Personal firewall for lambda users

[Alexandre Zglav <azglav () heritage ch>]

Hi all,

I am currently studying various  personal firewal softwares for
installation on my company's Laptops.
Most of my users are lambda users and I wanted to make sure being
firewalled on their laptop would be as transparent for them as when their
working in our corporate LAN.

I've recently been testing Sygate Personal firewall ( now owned by
netscreen ) and I found it pretty deceiving... The software is clearly
designed to be used and administered on a dayly basis by experimented users
and the security level is quite low in my opinion: there are continuous
popups that come to the user asking for him to choose if he should let the
trafic for a specific application in or out ( thats quite normal for a
personal  firewall) but a user without the admin password can set a rule
just by clicking on a button on the popup (thats quite unusual...) .

So basically what I'm trying to do is to protect my users from themselves
by configuring the firewall to let very specific applications ( email
client, web browser etc.. ) in and out, and to deny all the rest so that
the user doesnt' see any popup. Moreover I want to set real admin passwords
that won't let a user set a rule without it ( such as it was in Sygate
PFW...)

I personally use Kerio at home since three or four years  now and I'm
pretty satisfied with it. I wanted to know what you, security experts :) ,
thought about this product.
I know that kerio will let me do what I want with admin password,
application specific rules and a "Deny all" rule at the end of the list but
I want to know how reliable and secure it is and if the company has any
chance to survive the next decade (or years...  :) ). Is there another
secure and reliable personal firewall that I sohould try to accomplish what
I want to do ?

Thanks for your answers.

Oh and by the way my users are using Windows XP pro.

See you!
________________________________________________

IT Projects
Alexandre Zglav
Heritage Bank & Trust
12 cours des bastions
P.O. Box 3341
1211 Geneva
Switzerland
Phone :  ++ 41 22 817 31 11
Direct Line : ++41 22 817 32 21
azglav () heritage ch
www.heritage.ch
________________________________________________

This document should only be read by those persons to whom it is
addressed  and  is  not intended to be relied upon by any person
without  subsequent written confirmation of its contents. If you
have  received  this  e-mail message in error, please destroy it
and delete it from your computer.
Any  form of  reproduction, dissemination, copying,  disclosure,
modification,  distribution  and/or  publication  of this E-mail
message is strictly prohibited.
________________________________________________


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------