Re: Client End Firewalls

[GuidoZ <uberguidoz () gmail com>]

Personally, I believe a client side solution is a MUST. That includes
a personal firewall and an antivirus suite of some kind. There are
ways past perimeter security, without a doubt. I was just discussing
this very thing with someone concerning the GDI/JPEG exploit. There
are ways around content filtering and such. You should have an
all-encompassing solution.

After all, say something gets through your perimeter AV solution and
firewall (maybe through an SSL session, for example). If a trojan
executes or is downloaded to the client system, wouldn't you want an
AV solution (centrally managed for ease of use and updates) to be
there to double check it? Giving the same scenario, wouldn't you want
a personal firewall to be there to stop any connect back attempts? The
GDI/JPEG exploit is a perfect example. It's possible you COULD of been
exploited before your AV knew a thing about it. A client side firewall
would stop the outgoing connection request.

All this completely depends, of course, on client side education. =)
If they just allow all to pass through the firewall because they don't
know any better, then you shouldn't waste your time in allowing it. If
you are going to take the time to properly educate everyone using it
however, that's a different story. Knowledge of what they have control
over is the key - they must know how to use the security tools in
place so they don't bypass them entirely for ease of use. A common
problem.

As for ZoneAlarm's current solution, I can't speak for it. I don't
have enough expereince with it in a production environment to even
give an educated guess on it's effectiveness and reliability.
Hopefully someone else will pipe up with some ideas as well. =)

--
Peace. ~G


On Tue, 28 Sep 2004 14:27:44 +1000, grant.orchard () aws aust com
<grant.orchard () aws aust com> wrote:
> Hi guys,
>
> How much protection do you believe client side firewalls provide? My boss
> has asked for my thoughts on a system like Zone Labs are now offering. Can
> anyone provide me with their thoughts on what benefits this actually
> provides?
>
> Many thanks
>
> Grant Orchard
> NOTICE - This e-mail (and any attachments) is confidential. It may contain
> privileged information or copyright material. You should not read, copy,
> use or disclose it without the written authorisation of AWS.  If you are
> not an intended recipient, please contact AWS by return e-mail and then
> delete both messages.  AWS does not accept liability in connection with
> computer virus, data corruption, delay, interruption, unauthorised access