"What is it with the Windows Vista Firewall and its refusal to go away? All our PCs are secured behind two firewalls: a hardware firewall and Microsoft ISA Server. The only traffic that gets in is the traffic that we want to get in. Now we can appreciate having the firewall on by default; but after turning it off over 20 times, it's getting to be too much."
To read all comments associated with this story, please click here.
Member since:2005-11-18
This was a mindset I argued against for years and somewhere along the way my arguments started to stick. The idea that you can do boundary protection and be done, is insane. Anyone having any control over security for an enterprise needs to realize that there is more to network security than border firewalls.
Member since:2006-06-13
Member since:2005-07-06
The problem with running client firewalls in an enterprise environment (most specifically a fully AD integrated Windows environment) requires so many ports open you can just as well turn the whole damn thing off as those are also the ports most trojans and viruses use.
Rigorous policies, a virus scanner on both client and server, no local admins and an very tight border security comes a long way in keeping crap outside.
Member since:2005-08-17
You appear to lack an understanding of computer security. But I'm guessing you read much about it from 'experts in the field'.
Firewalls are routers that have rules to control how or if they route traffic between networks.
A firewall serves no purpose on a PC.
If you want to protect your PC from exploitation of network services then just disable those network services.
Member since:2005-07-22
A firewall is a device which permits or denies connections. A firewall can be hardware or software based.
Firewalls are routers that have rules to control how or if they route traffic between networks.
A firewall is not a router. Many routers include firewall functionality. You can buy hardware firewalls without any routing functionality.
A firewall serves no purpose on a PC.
A software firewall does serve a purpose on a PC, it permits or denies connections.
If you want to protect your PC from exploitation of network services then just disable those network services.
Close, but wrong. A firewall is not a replacement for security, so disabling services that aren't required is essential, however to state that disabling services is the only action required is wrong. If a trojan creeps in, masked by a root kit and opens a port to allow remote control of your PC, a firewall might just save the day.
You appear to lack an understanding of computer security.
No, _You_ appear to lack an understanding of computer security.
Edited 2007-02-19 10:32
Member since:
2006-11-30
Sorry, but the author says that because he has two layers of filtering on the WAN that the PC firewall is not necessary. If one PC becomes compromised inside the LAN, a worm could easily spread through the network. Not to mention that internal users are a far larger threat than external these days..