Why personal firewalls are a security necessity for laptop users

Laptops used remotely represent unique security risks to today's networks.

Mobile devices and PCs are often the last thing administrators think of when beefing up defenses. An NCC Group survey last year showed that remote-client security updates are executed with less than one-fourth the frequency of on-site workstations, and that one-sixth of remote clients maintain no security at all.

Here are the potential security holes and issues inherent when laptops log in to your network—and a way to protect your users.

Remote laptop risks

A wireless laptop offers a wide assortment of treasures to a potential intruder:

  • IDs, passwords, and other access information for penetrating your wireless network and specific targets
  • A gateway to your company's servers
  • A gateway to company e-mail
  • A gateway to the database if the laptop is used by roving salespeople or marketing representatives
  • Lots of personal information, such as credit card info, PIN numbers, and the user's home address
  • The ability to spy on a telecommuter

Wireless laptops are company property that require access to an already enticing intruder target, and they're in the hands of employees with varying information requirements and attention spans. That's where a personal firewall can help.

How a personal firewall works

A personal firewall does for a single computer what a network firewall does for a family of servers: It inspects inbound packets, scanning for forged IP addresses and suspicious repetition (to detect DoS attacks, etc.). Beyond the protocol level, some firewalls can also examine the contents of packets to spot illegitimate use of cookies, questionable Active X content, and virus-bearing e-mail attachments.

When choosing a personal firewall, carefully evaluate what each firewall will and will not do. Some (but not all) personal firewalls can prevent someone from accessing your network via your client laptop's ad hoc mode.

Once a personal firewall is installed on your remote user's laptop, make it a policy that the firewall remain in place. If you can, take it one step further and install the firewall as part of the ghost image placed on all of your company's remote laptops at the time of deployment or when upgrades occur.

Personal firewall choices

If your company's laptops are running Windows XP, there's a firewall built in. You can enable it with these simple steps:

  1. Go to Start | Control Panel | Network And Internet Connections | Network Connections.
  2. Single-click on the connection category that you wish to protect (Dial-Up or LAN, High Speed Internet, etc.).
  3. From the Task Pane on the left, navigate to Network Tasks | Change Settings Of This Connection | Properties | Advanced.
  4. Choose Internet Connection Firewall.
  5. Check the box next to Protect My Computer And Network By Limiting Or Preventing Access To This Computer From The Internet.

You can obtain further details on the strengths and limitations of XP's firewall by clicking here.

If you're not working with XP, here are links to popular personal firewalls:

  • Symantec/Norton
  • McAfee Security
  • ZoneAlarm
  • BlackICE
  • Tiny Personal Firewall
  • You can't go wrong with any of these—unless you fail to put one in place!

    About Scott Robinson

    Scott Robinson is a 20-year IT veteran with extensive experience in business intelligence and systems integration. An enterprise architect with a background in social psychology, he frequently consults and lectures on analytics, business intelligence...

    Editor's Picks

    Free Newsletters, In your Inbox