The battle against malicious mobile code cannot be won by antivirus scanners alone. In the next section, I will discuss other tools that cannot only help keep rogue code at bay, but strengthen your larger security strategy.
I consider firewalls to be essential defense components in any company or on any standalone PC connected to the Internet, although even more so for broadband connections. A firewall, at its most basic level, blocks network traffic by port number and IP address. A good firewall strategy allows only predefined ports to be open and blocks all others by default. If a program, like a Trojan, tries to initiate an Internet conversation across a blocked port, its attempt will be unsuccessful and logged. And even more importantly, a firewall will block hack attempts and probes into your network or PC. Many home cable modem users are used to dozens of daily hack probes and scans against their PC. Once you have a firewall you will wonder how you did without one.
For more information on firewalls, you can refer to Building Internet Firewalls, 2nd ed., by Elizabeth B. Zwicky, Simon Cooper, and D. Brent Chapman.
Corporations should consider an enterprise-level firewall with solid reviews and awards from third-party security organizations (like ICSAlabs). Some are hardware-based solutions, like SonicWall’s Internet Firewall Appliance™ or Cisco’s PIX™. Others, like Check Point’s Firewall-1™, Axent’s Raptor Firewall™, and Network Associates ...