To be effective, a desktop firewall must keep intruders out and restrict the network access of the calling application and any loaded modules. An ACL (access-control list), for example can prevent all programs from listening on TCP Port 25, thus disabling one popular method for spreading e-mail-borne worms.
But network-access control isn't perfect. The dialog boxes that ask if an application can access the network don't always provide the user enough information to make a decision, and it's human nature to want to allow access. If you're thinking about deploying desktop firewalls, make sure you can configure and enforce policy centrally.
Clearly, the desktop battlefield is on the minds of the biggest companies' developers. At the 2003 Gartner Fall Symposium, Microsoft CEO Steve Ballmer described technologies, planned for inclusion in Windows XP and Windows 2003, that will allow the inspection of computers and shield vulnerable systems via a distributed firewall. But unless Microsoft plans on adding that protection to all the supported versions of Windows, the cottage industry of desktop firewalls from ISS, Sygate, ZoneAlarm and others will still be viable.
Along with strong protection around your key data centers, perimeter protection plays a key role. But antivirus, content-inspection, intrusion-detection and intrusion-prevention remedies all employ reactive technologies: Unless a signature for the threat exists, they won't detect the problem. Organizations that rely solely on blocking unwelcome traffic at the perimeter are bound to lose--imagine protecting your king with nothing but pawns.
Still, the perimeter is the first point of attack, so you must have a strategy here, too. To choose the right product, determine where your traffic ends up once it traverses the perimeter. For a small network on which all traffic flows through a single network connection to the Internet, a multifunction firewall may be viable, especially in shops with little IT support. Such a product is easy to use, but limited. For instance, if you rely on the firewall to scan your e-mail for viruses and your e-mail server is on the trusted side of the network, e-mail sent from one internal user to another won't be scanned. Your e-mail server must have antivirus software.
For more complex networks, consider pushing perimeter protection like Web services filtering and network-intrusion prevention on to specialized devices. As attacks become data-driven and protocols such as SOAP (Simple Object Access Protocol) and XML-RPC (Extensible Markup Language Remote Procedure Call) become prevalent, the traditional perimeter devices are hard-pressed to keep up. Processing these protocols takes additional system resources, which can lead to performance bottlenecks. A dedicated security device will bring better performance, both at the perimeter and inside it.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
