A personal firewall is an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy.[1] Typically it works as an application layer firewall.
A personal firewall differs from a conventional firewall in terms of scale. A personal firewall will usually protect only the computer on which it is installed, as compared to a conventional firewall which is normally installed on a designated interface between two or more networks, such as a router or proxy server. Hence, personal firewalls allow a security policy to be defined for individual computers, whereas a conventional firewall controls the policy between the networks that it connects.
The per-computer scope of personal firewalls is useful to protect machines that are moved across different networks. For example, a laptop computer may be used on a trusted intranet at a workplace where minimal protection is needed as a conventional firewall is already in place, and services that require open ports such as file and printer sharing are useful. The same laptop could be used at public Wi-Fi hotspots, where it may be necessary to decide the level of trust and reconfigure firewall settings to limit traffic to and from the computer. A firewall can be configured to allow different security policies for each network.
Unlike network firewalls, many personal firewalls are able to control network traffic allowed to programs on the secured computer. When an application attempts an outbound connection, the firewall may block it if blacklisted, or ask the user whether to blacklist it if it is not yet known. This protects against malware implemented as an executable program. Personal firewalls may also provide some level of intrusion detection, allowing the software to terminate or block connectivity where it suspects an intrusion is being attempted.
Common personal firewall features:
Firewalls help protecting internal network from hackers, However firewall do have some limitations.
In the mid 1990s, as a part of the information security architecture project for a Fortune 100 corporation in the United States (the Anheuser-Busch Corporation), one of the members of the three-man architectural development team came up with a concept with regards to improving the overall security of the operating system to be used on all the computers within this networked system (a network system referred to as BudNET). Improving the overall security of an operating system is commonly referred to as "OS Hardening." The member of the team that was charged with this was SSgt. Donald R. Woeltje Jr. and the concept he came up with was the installation of special software (firewall software) on every BudNET server, workstation, and perimeter security device. Indeed, every single Windows system on the BudNET network. This is a concept that is now commonly referred to as "personal firewall" software. So, while SSgt. Woeltje did not invent personal firewall software, he did invent the idea of the "personal firewall." Evidence of this fact exists in the Anheuser-Busch Security Model Proposal document made by SSgt. Woeltje, at the time. When SSgt. Woeltje brought in all the leading firewall vendors for meetings concerning the products being considered for use for the perimeter security of the BudNET network, SSgt. Woeltje brought up the concept of the "personal firewall" with the vendors and asked them if they had any firewall product that could be used in this way. With the exception of the representatives from the Cyberguard Corporation, every vendor said that not only did that not have any firewall software that could be used in this way but they also said that the idea was crazy and unworkable. But, today we know they were wrong because the use of personal firewall software has become a de facto computer security standard. The companies that SSgt. Woeltje discussed "personal firewall" software with were, among others, Cisco, Checkpoint, Axent Technologies, Milkyway Networks, Cyberguard, Network ONE, Trusted Information Systems, and Secure Computing Corporation.