Labs

Software Labs: Personal firewalls

To test the firewalls we install each one on a PC running a fully up-to-date version of Windows XP Professional. We subject each of these computers to the sort of network scanning a hacker would use to try to find a weak point to attack.

Each Windows installation also has a copy of Microsoft's IIS web server enabled. This is not installed by default when you buy a PC, but it is available on the Windows installation CD and enables you to run a website from your desktop PC. We test how easy it is to configure the firewall so it allows people on the internet to connect to the website, but to no other parts of the computer.

IIS is a tricky bit of software because it doesn't just run a web (HTTP) server. It also provides mail (SMTP) and file transfer (FTP) services. Personal firewalls that use application control will often ask if IIS should be allowed to accept connections from the internet, and promptly allow access to all these services. We test how easy it is to lock down each firewall so that only the web (HTTP) service is exposed. Finally, with the website running and all other entry points closed, we run a special scanning tool, used by professional hackers, that probes websites for vulnerabilities that an attacker could use to gain control of the system. Most of the firewalls offer an intrusion detection system (IDS), and this test indicates how useful a firewall's IDS is.