Computerworld - From Iraq, Libya, China, New York, even your hometown, the bad guys' software is constantly probing the Internet, examining consecutive IP addresses for information. Ah! The software finds an active IP address. What sort of device is it? Does it have a network management agent? Whose protocol stack is the device running? Is the IP address permanently assigned? Might the device be a good target for a virus, Trojan or worm? Is port 23, which is used by telnet, open? Might it be worth flooding the device with denial-of-service packets? Does the IP address correspond to a registered domain name? Is the network node running Web server, FTP server, database server or file sharing software?
A sophisticated probe can discover a staggering amount of data and store it for future use. If an employee's home PC has a persistent Internet connection via Digital Subscriber Line (DSL) or cable, the probe's database almost certainly contains his IP address and network node data. Even dial-up users with dynamically assigned IP addresses can be at risk if connections last more than a half-day. An employee who routinely handles company business and confidential data from his home computer is also at risk.
A number of companies offer personal firewall products to help block Internet-based intruders. I tested four of the best-known - Norton Personal Firewall 2001 3.0 from Symantec Corp., BlackIce Defender 2.5 from Network Ice Inc., Tiny Personal Firewall Build 12 from Tiny Software Inc. and ZoneAlarm Pro 2.6 from Zone Labs Inc. - to find out which offers the best deterrent to Internet probes. Unlike corporate firewalls that operate on a networkwide basis, these tools guard a computer by inserting themselves into the PC's TCP/IP protocol stack. The firewall intercepts and examines each inbound or outbound Internet message. It distinguishes, for example, between legitimate messages that are responses to your Web browsing and illegitimate messages that you never asked for. The software also uses network address translation to substitute a bogus IP address inside your computer's outgoing Internet messages. When the bad guys don't know who you are, they can't penetrate your PC.
I tested each firewall on an IBM ThinkPad A21m with an 850-MHz Pentium III, 512MB of RAM and a 32GB hard disk. The ThinkPad was connected to the Internet over a 384K bit/sec. DSL connection feeding a 3Com Corp. 100M bit/sec. Ethernet port.
I used many tools to test security, including Internet Scanner from Internet Security Systems Inc. in Atlanta
Free Insider Guide