There seems to be a train of thought hereabouts that tools like
ZoneAlarm are toys and real geeks need a "real" firewall. I would
just like to point out that ZoneAlarm can do some things that the so-
called serious firewalls *can't*.
Let's say for the sake of argument that you have a Windows desktop
behind a firewall which is [substitute serious firewall of your
choice]. That firewall has no clue *what program* on the Windows
desktop is trying to make a connection. It does matter. For
instance, I tell ZoneAlarm that my E-mail client is *not* allowed to
access the Internet. (My Web Browser is.) What does this buy me?
Protection from Web Bugs. If I get a Web Bug in E-mail, the E-mail
client will attempt to connect to the Net to retrieve the graphic.
ZoneAlarm asks me if I want to allow that. I say no. Web Bug
squished. How would my "adult" firewall handle this? The BigBoy
firewall would only know that client such-and-such wants to connect
to site such-and-such using http -- *ALLOWED*. The firewall *CANNOT*
enforce rules based on which *desktop* programs are trying to access
the Net. Programs like ZoneAlarm can do this.
Programs like ZoneAlarm have a place in the security scheme *along
with* strong firewalls protecting the network. They allow security
policies that are "smart" about what's going on on the desktop. They
can protect against some goofball trojans that would do things you
wouldn't want through http tunnels.
No tool is a panacea, but if you've avoided looking at personal
firewalls like ZoneAlarm thinking you already have a BigBoy firewall,
think again. ZoneAlarm is pretty cool. Use ZoneAlarm *AND* a strong
firewall.
---
#include <disclaimer.h>
Jim Rosenberg
Ross Mould
259 S. College St.
Washington, PA 15301
(724) 222-7006 x 189
E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
