A client firewall is a vital component of any IT network and yet many organisations don’t implement one in an active state. Often it is deemed to be too much of an overhead to open the required application ports and IT professionals tend to rely on the network edge firewall for access security. Not only can a client firewall mitigate the propagation of attacks such as conficker they can also prevent users from becoming expert hackers as I will now explain.
A few years ago I had dinner with friend of mine who had recently been appointed as an IT administrator of his organisation. He seemed somewhat preoccupied and when I asked him what was on his mind he recounted the following:
It transpired that he had needed to do some maintenance work over the weekend and had opened port 3389 on his network firewall to facilitate a remote desktop connection from home. The server he was working on had a local firewall so he was not concerned about unauthorised access. He proceeded to remote in and perform the maintenance successfully and then went about enjoying the rest of his weekend.
Come Monday morning he received a very unexpected phone call from none other than MI5 (to protect the agents anonymity we shall call him Mr Bond). They informed him that the Apache server of a very well known bank had been attacked from one of the clients on his local network and that they would need to perform a full investigation. He subsequently spent the rest of the day providing evidence to her majesty’s secret service that the attack was from an external source and that the factory operative, who incidentally, had difficulty logging onto his machine in the mornings was not an international hacking expert.
Had a client firewall been deployed the attacker would not have had access to the local workstation and therefore would not have been able to initiate the attack.
The moral of the story?
Deploying an active client firewall can prevent your users from becoming expert apache server hackers!