One of the fallouts from last month's wave of distributed denial-of-service attacks has been a surge in the use of personal firewalls to secure home PCs accessing corporate networks and to track invaders who seek to use them in attacks.
"We are getting five or 10 requests a day from companies to secure the endpoints of their VPNs," said Gregor Freund, president of Zone Labs, which has seen more than 500,000 downloads of its free ZoneAlarm personal firewall in the past month, more than at any other time in the company's history.
Freund noted that Trojan horse programs installed on a PC can observe sensitive information before it's encrypted by a virtual private network (VPN). "You can encrypt as much data in transit as you want, but if the PC that information originates from is not secure, then the entire system is not secure," he said.
Greg Gillion, CEO of Network ICE, said 90% of the calls for its BlackICE intrusion-detection and firewall product also come from companies seeking to secure telecommuters dialing into VPNs. He said sales of BlackICE are up 50%.
Gillion noted that the average home office could be seized as an intermediate cloaking device through which to transfer commands to an attacking computer. A new malicious program, called Subseven, which is being used by crackers to cover their tracks in this way, is routinely found in BlackICE scans, he said.
Greg Howard, an analyst at The HTRC Group, said he has had 20 attempted attacks on his home PC since installing his firewall in December. He said recent revelations about the former director of central intelligence, John M. Deutch, improperly handling classified information on his home computer also raised awareness among companies that telecommuters can pose grave security risks.
"Personal firewalls are just another way to protect the integrity of the [corporate] system," said Howard, who noted that some companies are now making them mandatory for telecommuters. "[Intruders] could not only get data but also access the corporate network by sniffing the passwords, algorithms and keys on your personal PC."
Freund warned that some personal firewall programs generate false alarms and prompt users to flood Internet service providers with suspected attack data. "Most users are not sophisticated enough to know that IP addresses can be spoofed and which ISPs to go after," said Freund. ISPs "don't have the bandwidth of analysts to work on them."