Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Client End Firewalls

from [Shawn Jackson] Network Security [Permanent Link]
Subject: RE: Client End Firewalls
Date: Thu, 30 Sep 2004 08:02:47 -0700 


How much protection do you believe client side firewalls 
provide? My boss has asked for my thoughts on a system like 
Zone Labs are now offering. Can anyone provide me with their 
thoughts on what benefits this actually provides?


Good client side firewalls can control what applications open ports and
send/receive traffic. In a corporate LAN which is protected by firewalls
and other network security equipment you are really just setting up more
pain for yourself by installing client firewalls. Using a product like
Symantec Enterprise Edition with their NIS firewall is extremely useful
for roaming (read: laptop) clients. Any of the 'Enterprise' class client
software firewalls usually have centralized management. Client firewalls
provide a good level of protection, but don't offer the Layer 4 and
higher inspection of traffic like 'normal' firewalls.

Pros:
-----
Protects against malicious applications on the host
Can control what applications have network access
Adds another level of protection to the host and network
Assists in prevent prorogation of virii and worms inside the network

Cons:
-----
Can be hard to manage
Can confuse the user
Uses host resources (Memory, CPU time)
Increases network complexity
Can cause compatibility issues

Recommended Deployment:
-----------------------
High Risk/High Security Networks
Roaming Systems (i.e. Laptops)
DMZ Servers/Systems

Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521

www.horizonusa.com
Email: sjackson@horizonusa.com
Phone: (775) 858-2338
       (800) 325-1199 x338
Fax:   (775) 858-2330
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Client End Firewalls, Steve
Next by Date:  SF new column announcement: Open Source Versus Closed Source Security, Kelly Martin
Previous by Thread:  Re: Client End Firewalls, David Parsons
Next by Thread:  RE: Client End Firewalls, David Gillett
Indexes:  [Date] [Thread] [Top] [All Lists]