Tech Tip: Implement firewalls to protect mobile clients

Learn how to implement firewalls to protect mobile clients.

By Mike Mullins

Client firewalls are programs designed to protect individual computers connected to a network. These personal firewalls examine the data stream and deny access to suspicious inbound and outbound traffic.

Some firewalls even provide access control to block specific applications from accessing the corporate network or the Internet. As the number of telecommuters using corporate laptops continues to grow, these firewalls have become vital for providing mobile security to corporate users.

Your organization's security policy should take steps to secure all corporate assets behind a firewall. And your mobile clients are no exception to that rule.

You should run Internet Connection Firewall (ICF) on all of your corporate desktops. However, when it comes to mobile clients, the protection ICF offers is insufficient.

Establish your criteria

The good news is that there are several excellent client firewalls to choose from. But when selecting which client firewall to deploy, weigh your protection options carefully. Here are the minimum requirements you should expect from a client firewall.

The firewall must be able to monitor inbound and outbound traffic, and it must be able to block all malicious traffic on any interface (e.g., modem, Ethernet NIC, Wireless NIC, etc.) used to connect to a network. It must also be able to control which applications can access the network, and it should be able to track intruder activity and record that information to a log file.

In addition, you must be able to centrally manage your client firewalls. The last thing you need is another piece of software that requires personal attention from an administrator each time your security policy changes or a user needs to connect from a hotel room.

Know your firewall options

Now that we've defined the minimum criteria, let's look at some of the market leaders for mobile client firewall solutions:

  • Sygate Managed Personal Firewall: This option's key features are an adaptive policy that changes based on the user and network events and the graphical Rule Viewer, which provides a comprehensive view of the entire security policy.
  • Zone Labs Integrity Desktop: This choice offers automatic VPN detection and configuration, which integrates seamlessly with several corporate VPN solutions. It also integrates flexible policy provisioning based on the type of network connection (e.g., LAN, VPN, WAP, etc.).
  • Tiny Personal Firewall 5.0: This option is XML-driven, and it provides multiuser environment support that creates rules for specific applications running under specific accounts and applies them simultaneously.

All of these client firewalls provide excellent protection for mobile clients. Each provides an excellent management console to notify the user of network events. All three are simple to deploy, and you can manage them from a central location.

Final thoughts

There are many other excellent client firewalls on the market from reputable vendors. However, most of them lack centralized management, which I believe is essential to this type of security solution.

Don't get hung up on vendor names when it comes to security devices. Look for form and function within your budget, and make your choice based on your security requirements.

Mike Mullins has served as a database administrator and assistant network administrator for the U.S. Secret Service. He is a Network Security Administrator for the Defense Information Systems Agency.

Editor's Picks

Free Newsletters, In your Inbox