I agree that personal firewalls can be a good option, except that I think it is overkill, in many cases. I know many companies that have hardware firewalls and never get hit by viruses and no personal firewalls and never get hit.
Normally, someone gets hit if the normal precautions are not followed (no firewall, anti-virus definitions are not up-to-date, patches not installed - remember Slammer, email attachments from unknown people are opened - of course this can happen if an infection comes from someone you know). But nothing is perfect, including personal firewalls.
The big question is how much protection is too much protection. This is always a nagging question. Especially in the backup arena. If we were to use the analogy you used on your friend who got hit twice in a couple of days (that by itself is a little suspicious as to whether his virus definitions were up to date), I would be backing up my systems at work every 5 minutes. The question is always, how much can you afford to lose and that is balanced by how much does the protection cost (in money as well as performance issues).
Take a windows scenario. You are working away and have your various programs running at once (Word, some desktop publishing program, email, your virus protection and a personal firewall). The system starts to slow down, crashes - whatever. Now the problem is what cause it (lets assume it is not a virus or worm - although is still a question). Now which of your multiple programs or services that are running at any given time caused your problem. Could be an errant program, corrupted file, bad memory, bad power supply, confict between programs or a virus. The problem is for each program you put on your system, you are adding a potential problem.
You are a security person. What is the first thing you do when you harden a system - lock down unused ports. Same here.
If you add a personal firewall, why not a host-IDS?
I am not denying the usefulness of a personal firewall, I just think that no program is a panacea. We both have mentioned in our posts somewhere that sometimes having a Security program can also be danger in that it gives us a false sense of security where we may think we are safe so why keep up all the other safety procautions that are necessary (MS Patches and virus definitions).
Sorry - you asked.
Re: Do you use a personal firewall ?
15 years 3 months ago #980
Very good point, balanced security is a very hard goal to achieve, especially when you spend all your time thinking about the threats (as I have a tendency to do You sometimes end up missing the big picture and going overboard.
As you said, there is no substitute for sensible edge level protection coupled with up to date virus defs. However my main focus was actually to deal with the idea of egress filtering. Aside from providing what is often an illusionary psychological warm feeling ("I have a firewall, I'm superman now") the personal firewall will at the very least give you more control of the outbound traffic. Any extra degree of control you have gives you one more place where you can stop a potential problem right ?
True to what you said it would be overkill to stick a personal firewall on everything you could lay your hands on, but how about just on the CEO's secretary's machine, or the ones used by the word processing drones from the HR department... the places where infections and such like troubles can usually be traced to.
I agree, this is a healthy debate. One with no real solutions. Just a question of comfort.
My question is if you put one "on the CEO's secretary's machine", why not the CFOs secretary, the presidents secretary - what about the managers. This could go on and on. Now you have the problem of making sure each one is set up correctly and all the updates are up to date.
When you say "Any extra degree of control you have gives you one more place where you can stop a potential problem right", there will always be one more thing you could do. Problem here is you are trying to stop virus's and worms. All it takes is one machine to get it and ....
You could also set it up so that everyones data goes to one server or set up the anti-virus on your Mail Server. This should help the "questionable employees".
No easy answers - I guess. Lots of sticking you fingers in the air and see which way the wind blows. Just kidding! But honestly, a lot of it is what you are comfortable with. I'm not saying that it isn't prudent to put a personal firewall on a machine. Some of this is just a matter of style.
Re: Do you use a personal firewall ?
15 years 3 months ago #985
Perhaps the prudency ultimately lies in installing them for home networks -- that which they were already designed for. Unfortunately here also the penetration is low.. how many non-net savvy cable users are there without any firewall ? How many of those got infected with <insert worm of the day here> and then proceeded to spread it around.
You're right, in the enterprise, it all boils down to what you define as 'reasonable risk'.. and thats why people makes lots of money giving lectures on it perhaps we should consider this as a future career prospect.
I agree on the useful of the personal firewall use at home.
But if it is hard enough to get non-net savvy cable users to use a hardware firewall (which typically doesn't stop the worms and viruses anyway), imagine how hard it will be to get them to handle the software one. My father-in-law is a good example. I would never put one on his system. I just put a Linksys firewall (not their router - although this is a router) configure it and it works fine.
I think that when I first looked at blackice, firewalls were reallllly expensive. This is not the case now. As you say. there is no substitute for a good edge device, especially if you have multiple systems at home (wife, kids etc).