Message-----
> From: Tony Chryseliou [mailto:TonyC () bgls com]
> Sent: Wednesday, February 28, 2001 6:28 AM
> To: firewall-wizards () nfr com
> Subject: [fw-wiz] Personal Firewalls
>
>
> I'm currently in the development stage of a VPN project. Will 
> be mostly
> telecommuters. One of the requirements besides the software 
> that will create
> the VPN tunnel, is to have a mini-firewall that will be 
> installed on the
> client PC.
>
> My only requirement is that "rule sets" be packageable and 
> easily deployed
> after install. Been working with an eval of Symantec Desktop 
> Firewall and it
> does meet the requirement, but quite frankly, the thing is 
> flaky and doesn't
> behave consistently.
>
> Are there any other products in this category that I should 
> be looking at? 
>
> TIA,
>
> Tony Chryseliou
> Director, IT
> New World Holdings
> 732-544-0155 x165
>
> P.S. Before any says Checkpoint, been there, done that. I 
> refuse to give
> them any more money because of their lousy support, over 
> priced, and product
> introduction schedule.
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr com
> http://www.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards