Symantec Desktop Firewall is one of a suite of programs designed to help enterprise users protect their systems from network and Internet intrusion. The program works with Windows 9x, NT Workstation, and 2000 Professional. It is not compatible with Windows Me. It is not a server firewall, so it is not recommended for installation on NT or 2000 Server. In this Daily Feature, I’ll review Desktop Firewall.
Program installation presents no surprises or difficulties. A wizard walks you through the installation process. If setup detects a previous installation, it will prompt you to remove it. If you do, note that you’ll remove your previous settings and firewall rules, as well. After a reboot, you can continue the installation. You can also choose to perform a live update after the program is installed. Doing so automatically searches Symantec’s Web site for the latest program updates and installs them. After installation, you will be prompted to reboot your computer.
Desktop Firewall is an enterprise product that must be installed on individual clients. To aid the administrator, clients can be deployed using remote administration via Web installations, NetWare login scripts, Windows NT login scripts, SMS, or network shares. Product manuals contain basic instructions for these installs, and tools can be found in the Rollout directory of the CD.
Using Desktop Firewall
Desktop Firewall presents a simple interface to users on the front end but has the ability to set and follow rules behind the scenes. In this way, the program can offer a level of security right away, in the background, even if the end user isn’t familiar with the tool. Later on, the end user can delve more deeply into the settings, making modifications and fine-tuning rules. This design makes Desktop Firewall easy for your clients, but there is a trade-off. By default, some behaviors are enabled that could be risky. (I’ll discuss these default behaviors a little later.)
Desktop Firewall is enabled during startup and runs in the background. When the program detects an application trying to access the Internet, it sends an alert, displaying the basic details and offering the user three choices. As shown in Figure A, users can choose to Configure A Rule For The Future, Block This Network Communication This Time, or Permit This Network Communication This Time. Users unsure about the outcome can use the temporary settings. Choosing to configure a rule opens a wizard.
|Desktop Firewall presents three choices for end users to handle applications trying to access the Internet.|
Behind the scenes, Symantec’s enterprise firewall client has many useful tools and options. You can click buttons to view a comprehensive Event Log, view Statistics, Clear Statistics, and review Advanced Options. The Event Log’s six tabs let you browse activity based on Content Blocking, Connections, Firewall, Privacy, System, and Web History. Figure B shows the Firewall Event Log. The first item shows my decision to allow NetBIOS communication. The bottom of the Firewall Event Log screen shows all the details.
Figure C shows the statistics screen, on which you can view your Internet and LAN connection information, how your firewall rules were applied, and a scrolling graph of connection activity. Coupled with the Firewall Event Log, these statistics give you a powerful accounting of your connections and the effectiveness of your firewall.
The Advanced Options screen shows three tabs: Web, Firewall, and Other. From the Web tab, you can add and remove sites. You can also configure each Web address to block or permit cookies and information such as referrer site, browser used, and e-mail. You can choose how each site will handle scripts, Java, ActiveX, and animations. In addition to setting configurations for each site, you can set general default behavior.
The Firewall tab lists all the rules in effect. You can add, remove, modify, change the order, and test each rule to see how it affects your system or the specified application. Figure D shows the rule list, while Figure E shows a typical Modify Firewall Rule dialog box.
|The list of firewall rules has icons that reveal the rules quickly and clearly.|
|It’s hard to imagine a more robust rule setup for a software firewall.|
Note that many known Trojan exploits are already configured to be blocked.
Any firewall program’s default behavior is going to affect your system’s level of security. For this reason, it’s important to look carefully at default behavior in evaluating a product. By default, Desktop Firewall enables automatic firewall rule creation. While this is a user-friendly setting, it also means that potentially unsafe rules may be created behind the scenes. Users can adjust these rules later, but that calls for a level of commitment and knowledge your end users may not have. If you can live without that setting, it may be best to disable it. According to Gibson Research, automatic rule setting is unsafe because it would allow exploits that masquerade as trusted applications.
Also by default, Privacy and Security levels are set to Medium. You may want to reconsider these settings, depending on your network’s vulnerabilities. The three preconfigured settings (Minimal, Medium, and High) can also be custom configured. You’ll want to check the ports listed and consider adding custom ports to block or permit, for instance, for VPN use or for special company configurations.
My previous experiences with Symantec’s antivirus and system tool suites caused me to be concerned that this program would be bloatware. However, this enterprise app is sleek and feature rich. Rather than whistles and bells, you are presented with the facts in an efficient interface. I recommend this product as an enterprise security solution for clients. While it’s no replacement for fast firewall hardware or firewalls configured by knowledgeable IT staff, provided that you are aware of Desktop Firewall’s default behavior and that clients can be educated to some of the basics of Internet security and privacy protection, this is an excellent start to safeguarding your systems.
The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.