MicroSolved, Inc. –
Personal firewalls are very ingenious little pieces of software or hardware that protect machines (or in some cases - small networks) from attacks. Two specific implementation situations exist in the personal firewall world. The first common user of personal firewalls is the individual home user or small business user with a broadband Internet connection. The second common deployment is as a form of intrusion prevention for a system in an enterprise. These two camps have the same goals for personal firewall software, but they usually have very different needs, so the required features tend to be different.
First, let's look at the home or small office user. The personal firewall deployed here is often the primary means of Internet protection. The user's goals often include protection of data and defense of their system against compromise. In most cases, home and small office users are less concerned with intrusion detection capabilities and centralized management. If you fall into this category, the first question you must ask is whether you want a software firewall or a piece of hardware to serve the firewall purpose.
Software firewalls are usually easy to install and manage, and can protect an entire network if they are put into place on the system acting as the Internet Connection Sharing server. If you choose a software firewall, be sure to look for connection sharing as a feature if your network connectivity depends on it. The drawback of a software firewall is that it uses computing resources and can make a significant impact on the speed and usability of the system it's running on.
If your systems are tight on resources, you might be better served with a hardware-based personal firewall. These products have evolved into inexpensive little appliances that you plug into your network and configure to your liking. The configuration is usually easy to do, and the terms the system uses are often easy to understand. The benefits of hardware personal firewalls are that they consume no computing resources and they can easily protect small networks from attacks. The drawback of these systems is that they are often feature-rich, but offer poor documentation. Therefore, carefully choose which brand fits your environment, which features are easier to manage and what additional functions the product offers.
Last, if you are an enterprise-size organization interested in deploying personal firewalls within your network, your first step is to identify the primary goals of the firewall. Do you desire additional forms of intrusion detection, centralized management, data protection or the like? Many personal firewall packages excel at a certain function while providing little or no support for others. For example, a firewall may include great logging support, but offer little in terms of centralized management.
Once you have outlined your goals, eliminate the vendors who rank poorly in those areas. There are several head-to-head review documents and ratings sites that compare personal firewalls to each other. A few quick visits to them should help you identify a couple of leading candidates.
Next, contact the leaders and ask for demo versions. Take the time to do some lab installations and testing with models of your network system loads and the like. Make sure the software is compatible with all of the tools and applications your users depend on. Carefully inspect the management and maintenance functions to ensure that they will not demand more resources than you have. Finally, make your purchase, and begin a phased implementation so that you can pay great attention to making sure that no critical business process gets damaged or impacted by the roll out.
With careful attention to features and details, choosing a personal firewall can be a very easy project. Home users and small businesses will find the protection they enjoy with these tools in place to be a true peace of mind. Enterprise organizations can reap large benefits from the additional layer of defense personal firewalls can provide. All in all, these ingenious little pieces of hardware and software can often be worth their weight in gold.