Personal firewall

From Wikipedia, the free encyclopedia
Jump to: navigation, search

A personal firewall is an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy. Typically it works as an application layer firewall.

A personal firewall differs from a conventional firewall in terms of scale. A personal firewall will usually protect only the computer on which it is installed, as compared to a conventional firewall which is normally installed on a designated interface between two or more networks, such as a router or proxy server. Hence, personal firewalls allow a security policy to be defined for individual computers, whereas a conventional firewall controls the policy between the networks that it connects.

The per-computer scope of personal firewalls is useful to protect machines that are moved across different networks. For example, a laptop computer may be used on a trusted intranet at a workplace where minimal protection is needed as a conventional firewall is already in place, and services that require open ports such as file and printer sharing are useful. The same laptop could be used at public Wi-Fi hotspots, where strict security is required to protect from malicious activity. Most personal firewalls will prompt the user when a new network is connected for the first time to decide the level of trust, and can set individual security policies for each network.

Unlike network firewalls, many personal firewalls are able to control network traffic allowed to programs on the firewalled computer. When an application attempts an outbound connection, the firewall may block it if blacklisted, or ask the user whether to blacklist it if it is not yet known. This protects against malware implemented as an executable program. Personal firewalls may also provide some level of intrusion detection, allowing the software to terminate or block connectivity where it suspects an intrusion is being attempted.

Features

Common personal firewall features:

  • Protects the user from unwanted incoming connection attempts
  • Allows the user to control which programs can and cannot access the local network and/or Internet and provide the user with information about an application that makes a connection attempt
  • Block or alert the user about outgoing connection attempts
  • Hide the computer from port scans by not responding to unsolicited network traffic
  • Monitor applications that are listening for incoming connections
  • Monitor and regulate all incoming and outgoing Internet users
  • Prevent unwanted network traffic from locally installed applications
  • Provide information about the destination server with which an application is attempting to communicate

Limitations

  • If the system has been compromised by malware, spyware or similar software, these programs can also manipulate the firewall, because both are running on the same system. It may be possible to bypass or even completely shut down software firewalls in such a manner.
  • The alerts generated can possibly desensitize users to alerts by warning the user of actions that may not be malicious.
  • Software firewalls that interface with the operating system or with other firewalls or security software at the kernel mode level may potentially cause instability and/or introduce security flaws.1

See also

References

External links








Creative Commons License