Personal Firewalls

What is a Personal Firewall?

(This section on personal firewalls supplements the Firewalls section under Network Security.)

Unlike a firewall intended to protect an entire network, personal firewalls are designed to protect a single computer. A firewall that protects a network is usually a dedicated server. All network traffic goes through the firewall first, before it reaches the workstations it protects. Unlike a network firewall, a personal firewall is software that lives on the personal computer. The program interacts with the operating system and its applications to keep it protected. Most personal firewalls are installed in a stand-alone mode on the workstation it protects. However, some solutions utilize a client-server solution. In this case, personal firewall software is installed on each workstation as a client. Software on a server controls the configuration, logging and updating of the client workstations.

Levels of Protection

A firewall can protect in two basic ways:

TCP/IP Layer

This layer is the main method of protection for most firewalls. This level of protection only protects the computer where TCP/IP packets are concerned. It doesn't look at the actual content of the packet to determine, for example, whether or not the content may be a virus. It just looks at the packets that deliver that content. Some methods of protection at this level are:

  • Packet Inspection - This method monitors the TCP/IP packets entering the computer and decides whether or not to allow them based on their nature. Some popular attacks that can be prevented through this method are "denial of service" and "ping of death."
  • Network Address Translation (NAT) - Network Address Translation is one of the most important protection features of firewalls. It uses the public address on the "exposed" side of the firewall and translates it to an "illegal" or "invalid" address on the protected side of the firewall. Because the inside is represented by an invalid address, it makes it very difficult for intruders to get in.
  • Stateful Inspection - Stateful inspection is usually used in conjunction with NAT. As the firewall sends out packets, it not only keeps a connection table to allow the return traffic to come back to the originator, but it also looks into the packet and checks the sequence number to see if it's out of sequence. If it's out of sequence, it will reject the packet. This is very secure because an attacker can't just fake an IP address and port number. S/he also needs to fake the exact sequencing of the packet, which is very difficult to do in real time.

Application Layer

Protection on the application level is one of the more important features of personal firewalls. This level ignores the actual nature of the packets on the TCP/IP layer but looks at the information carried by the packets. Some of the security issues addressed by application level security are:

  • Email and Web Browser Security - Personal firewalls can monitor vulnerabilities of email clients and web browsers. Some features they safeguard against are unsafe Active X content, Java scripts, use of cookies, and other potentially unsafe functions.
  • Anti-Virus - Some personal firewalls come integrated with anti-virus software. This is an important feature for inspecting file attachments as well as dangerous scripts that can be run through email clients or web browsers.

Products

There are many personal firewall products available. Two popular products are:

Integration with Windows

Windows XP, Vista and 7 all have a built-in firewall feature. It allows you to enable a stateful inspection service along with advanced options to allow redirection of services like http, ftp, telnet, etc. This feature should only be enabled if the computer is not protected by a network firewall. Be sure that you don't have both the Windows Firewall and a personal firewall product enabled! Most third party products will disable the Windows Firewall to avoid interference.

Next: Server Security