[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Mon Jun 21 07:42:41 2004 -->
- <!--x-from-r13: rfbgrevp ng 3gvzrf25.arg (Urbsserl) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: 20040620111452.D32974-100000@m-net.arbornet.org -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] Good windows firewall ? -->
- <li><em>date</em>: Mon Jun 21 07:42:41 2004</li>
- <li><em>from</em>: esoteric at 3times25.net (Geoffrey)</li>
- <li><em>in-reply-to</em>: <<a href="msg00470.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg00454.html">[email protected]</a>> <<a href="msg00460.html">[email protected]</a>> <<a href="msg00462.html">[email protected]</a>> <<a href="msg00470.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] Good windows firewall ?</li>
I am familiar with the concept. Point is, we're talking a home network
here, if I recall. There are differences. Still, there are other
solutions that create a 'layered defense' or 'rings of security' as I
noted in a previous email, which don't require a software firewall on
every client.
Certainly every client machine at GA Tech does not have a software
firewall installed? Of those, how many are properly configured?
I would like to see a real world example where a large organization,
whether that is a corporation or an educational facility has such a
policy in place.
>
> Example:
> I have an IPCop box as my home router which is also a NAT/firewall of course.
>
> I *still* run iptables on any local Linux boxes, and on Windows I use
> the XP firewall at minimum, or the CA Armor suite.
I do not have a firewall running on every box in my network. I have
multiple firewalls with a dmz. I'm not going to attempt to maintain a
firewall on every box on my network. Simply a difference of opinion.
>
> I am familiar with all too many security incidents where the dependence
> on the One Big Security Device bites you in the ass. It can be a case of
> a Maginot Line where you *think* you have a good firewall, but someone
> finds a way around it and bingo they are inside your green network.
> Or it can be a simple case of someone brings a compromised laptop
> into your green. This is pretty common.
Well, I've never had anyone drop a laptop on my network. You don't
apply the same security solutions to a business network that you do to a
home network. Again, you have to assess the risks.
I highly doubt you'll find any large corporation who has firewall
software running on every desktop. It's just not possible to maintain
such a scenario, regardless of the tools available.
Smaller businesses might have such an approach, but I personally don't
recommend it.
I am not saying that a single firewall is an acceptable solution, but I
don't think there are a lot of situations where running a software
firewall on every client is feasible.
--
Until later, Geoffrey Registered Linux User #108567
Building secure systems in spite of Microsoft
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00477" href="msg00477.html">[ale] Good windows firewall ?</a></strong>
<ul><li><em>From:</em> vf5 at plm.gatech.edu (Vincent Fox)</li></ul></li>
<li><strong><a name="00487" href="msg00487.html">[ale] Good windows firewall ?</a></strong>
<ul><li><em>From:</em> ron at Opus1.COM (Ronald Chmara)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00454" href="msg00454.html">[ale] Good windows firewall ?</a></strong>
<ul><li><em>From:</em> exodous at m-net.arbornet.org (exo)</li></ul></li>
<li><strong><a name="00460" href="msg00460.html">[ale] Good windows firewall ?</a></strong>
<ul><li><em>From:</em> n4zm at mindspring.com (zeb)</li></ul></li>
<li><strong><a name="00462" href="msg00462.html">[ale] Good windows firewall ?</a></strong>
<ul><li><em>From:</em> esoteric at 3times25.net (Geoffrey)</li></ul></li>
<li><strong><a name="00470" href="msg00470.html">[ale] Good windows firewall ?</a></strong>
<ul><li><em>From:</em> vf5 at plm.gatech.edu (Vincent Fox)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00473.html">[ale] SUSE 9.1 Personal ISO Available for Free Download from SUSE's ftp site</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00475.html">[ale] College Linux tips, advice, cool stuff?</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00470.html">[ale] Good windows firewall ?</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00477.html">[ale] Good windows firewall ?</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00474"><strong>Date</strong></a></li>
<li><a href="threads.html#00474"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>