Personal Firewalls and Online Armor Personal Firewall Advantages and Disadvantages - Literature review Example

Your name: Course name: Professors’ name: Date What is a Firewall? According to Kizza (2009)a firewall is a hardware, software or a combination of both that that is used to monitor and filter traffic going into or leaving a protected or private network, and prevent unauthorized entry into this network. It typically performs a two-pronged security function of: Filtering of traffic packets based on “accept or deny” policy that is defined by the information security policy Service provision to users within the network through application proxy gateways, while protecting them from malicious users from outside the network. The firewall denies access to the private network by dropping any unauthorized traffic packets. It is located in the network such that all traffic outbound from or inbound to the network passes through it. This firewall setup is the most commonly used by organizations and the firewall in this cases acts as a bastion host. The bastion host is a computer on the network of the organization that has the bare minimum and essential services, which is set up to withstand all kinds of network intrusion attacks. It acts as a chokepoint for all traffic between the network and outside networks, and for that reason the first point of network security defense (Kizza, 2009). Shelly and Vermaat (2009) further observe that besides protecting the network resources from external intrusion, the firewall also restricts users within the network from accessing internal sensitive data like personnel records or payroll. Organizations have the option of implementing their own firewall solution, or they can outsource this function to a third party that specializes in provision of firewall solutions. According to Kizza (2009), the security policies governing firewall security policies are consolidated into either denying all traffic and services that have not been specifically allowed in the organization, or allowing all traffic and services except those that have been blacklisted. Based on this, “firewalls are classified based on the network layer” they serve and the services they provide. As such there are several types, namely packet inspection or filtering router firewall, application inspection or proxy server firewall, authentication and virtual private network (VPN) firewall, small office or home (SOHO) firewall, and the network address translation (NAT) firewall. Personal firewalls are software-based firewalls that are installed on a computer to provide protection for the data therein from unauthorized access or intrusion. They work in the same way as the robust and dedicated firewalls in the network setting. The need for personal firewalls is justified by one particular shortcoming of the dedicated firewalls. The dedicated firewalls can prevent harmful or malicious traffic from reaching computers in the internal network but they have limited features for preventing attacks that originate from within the network. Such attacks are usually propagated by viruses, such as the Code Red virus which exploited a vulnerability in the Microsoft webserver IIS. The impact of such a virus within the network can be greatly reduced if well configured personal firewalls are used to prevent its traffic flow (Cole, 2011). Personal firewalls are usually implemented as either a (simple) personal firewall or a personal firewall appliance. The personal firewall configuration involves installing a program utility on a computer system to protect it and its resources only. The personal firewall appliance configuration is meant to protect small networks like those found in home offices. The appliances are typically run on specialized hardware and incorporate other network infrastructure components. Both of these configurations may be deployed to provide a layered defense security strategy (Vacca & Ellis, 2004). There are various personal firewall options available for use today. The ones chosen for discussion and analysis are Online Armor Personal Firewall, Comodo Firewall Pro, and Agnitum Outpost Firewall Pro. Online Armor Personal Firewall Description It is a firewall developed by Emsisoft. Like a typical firewall, itmonitors inbound and outbound traffic. It has a “run safer” feature that allows the user to set programs to run with the permission levels of a limited user account. It also hasHost Intrusion Prevention System (HIPS) features such as: Anti-Keylogger which identifies programs that behave like key loggers and asks the user if they want to block them Program Guard which blocks programs from making changes to the computer unnecessarily, accessing unauthorized areas or from executing or running altogether, if malicious Autoruns Management which monitors processes or programs that run at windows startup and enables the user to either block them or allow them to run automatically HOSTS Protection which monitors and prevents modifications of the Operating System (OS) HOST file Web Shield which blocks websites or domains that are considered malicious