SV: Client End Firewalls

["Kim Guldberg" <kim () bufferzone dk>]

IMHO they provide much needed security in combination with a bastion
firewall, if you choose the right one.
Most personal firewalls filter on the basis of applications and processes on
the client machine. Without this type of firewall, a Trojan using legal
traffic will get past a bastion firewall. With a personal firewall the user
will be prompted to allow the traffic before it is allowed to leave the net.
Remember that most hackers do not break in to the network, they use a
vulnerability to make the network break out. The right personal firewall
will prevent this.
If you are looking into this type of firewall, I would recommend that you
look at the BitGuard firewall. This firewall is implemented as a service
giving extra security and if you buy the server version, the administrator
can control what applications and processes the clients are allowed to run.
With this setup your clients can download Kazaa, but not install it and if
kazaa is already installed they can't start it.


-----Oprindelig meddelelse-----
Fra: Grant.Orchard () aws aust com [mailto:Grant.Orchard () aws aust com] 
Sendt: 28. september 2004 06:28
Til: security-basics () securityfocus com
Emne: Client End Firewalls





Hi guys,

How much protection do you believe client side firewalls provide? My boss
has asked for my thoughts on a system like Zone Labs are now offering. Can
anyone provide me with their thoughts on what benefits this actually
provides?

Many thanks

Grant Orchard
NOTICE - This e-mail (and any attachments) is confidential. It may contain
privileged information or copyright material. You should not read, copy,
use or disclose it without the written authorisation of AWS.  If you are
not an intended recipient, please contact AWS by return e-mail and then
delete both messages.  AWS does not accept liability in connection with
computer virus, data corruption, delay, interruption, unauthorised access
or unauthorised amendment.