Host-based firewalls run on individual computers or devices connected to a network and protect individual hosts from viruses and malware. This helps to contain and control the spread of harmful infections that could infiltrate the wider network.
In the enterprise network environment, host-based firewalls are typically used alongside perimeter-based firewalls. This layered approach ensures that if bad actors manage to break through the outer perimeter, individual computers and devices would still be protected.
How Do Host-Based Firewalls Work?
Host-based firewalls are directly installed on individual computers. One well known host-based firewall is the Windows Firewall, which is packaged within every Windows operating system. Macs also come with preinstalled Apple-based firewalls. Additional host-based firewalls can be installed as well. These third-party software programs often offer extra features beyond the default firewall options pre-installed on computers.
Host-based firewalls work by shielding users from bad actors and hackers when they access the internet by controlling network traffic as it passes to and from the computer. Traffic the firewall recognizes as potentially malicious is blocked at the firewall to prevent viruses, malware, and other problematic code from being installed on the computer.
The nature of host-based firewalls means computers are protected when these computers are used on multiple networks, making host-based firewalls ideal for devices like laptops. While these machines may be best protected while connected to an enterprise network with adequate perimeter firewall security, they are still protected to some degree no matter what network they are connected to, including public Wi-Fi networks.
Some host-based firewalls can protect against application attacks, as well, which can add peace of mind for enterprises concerned about employees installing unwelcome software, plug-ins, and other third-party applications.
Host-Based Firewalls vs. Network Firewalls
It’s a good idea to gain a clear understanding of the key differences between host-based and network firewalls. As the name implies, network firewalls protect networks versus an individual host computer.
With a network firewall, traffic is controlled at the packet level. Only allowable packets can reach servers and IT assets. However, because any firewall can be bypassed by competent hackers, the combination of network and host-based firewalls is a far safer solution than using either type on its own.
The most common application for a network-based firewall is as an internet border device protecting a local area network (LAN) from the internet at large. Increasingly, companies are bringing next-generation firewalls on board. These more technologically advanced security tools inspect traffic at the application layer to uncover threats like viruses, intrusion attempts, SQL injection attacks, and so on.
Host-Based Firewalls Pros
Host-based firewalls have a lot to offer including environment flexibility, custom figurations, mobility and insider threat protection.
Host-based firewalls are always on an individual computer or device, no matter the environment in which it’s being used. Even virtual machines can be moved between environments and take their host-based firewalls along.
One computer or device can be configured for specific individual considerations using customized firewall rules. For enterprise networks, this means each protected computer could be configured differently based on employee roles and shifted as needed over time.
Host-based firewalls protect computers and devices wherever they are physically. This adds protection even when employees work off-site or connect to networks as they travel.
Insider Threat Protection
An adequately customized host-based firewall can stop attacks originating within an enterprise by blocking unauthorized devices and filtering potentially problematic outgoing traffic before it reaches its internal destination.
Host-Based Firewalls Cons
In addition to a lack of functionality outside of TCP and UDP protocols, host-based firewalls do have some drawbacks, including insufficient logging capabilities and vulnerabilities from both outside and employee tampering.
Simplified Packet Filtering
Host-based firewalls are not typically sophisticated enough to filter packets outside of common IP protocols like TCP and UDP, source and destination IP address, and protocol information like port numbers. Packets arriving that don’t fall into these categories can route around firewall protection.
Learn more about packet-filtering firewalls.
Lack of Logging Capabilities
Host-based firewalls usually don’t include logging capabilities. This can become a problem if employees are performing duties subject to industry regulation on their individual machines when not logged into the enterprise network. For example, if employees access personal identifying information about clients on their individual machines while not connected to the enterprise network, regulatory guidance requires the company to maintain records related to that access. Host-based firewalls don’t typically provide that kind of data retention.
Remote Access Vulnerability
Firewalls can be switched off by attackers who have gained admin level access to a host computer or device.
Vulnerable to Employee Tampering
Savvy employees may be able to get around host-based firewall protections in order to access restricted web content, including downloads that could contain malicious code. Breaking the firewall leaves the individual computer vulnerable to becoming a vehicle for bringing malware back to the office.
Guidelines for Host-Based Firewall
These best practices can be followed when installing a host-based firewall on an individual machine. Each computer or device should be considered individually, since protective needs and firewall restrictions can vary by user even throughout the same enterprise.
- Deploy host-based firewalls on any devices used to access the enterprise network.
- For the best level of protection, block all inbound traffic not explicitly required for the intended use of a device.
- Don’t forget about network devices like printers, which need their own host-based firewall enabled.
- Limit remote access. Employees who do not need remote access should be locked out through access controls. Otherwise, limit remote access to only a finite number of IPs or subnets. Consider using a VPN for remote connectivity.
- Each host-based firewall should be configured to allow network-based scanning by enterprise network security platforms.
- Restrict outbound traffic to decrease the risk of internal sabotage or dangers created by human error. This is especially relevant for mobile devices that could be misplaced or stolen. Restricting outbound traffic on the machine can help slow down a would-be bad actor.
- If the firewall allows for it, configure the settings to log firewall activity. Logs that include the following are especially useful: source/destination IP addresses and ports, application, protocol, direction, date and time, and rule.
- Review individual host-based firewall settings periodically.
- Incorporate firewall education into employee training, and implement rules restricting employees from altering firewall settings on their own.
5 Best Host-Based Firewall Providers
These nine host-based firewall providers are among the most popular and highest rated:
- Microsoft Defender: offers a range of protection levels from individuals to enterprise grade.
- Zone Labs: offers configuration of firewalls by classifying network settings.
- Comodo: offers unified managed security using endpoint detection and response security.
- GlassWire: a free network monitoring security solution with a built-in firewall.
- Sophos: enterprise-grade firewall protection with TLS 1.3 decryption, deep packet protection and application acceleration.
Bottom Line: Mitigating the Risks of Remote Access
When it comes to network security, the best firewall approach is layered, where host-based firewalls on individual machines and devices are used within a larger security framework that includes network-based firewalls. This ensures malicious data that slips past the outer perimeter firewall could still be blocked at the device level.
Host-based firewalls are a must for remote workers who frequently log in to disparate networks, whether at home or in public, where bad actors routinely attack unprotected networked devices. Not only is the individual device at risk, but employees could introduce malicious code to the network at large when they reconnect. This is also why employee education about firewall usage is critical.
Anytime firewalls are used, it’s important to establish best practices, especially around keeping configurations up to date. A firewall is only as effective as its latest update.