Advantages Its Anti-Keylogger feature does not conflict with anti-key logger software that encrypt keystrokes for protection Its Web Shield does not conflict with the web shields of anti-virus software that use detection and blocking of malicious files or downloads to provide protection Its Learning Mode automatically labels the installed programs as safe and continuously reduces the number of pop-ups prompting the user to classify programs as safe or not. It gives the user the option of disabling all HIPS features in favor of using firewall features only The settings of Online Armor can be password-protected to prevent unauthorized modification It also has Tamper Protection to prevent malware from modifying or terminating it It has paid versions that offer extra features over the free version Disadvantages There are no automatic updates to its newer versions. Automatic updates are limited to the paid version, and for database updates of the free version Its port tracking is inadequate It cannot block IP addresses that are domain-less Its Advanced Mode that allows users to modify rules and settings is available in the paid version only It conflicts with the Virtualization software VirtualBox It is limited to 64 bit versions of Windows 7 SP1 and Windows 8 If there are malware on the computer on which Online Armor is being installed, they will be allowed to propagate malicious traffic as the Learning Mode assumes they are safe programs at first install It has a generic help file that does not distinguish between the features of the free version and the paid version. Comodo Firewall, Description Comodo Firewall is a freeware developed by the Comodo Group. It also offers a robust and active HIPS-based protection which appears under its Defense+ feature. It is a prevention-based security solution in which any new program installation, and unknown or suspicious applications are run in a sandbox. The sandbox feature is used to create a list of safe applications in the event that a new unknown or malicious application attempts to pass through the firewall. It usually prompts the user on the next course of action. It also includes a “memory firewall” feature that protects the system against buffer overflow attacks. Its installation options are three-fold, namely Maximum Proactive Defense, Firewall with Optimum or Firewall Only. Its automatic mode after installation is the Safe Mode in which numerous pop-ups prompt the user to mark the software vendors as trusted in order to create a custom policy to be used for reference. Its other mode is the Clean PC Mode which is more liberal as it assumes that all the application on the computer are safe and trusted. There is minimal monitoring of applications but any files that are considered unsafe will trigger pop-up messages prompting the creation of an updated custom policy. The Defense+ feature can be automated by choosing the “remember your answer” option of either trusted or untrusted in response to pop-up prompts. It can also be automated by adding trusted files to the “My Own Safe Files” list or the “My Trusted Software Vendors” list, a feature available in the Safe Mode or “Paranoid Mode”. The third automation option is using the Clean PC mode from the tray after scanning and removing the malware. Advantages It has a user-friendly interface with a desktop widget that is handy Its Sandbox feature enables users to browse and conduct their computing tasks without the risk of unknown software causing harm to the system Its Secure DNS feature blocks DNS-based attacksoriginating from websites Its Behavior Blocker feature protects areas of the system that are considered sensitive It has a stealth protection of ports against attacks It has a hardened Internet browser known as Dragon Browser It provides behavior-based protection and malware blocking Disadvantages When installed, it includes some extra software like the Geek Buddy that are bundled within that are not particularly helpful for firewall-related activities It initially presents problems in accessing web-based services such as Google Reader and Gmail It is overly aggressive and may cause computers to crash due to issues with compatibility It has too many pop-ups, alerts and prompts Its Sandbox feature may be a hindrance to the installation of some legitimate applications Its malware detection is not very adequate and does not clean up malware infections well It does not handle leak tests thoroughly It has no protections against exploits Its Secure DNS protection features is not effective against phishing Universal Resource Locators (URLs) The Dragon Browser user interface needs some improvements It Clean PC Mode may leave malware undetected if installed into an infected system Agnitum Outpost Firewall Description Outpost Firewall is developed by Agnitum and is available both as a freeware and as a paid version. It detects both incoming and outgoing threats to an application and a system from the LAN and the Internet. It has a Web Control feature that blocks dangerous and malicious websites and webpages. It also maintains a list of IP addresses