IT/IS Security - Personal Firewalls

Personal Firewalls

I've put together this page as a discussion on the merits of and issues with "personal firewalls".

Personal firewalls are applications that monitor all network traffic on a PC and control both the incoming and outgoing communications. Unlike edge of network firewalls, personal firewalls (as they run on the workstation) are able to see what application is requesting communications and so block or allow traffic on that basis as well as by IP address and port.

Merits

Personal firewalls are one tool in the security armoury for helping keep computers and networks secure and free from unwanted intrusion and exploitation.

They help to prevent unauthorised access (inbound connections) to computers connected directly to the Internet (perhaps on dialup connections) where other security mechanisms are not available (such as edge of network firewalls) due to cost or other restrictions.

They also help to prevent unauthorised outbound connections from applications that may be hidden on a computer. Typically these are trojans or adware programs which are either sending out information about the user (e.g. their browsing habits) or using the computer for their own ends (such as mass marketing spam trojans).

Although anti-virus programs may also pick up many of the applications that personal firewalls do, they will not usually do so until the malware is already in the wild and active. So users may well get infected before the AV data is updated. Personal firewalls will help prevent outbound access from any unknown application (though see the Issues below for limitations).

August 2003 update. The recent "Blaster" worm highlights that personal firewalls are becoming even more important to protect workstations. This worm, once on a PC in a network, checks around the network for other PCs that allow access to IP port 135. Whilst this port is probably blocked at the edge of the network, it will not be blocked internally so allowing the worm to very rapidly spread. As there is no real need for port 135 for most people, even internally this can be blocked using a personal firewall.

Issues

The are NOT foolproof.

Indeed, as with any security tool, it is important to realise that they can never be so. There are plenty of ways to circumvent personal firewalls, mainly by applications "piggy-backing" onto other, trusted, applications such as the browser. They are still, however, a very useful part of the security armoury as they will protect from most malware that tries to communicate in or out of your computer.

Users may disable them.

This can be managed by training users and by locking down workstations. You should also look for applications that run as a "service" under Windows NT/2000/XP (Windows 3.1/95/98/ME cannot really be locked down without 3rd party software) as this means that the firewall will start up before the user interface and is less easily disabled by a malware application.

Users may ignore the warnings

Allowing access to or from unknown sources without thinking. This should not be ignored but it is mainly an education issue. This can be backed up, if required, with occasional audits of the settings which is wise anyway in order to tidy things up. So again, although this is an issue, it is not a reason to ignore personal firewalls as a vital security tool.

Conclusions

Although they are far from perfect and certainly do not constitute any kind of "ultimate" security, personal firewalls do provide an additional level of protection. Indeed, they may be the only direct protection dial-up Internet users have available to them (Anti-Virus tools should be used as well of course along with OS and application bug fixes and secure PC settings).

As such, personal firewalls are a vital tool which all users with PCs connected to the Internet (and most that are connected to internal networks) should use. There are several good free personal firewalls and they take up very few resources and so can be run on all PCs with little impact.

So a personal firewall tool should be one of the first tools that you use to protect your computer. Some examples of these and other personal protection software can be found on my Personal Protection Software page.