Linked by Thom Holwerda on Sun 18th Feb 2007 20:29 UTC, submitted by Jennifer Logan
Windows "What is it with the Windows Vista Firewall and its refusal to go away? All our PCs are secured behind two firewalls: a hardware firewall and Microsoft ISA Server. The only traffic that gets in is the traffic that we want to get in. Now we can appreciate having the firewall on by default; but after turning it off over 20 times, it's getting to be too much."
Thread beginning with comment 214208
To read all comments associated with this story, please click here.
Not Necessary!?
by kev009 on Sun 18th Feb 2007 21:22 UTC
kev009
Member since:
2006-11-30

Sorry, but the author says that because he has two layers of filtering on the WAN that the PC firewall is not necessary. If one PC becomes compromised inside the LAN, a worm could easily spread through the network. Not to mention that internal users are a far larger threat than external these days..

Reply Score: 5

RE: Not Necessary!?
by Rugmonster on Sun 18th Feb 2007 22:02 in reply to "Not Necessary!?"
Rugmonster Member since:
2005-11-18

This was a mindset I argued against for years and somewhere along the way my arguments started to stick. The idea that you can do boundary protection and be done, is insane. Anyone having any control over security for an enterprise needs to realize that there is more to network security than border firewalls.

Reply Parent Score: 5

RE[2]: Not Necessary!?
by mwadams on Mon 19th Feb 2007 00:18 in reply to "RE: Not Necessary!?"
mwadams Member since:
2006-06-13

I couldn't agree more. Rather like those corporations that "standardize" on exactly one vendor's Anti-Virus product. Just hope *you* don't get by the worm that silently avoids that particular flavor of protection...

Reply Parent Score: 2

RE[2]: Not Necessary!?
by Fred on Mon 19th Feb 2007 12:01 in reply to "RE: Not Necessary!?"
Fred Member since:
2005-07-06

The problem with running client firewalls in an enterprise environment (most specifically a fully AD integrated Windows environment) requires so many ports open you can just as well turn the whole damn thing off as those are also the ports most trojans and viruses use.

Rigorous policies, a virus scanner on both client and server, no local admins and an very tight border security comes a long way in keeping crap outside.

Reply Parent Score: 1

RE: Not Necessary!?
by jessta on Mon 19th Feb 2007 09:06 in reply to "Not Necessary!?"
jessta Member since:
2005-08-17

You appear to lack an understanding of computer security. But I'm guessing you read much about it from 'experts in the field'.

Firewalls are routers that have rules to control how or if they route traffic between networks.

A firewall serves no purpose on a PC.
If you want to protect your PC from exploitation of network services then just disable those network services.

Reply Parent Score: 0

RE[2]: Not Necessary!?
by bryhhh on Mon 19th Feb 2007 10:31 in reply to "RE: Not Necessary!?"
bryhhh Member since:
2005-07-22

A firewall is a device which permits or denies connections. A firewall can be hardware or software based.

Firewalls are routers that have rules to control how or if they route traffic between networks.

A firewall is not a router. Many routers include firewall functionality. You can buy hardware firewalls without any routing functionality.

A firewall serves no purpose on a PC.

A software firewall does serve a purpose on a PC, it permits or denies connections.

If you want to protect your PC from exploitation of network services then just disable those network services.

Close, but wrong. A firewall is not a replacement for security, so disabling services that aren't required is essential, however to state that disabling services is the only action required is wrong. If a trojan creeps in, masked by a root kit and opens a port to allow remote control of your PC, a firewall might just save the day.

You appear to lack an understanding of computer security.

No, _You_ appear to lack an understanding of computer security.

Edited 2007-02-19 10:32

Reply Parent Score: 5