By Lee Schlesinger

About seven years ago, when the network firewall market began to explode, I remember chatting with Bill Hancock, CTO of Network-1 Security Systems. “Soon,” he said, “every desktop is going to have its own firewall.”

I must have looked skeptical, because he continued, “Today, we have firewalls that protect the network as a whole. But what if someone gets around that firewall? Or what if an attack comes from inside the network?”

Software firewalls: Only as good as the OS
Hancock was clearly right, because such products have been available for years now. Today, products like Network-1’s CyberwallPLUS-WS and InfoExpress’ CyberArmor can be centrally deployed to protect individual workstations.

Those organizations that want to protect all their desktops need the most secure environment they can find. Walling off each desktop helps maintain security and privacy, but, as we learned with network firewalls, a program is only as secure as the operating system under which it runs. If an intruder is smart enough to get past the network firewall, chances are he’s devious enough to gain access to any Windows-based client. Need I belabor Microsoft’s Swiss cheese approach to client security?

A firewall on the NIC
Luckily, we’re about to get an alternative that bypasses the weaknesses of the operating system. 3Com Corp. just released a product called Embedded Firewall that runs as firmware on its 3CR990 NIC. This NIC already includes silicon designed to accelerate IPSec traffic. Adding firewall code is a logical extension. NICs throughout an organization are managed through a single central policy server that controls configuration and access rights. You can install an Embedded Firewall on a workstation or a server.

If you need this additional protection from any threats that may loom inside the corporate firewall, the 3Com Embedded Firewall provides a manageable way to enhance your desktop security.

This article was published by ZDNet Tech Update on Mar. 27, 2002.

Join the debate

Do most enterprise desktops need the extra protection desktop firewalls provide? Do you currently use or would you consider using a “secure” NIC in your organization? Post a comment to this article and share your opinion.