Some Desktop firewalls provide only port/IP blocking, but the best offer additional application controls to help you catch Trojans. Trojans are sneaky--they can send data to a remote server with HTTP to Port 80 or use any of the other common Internet protocols, which means port blocking is not sufficient. With application controls, you can specify which programs are granted network access. Products with this feature usually provide some form of application-integrity testing as well.
Let's say, for example, an MD5 checksum from a clean executable is fed to the desktop firewall. If the user tries to run a modified version of the program--such as a hack Trojan or a virus embedded into iexplore.exe--the checksums won't match and the firewall will deny the program access. Note, though, that this feature can cause an administrative headache: You'll need to maintain a list of approved programs and checksums.
Some desktop firewalls offer more application-control and file-integrity features. InfoExpress' CyborArmor, for instance, lets you control program spawning--you can set a batch script to execute when run from Eudora but not from Outlook.
Even with application control, though, Trojans can be injected into DLLs or running processes. DLL-integrity checking is the next big step, and vendors are working on this capability.
Michael J. DeMaria is an associate technology editor based at Network Computing's Syracuse University Real-World Labs®. Write to him at [email protected].
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
