This chapter is from the book
This chapter is from the book
This chapter is from the book
Summary
In the end, with a personal firewall, we are likely seeing a combination of methods being used. If we define a personal firewall as software that runs entirely on the local host and protects that host alone, then our options are limited. In Linux, iptables and ipchains can perform these functions as well as provide the ability to do NAT through ipmasq. On Windows boxes, most commercial products provide primarily stateful features with required packet filtering for nonstateful protocols. We're also seeing some form of attack signature detection showing up in the Windows market to provide an additional layer of defense.
The Macintosh market is still limited. Some of the vendors of Windows firewalls also offer a Mac version of the product; Norton's Personal Firewall springs to mind. Also, with Mac OS X based on a BSD version of Unix, it now ships with the ipfw firewall. As non-Unix gurus can find configuring ipfw a daunting task, several people have created shareware configuration utilities to ease this task. If you are interested, two of the most popular are BrickHouse and Firewalk. Links to these can be found at http://www.securemac.com.
Hardware devices that advertise themselves as firewalls do not meet our definition above of personal firewalls, but they certainly help defend small networks. Hardware is capable of more than just NAT, adding packet filters or stateful inspection to their capabilities. A big benefit of hardware devices, though, is their platform independence. This makes them capable of protecting a network made up of a multitude of operating systems. You need to remember that NAT may not be enough protection, so look for other features.
Software runs the gamut, from operating system–enabled NAT and firewalls (XP's ICF or Mac OS X's ipfw) to stateful inspection features to controlled access by application, and even simple blocking of all unsolicited incoming traffic.
Something you should have noticed is that with personal firewalls, multiple protection methods are combined. I may have chosen to use a Linksys router to demonstrate NAT and ipchains for static packet filtering, but in reality, both products can perform both functions, if configured properly.
Essentially what we are seeing in the home/personal firewall market is a product that is as easy to use as antivirus software. Since the widespread use of firewalls is to be encouraged, this is a positive trend. Will "install and forget" products guarantee you will never be compromised? No. But then neither do the enterprise firewalls with teams of techies to maintain and support them.
What do personal firewalls do that enterprise firewalls don't? At the software level, commercial products are making it easy to create rules based on applications. For example, ZoneAlarm notifies you that an application is trying to access the network and you decide whether this should be allowed to happen. From that point on the application is allowed (or denied) until you change the setting.
There is an abstraction of the underlying works of the software from the user in personal firewalls. Now, let's say your protection rules disallow all traffic to port 12345, but an application tries to use the network and wants to communicate on that port. Even if you allow the application, it is not going to be able to connect until you modify your rules.
One thing you should understand is that few personal firewalls rely on a single firewall method to protect you. They are all becoming hybrids in an attempt to provide better protection for the user. Many commercial products are even adding in privacy filters, email attachment scanning or blocking, even pop-up ad blocking. While these features are nice, only you can decide which are important. And remember, you are shopping for a personal firewall. You need to choose the personal firewall that works best for you, not necessarily the one with the most add-ons.