Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


September 2004

Windows Firewall Software

Protect your valuable systems
From the September 2004 Edition
of Windows IT Pro
Jeff Fellinge
Buyer's Guide
InstantDoc #43580
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Security Articles Here | Reprints
Or get the Monthly Online Pass—only $5.95 a month!

See associated figure

Firewalls provide important network and computer-system protection for businesses and home users. Today's firewalls come in two distinct flavors: host-based firewalls that protect individual computers and network-based firewalls that you place at strategic chokepoints on your network. Most large organizations use network-based firewalls. However, even in large, well-protected enterprises, host-based firewalls can provide a solid second level of defense from worms or other malicious traffic that might breech your primary network firewall. This Buyer's Guide describes some of the features to consider when you buy host- and network-based Windows firewall software.

Network-Based Firewalls
Firewall rule sets detect and block anomalous and unwanted traffic. The rule sets consist of individual ACLs that define the traffic that's permitted through the firewall. Be sure to examine how the firewall constructs ACLs and how you make changes to them. For example, does the firewall use a GUI or command-line syntax? Which tools and protocols, such as HTTP Secure (HTTPS) or Secure Shell (SSH), does it use for remote management? Does the firewall support real-time logging of dropped packets, which helps you troubleshoot firewall operations and detect rogue activities? If the log events are exportable to a common (i.e., SNMP or syslog) or delimited format, you'll be able to use the plethora of log-analysis tools that are freely available.

Most modern firewalls include Intrusion Detection System (IDS) functionality. IDS identifies (and usually blocks) known exploits before the rule set processes them. For example, IDS might drop a Denial of Service (DoS) attack that's embedded within a protocol that your rule set would have allowed. IDS sophistication and features vary by vendor.

Several network firewall architectures exist—from simple single firewalls to dual back-to-back firewalls that create a perimeter network to triple firewalls that have legs for demilitarized zone (DMZ), private, and public networks. Do some research before you decide which architecture you want to deploy, then compare firewalls that support that design. Firewalls route packets from one network to another and most can perform Network Address Translation (NAT), which hides a larger number of private IP addresses behind a few public IP addresses. Some network firewalls also provide VPN server functionality. Several VPN technologies (e.g., IP Security—IPSec, PPTP) are available, so consider which solution is most compatible with your environment. VPNs historically have had problems crossing firewalls that are configured for NAT. If you're a small office/home office (SOHO) user, look for firewalls that support IPSec or PPTP passthrough to ensure that you can connect to your company from behind your home firewall.

Some firewalls provide more sophisticated control—such as antivirus scanning, Web-content filtering, or other application-layer filtering—over the traffic that passes between networks. To enable these features, vendors often charge extra subscription fees that add to the recurring cost of the software, so be sure to check the details.

Consider where to deploy your dedicated network firewalls and whether you need high availability. Redundant hardware and software licenses for firewalls that are clustered for failover or load balancing can add to your cost.

Host-Based Firewalls
Because of the proliferation of remote users and worms, host-based firewalls play an increasingly important role in securing workstations from internal attacks that bypass the network firewall. Host-based firewall software must coexist with users' day-to-day tasks, such as using Microsoft Office or surfing the Web.

Because host-based firewalls are installed on client computers, many products control which applications can access the network. Some products profile computers by building up a rule list as programs attempt to access the network. For enterprise deployments, look for centralized management capabilities, which aggregate workstation data into reports and let you push host-based firewall policies to remote computers. Also, consider location-detection features that assign additional rules to protect laptop computers when they're connected to remote networks.

Host-based firewalls typically assign ACLs on a per-user basis, which provides additional flexibility and security. Instead of basing ACLs on individual IP addresses (which an attacker can spoof or change), host-based firewalls authenticate users at any location and apply ACLs based on user roles.

Most reputable firewalls provide solid protection—if they're configured correctly. But an incorrectly installed firewall can cause a false sense of security or a disruption in your business service. Carefully scrutinize the literature, product manuals, and other information to ensure that you're truly guarding what you've set out to protect.

End of Article

Reader Comments
.

LeesSummit September 02, 2004 (Article Rating: )

You must log on before posting a comment.

If you don't have a username & password, please register now.




Top Viewed ArticlesView all articles
Windows Chief Leaving Microsoft

Kevin Johnson, the man most directly responsible for current and future versions of Windows, as well as Windows Live and Microsoft's online services, is leaving the company for a position at Juniper Networks. Johnson has been co-president or president ...

How can I limit Exchange mailbox size?

...

The Memory-Optimization Hoax

Don't believe the hype. At best, RAM optimizers have no effect. At worst, they seriously degrade performance. ...
Security Whitepapers Anti-Virus Is Dead: The Advent of the Graylist Approach to Computer Protection

Getting the Job Done: Comparing Approaches for Desktop Software Lockdown

Instant Messaging, VoIP, P2P, and games in the workplace: How to take back control
Related Events Check out our list of Free Email Newsletters!
Security eBooks Spam Fighting and Email Security for the 21st Century

Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys
Related Security Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.


ADS BY GOOGLE SPONSORED LINKS FEATURED LINKS

Shortcut Guide to SQL Server Infrastructure Optimization
With right tools and techniques, you can have a top-performing SQL Server infrastructure without having to cram your data centers so that they're overflowing. Download this eBook to learn how.

WinConnections Conference Fall 2008
Don’t miss the premier event for Microsoft IT Professionals in Las Vegas, November 10-13. Register and book your room by August 25 and receive a FREE room night (based on a three night minimum stay).

Become a fan of Windows IT Pro on Facebook!
Join us on Facebook and be a fan of Windows IT Pro!

Continuous Data Protection and Recovery for Exchange
Read this white paper to learn about Continuous Data Protection (CDP), Exchange 2007's local continuous replication and cluster continuous replication features.

Rev Up Your IT Know-How with Our Recharged Magazine!
The improved Windows IT Pro provides trusted IT content with an enhanced new look and functionality! Get comprehensive coverage of industry topics, expert advice, and real-world solutions—PLUS access to over 10,000 articles online. Order today!

Tips to Managing Messaging
Discover three fundamental mail and messaging management services - security, availability and control services - and how you can implement them in a Microsoft-centric mail and messaging environment.

Get It All with Windows IT Pro VIP
Stock your IT toolbox with every solution ever printed in Windows IT Pro and SQL Server Magazine plus bonus Web-exclusive content on hot topics. Subscribe to receive the VIP CD and a subscription to your choice of Windows IT Pro or SQL Server Magazine!



Solving PST Management Problems
In this white paper, read about the top PST issues and how to administer local/network PST files.

Bandwidth Monitoring Tool from SolarWinds
Identify largest bandwidth users in seconds. Get the free download now.

Transform Your Data Center at Brocade Conference 2008
Storage networking industry’s premier event at the MGM Grand, Las Vegas, September 22 - 24, 2008

Are You Litigation Ready?
Collecting and processing electronic data for e-discovery can be time-consuming and expose a business to significant legal risks. Get prepared with this free white paper

Order Your Fundamentals CD Today!
Gain an introduction to Exchange, learn server security requirements, and understand how unified communications can play a role in your messaging strategies with this free Exchange CD.

KVM over IP Solutions
Learn about a KVM over IP solution that is specifically designed to meet the needs of the distributed IT environment.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound
IT Library Technical Resources Directory Connected Home Windows Excavator SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing