Hi Agent Zr0, You asked for a good firewall recommendation for protection 'while surfing the net'. Network controls won't block attacks at the application level, or allow someone to browse the web safely. I mean, how many ways are there to control port 80/443 traffic? A firewall is only as secure as the configuration, and users will keep opening ports.
You can also allow her to VPN through a company network, but it opens a path from her laptop to the company network. Since the state of security on her laptop is unknown, you've just exposed the company network to her laptop and the hotspot network. What you want to protect is the 'surfing', not to force an end user to ponder the pop-up message; 'process xyz is trying to act as a server', 'block' or 'allow'. Is that an AV program? An applet? IM? Unfortunately, firewalls and other protections are often only as secure as the user is technical. Mark J. Edwards wrote a good Security Update article dated 4/12/06 'Will Malware Prompt Broad Shift to VMs?'. http://www.windowsitpro.com/Article/ArticleID/49957/49957.html Here's an extract: "Recently, Mike Danseglio, a program manager in Microsoft's Security Solutions group, made news by saying that after a system becomes infected with some types of rootkits and other malware, sometimes the only solution is to rebuild the system from scratch. Security administrators have long known this, but Danseglio's statements point out that malware is becoming so quick to exploit new problems, so advanced in new capabilities, and so viciously insidious that sometimes even the best antispyware, antivirus, content filtering, firewall, and intrusion prevention tools can't protect a system adequately."... ..."Rebuilding a desktop can be a painful and time-consuming process. If you use some sort of disk-imaging technology and keep adequate backups, you can make recovery far less stressful, but even so, with today's technology this particular route to recovery is the long road. However, if you have virtual machine (VM) technology in place, you can recover from an intrusion of nearly any type in only a few seconds because all you need to do is shut down the VM and relaunch it." Mark referenced Virtual Machines and VMware specifically, but running a second OS just for a browser is not an elegant solution, especially on a laptop. Virtual Browsers isolate your local computer resources from modification by an infection, and most allow you to reset the virtual instance to clear out all processes and temp files created in that space. A virtual browser is more than using 'Run As', virtualization typically virtualizes portions of the registry and the file system, and depending on the product, control access to COM, User Shell, local network, clipboard, etc. They can also provide confidentiality by controlling what real directories the virtual instance can save downloads to, and what real directories can be browsed to (from within the virtual environment). There are a few products in the virtual browser category: http://www.altiris.com/juice/downloads/217.asp?id=5 Virtual IE - Free (personal use) http://www.greenborder.com/ GreenBorder - (Consumer version in Beta test) http://www.sandboxie.com/ SandBox IE - Freeware http://www.shadowstor.com/ Shadowsurfer - Free limited feature product http://www.trustware.com/ Bufferzone - Free beta available Just a note, virtualization products are like latex...gloves, not shots. You use them to handle potentially infectious content. Because they're a proactive tool and are not signature based, they don't detect or repair existing infections. So don't use gloves (Virtualization) instead of shots (AntiVirus, AntiSpyware). Use them together. Bill Stout www.greenborder.com -----Original Message----- From: Agent Zr0 [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 18, 2006 7:09 PM To: [email protected] Subject: Internet security on "hotspots" I have a friend who is interested in better securing her laptop while she's out surfing the net at coffeehouses and what not. I'm thinking of telling her to just get herself a REALLY good firewall program (I use zonealarm pro myself), but I was wondering if anyone here had any other ideals or thoughts that I could pass onto her other than that. Agent Zer0 [EMAIL PROTECTED] ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
