With individual PCs being a high risk factor in a network, a personal firewall is an important consideration, particularly when you have notebooks going in and out of the company. CrossTec's NetOp Desktop Firewall is one choice.
The main firewall runs at the NDIS driver level, so no bad packets are passed up the stack to a waiting application. More importantly, it can be managed through the NetOp Policy Server, so you can roll out large installations without having to manually configure each computer. A policy server can be distributed using replica servers, as well, so you can cater for any network size.
One of the best features of the software is its ability to have multiple profiles depending on location.
For example, we configured our firewall to open up more ports when at home, but lock the computer down for the office environment. There is a comprehensive list of checks, including gateway and domain names, to verify which network a computer is connected to.
From there, it is simple to define policy rules. As with other personal firewalls, you can define which applications are allowed to access the network.
Unfortunately, you need to do this by manually locating the file name; we'd have preferred a list of default applications, such as Internet Explorer.
The firewall does not stop there, though. You can also create generic firewall rules based on port numbers or protocols. This way you can match the desktop firewall's policy to the company's, as well as introducing a level of application control.
The results are put into an executable file, which can then be put into a login script, forcing updates to be made whenever someone joins the network. It is an effective way of keeping on top of the situation.
However, it is more difficult using this software to apply specific profiles to specific groups of users. While this can be achieved by creating profiles to match specific groups, it is a less targeted approach than manually grouping PCs. That said, as a centralised way to protect your PCs and notebooks, NetOp scores highly.
Driver level firewall; location-based policies.
Difficult to choose application control; hard to manually apply a specific policy to a specific PC.
An effective way to run your company policy out to your entire network, Desktop Firewall is only slightly let down by management tools that require too much manual work.