Zone Labs simplifies personal-firewall management

The hardware firewall that stands between the enterprise and the savaging hordes on the Internet fulfills an obvious need. But companies also need internal firewalls, both to protect against the accidentally induced virus or worm and against the depredations of rogue, disgruntled, or just plain crooked employees.

Although it’s possible ‑ and in some cases desirable ‑ to install hardware firewalls between parts of a large enterprise, placing personal-firewall software on employee workstations is a great alternative solution that's easy to implement. Microsoft includes a very limited personal firewall with Windows XP, and a free version of Zone Alarm from the Zone Labs Web site is available via download. Symantec and McAfee also make a variety of desktop firewall products.

But those personal firewall products lack any form of management. Left to their own devices, your employees may be able to install some level of protection, but that leaves administrators with no means of making sure workstations are actually protected and no way of ensuring that the company's personal-firewall policies are enforced.

Enter Integrity. Zone Labs has combined the solid personal firewall you get with Zone Alarm with centralized management that lets administrators control most aspects of how the client firewall works, down to a surprisingly granular level.

In its simplest form, Integrity 2.0 consists of a server, which can also be the management console, and a client, which must reside on a separate computer. Both the client and server machine must run Windows. There are two versions of the client available: Integrity Flex, which closely resembles Zone Alarm Pro and provides firewall operation when the computer is away from the corporate network. Integrity Agent, a much less robust client, can be completely invisible to the user on the client computer.

In addition to client computers and the Integrity server, you will need a SQL database server, such as Oracle 8.1 or Microsoft SQL Server 2000, available on your network. Although you can install the database on the same platform as the Integrity server, Zone Labs claims you’ll enjoy better performance if you put it on a separate machine. Integrity 2.0 also works with Cisco VPN 3000 concentrators to enforce security policies on remote clients.

Installing the Integrity server and clients entails simply popping the CD into the drive and making the appropriate install choices. We did not experience any problems along the way, although installing the server requires some basic knowledge about your network, such as where to find the database server. You will also need to decide which client, the Agent or Integrity Flex, each user is going to get.

Once Integrity is installed, you’ll need to proceed through a series of steps to define users and groups. You’ll need this information later when you set policies. From there, you can decide which programs on client computers have Internet access (Integrity provides a scanning feature that handles most of this). Next, you’ll need to visit the Policy Studio to set up global, group, and user policies. You can get as granular as you’re likely to want, including being able to block specific Web sites or to prevent specific programs from accessing the Internet.