March 26, 2001, 4:16 PM — Last December, a bank in Southern California received a call from an online customer asking why one of the bank's computers was trying to hack into his system. It turned out that the machine doing the hacking belonged to the bank's president and had been remotely commandeered by an employee. The president called Conqwest Inc., a Holliston, Mass.-based IT security services firm, which is now rolling out firewall software across the bank's 125 internal desktop, laptop and remote computers.
Until recently, companies thought antivirus and virtual private network (VPN) technologies would keep remote worker connections safe. But as more workers have been accessing the Internet through broadband services such as cable modems, exposure to hacking attacks through those machines has increased. In October, for example, a hacker broke into a Microsoft Corp. employee's home computer and exploited the VPN connection to penetrate the company's internal network.
At the time of the Microsoft hack, only 15 percent of 300 security professionals surveyed used any type of firewall to protect remote workers' machines, even though 38 percent of the reported attacks originated from those machines, according to a report released by Cupertino, Calif.-based security software vendor Symantec Corp.
Some managers are tackling this threat by requiring firewalls on all desktops and laptop computers, both inside and outside the corporate LAN.
"You can have a bodyguard at the front door with a bunch of people beating up on [him], and eventually, [he] will get overwhelmed. Or you can teach everyone karate so they can protect themselves," says Bill Hancock, chief security officer at Exodus Communications Inc., a Santa Clara, Calif.-based Internet service provider.
But these firewall products are still evolving, and IT managers face a multitude of features in personal firewall software programs and hardware devices. For example, some new products allow for centralized monitoring and policy enforcement for remote desktop firewalls, while others may be less sophisticated but easier to use. Still others offer different configuration options depending on an employee's role or whether the remote computer is being used for personal or business use.
Protecting Both Ends
Exodus has deployed CyberwallPlus-SV firewall software from Waltham, Mass.-based Network-1 Security Solutions Inc. on 25 key servers. The company has also installed ZoneAlarm Pro firewall software from San Francisco-based Zone Labs Inc. on 1,000 internal PCs. Exodus plans to install ZoneAlarm Pro on 3,000 computers used by internal, mobile and home workers.
CyberwallPlus-SV is an industrial-strength firewall capable of protecting clustered multiprocessing machines, something Hancock says his personal firewall can't do. Cyberwall installs at the kernel level, hardening it against common attacks and, more important, veiling the machine's identity. If hackers can't tell what the machine is, they can't get at it using common exploits associated with those machines, like sendmail if it's a mail server, or Internet Explorer if it's a Web server, Hancock explains. And CyberwallPlus-SV stands up better to Java and ActiveX mobile code-based attacks than personal firewalls, he adds.
But for individual desktops and remotely connected machines, Hancock says he wanted a less-expensive filtering firewall device that he could centrally manage. CyberwallPlus-SV had no such offering at the time, so he chose ZoneAlarm Pro, which has less-robust features but is cheaper and easier to manage.
"If you run ZoneAlarm Pro in a mission-critical environment, it will not hold up under certain applets and hacking tools. The same thing applies to BlackIce and other personal firewalls," he says.
Hancock adds that while ZoneAlarm was easy enough to install, it snagged on legacy applications and blocked some executable programs from leaving the internal network. "Zone doesn't work well with unusual applications," he says.
But after some initial network interruptions, the firewall has proved strong enough to stand up to common exploits launched at individual computers, like port scans that go after vulnerable services, and Trojan horses such as Back Orifice, he adds.
Hancock says he likes ZoneAlarm's central management server, which assimilates reports and alerts from desktop and remote workers' machines, making it easier to separate systematic attacks from simple port probes and false alarms. He also praises its ability to tailor security settings based on a user's role in the company. "The security needed by a businessperson is different than that of our network architects. ZoneAlarm is very nice about these distinctions," Hancock says.
A Matter of Discrimination