that have been previously blocked. The Web Control features also gives users the option of blocking URLs manually using keywords, and also block ads both automatically and manually. In the same way, it gives the user the option of creating a blacklist of malicious URLs and range of IP addressed to be blocked. It has a HIPS feature which appears as “Host Protection” in its interface. It is able to remember the user’s responses to pop-up prompts. It notifies the users of any application that is allowed to access the internet, especially in its learning phase. The HIPS component has four protection levels that can be selected using a slider. It has an Auto-Learn mode and a Rules Wizard with which the user can specify a duration of time in which the firewall will be trained to recognize safe applications. Other features of this firewall include: It has the ability to block identity (ID) leaks Its ImproveNet feature that is cloud-based anonymously collects user data for use in deploying more automated security rules Its traffic filtering protection feature extends to mobile broadband services like 3G modems Its Proactive Protection feature ensures the safety of e-wallets, logins, browser histories and passwords It has a background mode in which rules can be run by the system administrators and hidden from users. In the same mode, users can enjoy full-screen applications without the interruption of alerts It has a feature called SmartDecision that acts as virus adviser to help users decide whether to allow or block a new or unknown application using color codes It has simple and expert modes, and also has an Auto-Learn feature with which it remembers the behavior of the users to be able to make autonomous decisions later Advantages It is able to detect and block port scanning activities It is tamper-proofed against being disabled or terminated by malware It tamper-proofs systems against key loggers and packet sniffing activities It is able to handle the malware characteristics revealed by leak test utilities Its File and Folder Lock feature completely blocks access to the items that are selected It has a stealth protection of unused ports against attacks Its settings can be secured with a password to prevent unauthorized modification or tampering It is aware of its location in the LAN and can modify itself to be shielded from wireless networks or intrusion originating from behind the firewall It can scan and detect attempts at intrusion or infiltration using PDF files It can detect and block spyware that attempts to use USB storage devices as a point of access Disadvantages The free version has been bundled into a suite and is no longer available as a standalone product The free version also lacks crucial features found in the paid version such as automatic updates, and the ability to terminate active connections It has no protection against exploits By default, its controls are inactive When active the program controls generate too many pop-ups Its optimal settings lack direct disk accessing features, anti-key loggers, features to monitor DNS API requests Comparison The three personal firewalls reviewed have some common features, for instance they all have HIPS capabilities, tamper-proofing against interference by malware, and a variation of self-learning capabilities. Agnitum Outpost Firewall takes the self-learning feature by not having to create a set of trusted rules unlike Online Armor. On the other hand it notifies the user of applications that have been granted permission to access the internet, just like Online Armor. Agnitum Outpost Firewall and Online Armor also share the anti-key logger password protection of settingsfeatures. A unique feature of Online Armor is it protection of the OS HOST file. While they all have alerts and prompts to users, Agnitum Outpost Firewall has a better feature in the name of SmartDecision to enable users correctly respond. Agnitum Outpost Firewall also has the ability to detect intrusions being propagated through PDF files and USB disks, features that the other two firewall lack. The Comodo firewall’s sandbox feature gives it an edge over the others as it can isolate an unknown or suspicious application until its safety is verified. It also has a Dragon browser that can be used for safe web surfing.On the downside, the Clean PC Mode of Comodo and the Learning Mode of Online Armor require that they be installed in clean uninfected systems. Given the various features of these personal firewalls, a user should consider their computer usage activities against the protection that each firewall offers in order to decide which one will best serve them. Reference Cole. E. (2011). Network Security Bible (2nd ed.). Hoboken, NJ: John Wiley & Sons. Kizza. J. M. (2009). Guide to Computer Network Security. New York, NY: Springer Science & Business Media. Shelly. G., & Vermaat. M. (2009). Discovering Computers 2010: Living in a Digital World, Introductory. Stamford, CT: Cengage Learning. Vacca. J. R., &Ellis. S. (2004). Firewalls: Jumpstart for Network and Systems Administrators. Amsterdam: Elsevier. Read More