Supporting and securing network access for remote users—whether it’s new sales offices, clients, or partners now hooked into data points—isn't easy. As the first article in this three-part series on remote connectivity explored, securing access is only getting more critical.
One of the most common solutions is installing standalone firewall software on the remote user’s desktop. Yet, while tech leaders have nearly 30 firewall products (see partial listing below) from which to choose, pulling a solution off the shelf is likely the easiest part of the project. The pain comes with deployment and user adoption. In the final article in this series, we’ll review some alternative approaches in which firewall functions are integrated with other devices, such as antivirus scanning, ad blocking, or a VPN client.
Deployment issues still a problem
Many new personal firewalls were developed and launched by dedicated Internet security companies, while others were built by traditional enterprise security vendors initially focused on antivirus products. Despite the range of products available, persistent deployment and management issues are still causing tech leaders headaches.
Several new tools are addressing firewall deployment complications by automating many tasks that a user must perform during installation. For instance, one common approach by firewall vendors is to offer a user several levels of security instead of requiring the user to grant or deny access on an application-by-application, or IP port-by-port basis. The goal of this multiple-level approach is to have the firewall make certain assumptions about which IP ports should be open and which applications require Internet access.
At the low-security level, the software might simply turn off extensions like file- and print-sharing on a remote PC and just monitor for hacker attempts to invade the machine. At the high-security end of the spectrum, the firewall could block external access to all IP ports, including commonly used ones for such programs as e-mail and file transfers.
Yet, even with today’s simpler-to-configure firewall software, CIOs face another challenge: user adoption.
Management and adoption challenges
“How do you force people to use firewalls?” asked William Perkins, director of IS at a Midwest insurance company. “We’ve got many home users. Some we have lots of control over; some we don’t.”
Perkins says that there are basically two types of remote users. The first is one who connects to the company from home with a company-issued PC. This user is likely a permanent telecommuter or someone who splits workweek time between home and the office. The second type is the user who works from a home-based computer to occasionally access the company network and corporate applications.
CIOs typically need to develop vastly different remote security policies to manage both types of users, since the IT control level will differ between them.
With a corporate-owned computer, a CIO can insist that the machine have a personal firewall installed and that the firewall’s configuration is set to the corporate standard. In contrast, a CIO likely won’t be able to issue this mandate to the second type of user as strongly, since the machine in question is a home-owned, personal computer. While tech leaders could decree that any remote user seeking corporate access must have a firewall installed and configured according to certain specs, it’s impossible to ensure that the requirements have been met without a physical visit to the computer site.
Begin your search with this product list
If you’re in the market for a firewall product, you'll have several to choose from. It may be best to begin your search by visiting the leading products and vendor links below:
ZoneAlarm, Zone Labs
Sygate, Sygate Technologies
BlackICE PC Protection, Internet Security Systems
PC Viper, Source Velocity
eSafe Desktop, Aladdin Knowledge Systems
Kerio Personal Firewall, Kerio Technologies
Tiny Personal Firewall, Tiny Software
Internet Connection Firewall, Microsoft (built into Windows XP)