[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]

Wells Fargo has just such a division (can't say more without violating 
NDA). The basic policy is that every device which can be exploited is 
protected with all reasonable tools available for that device. All 
servers, laptops, and desktops run with encrypted hard drives or 
partitions (in case of theft), firewall software, virus scanning, 
monthly password changes, strong password policies, auto-logoff, etc.

Key word being "reasonable". Simple firewalls like Black ICE take 
almost no administration, just like simple virus scanners take almost 
no administration.

> I highly doubt you'll find any large corporation who has firewall 
> software running on every desktop.  It's just not possible to maintain 
> such a scenario, regardless of the tools available.

Well, I think this idea (only a few firewalls per network) was more 
viable a few years ago.... At one point in time, it was considered 
totally unreasonable to have virus scanning software installed on all 
machines. Now, it's not unusual for every desktop in a network to have 
some form of virus scanning enabled, in addition to traffic scanners, 
and/or service based scanners (such as Amavis). As exploits increase, 
security to meet that threat also increases.

> I am not saying that a single firewall is an acceptable solution, but 
> I don't think there are a lot of situations where running a software 
> firewall on every client is feasible.

I think you both have valid points, and the key difference is 
complexity. Firewalls that take more than a few seconds per month of 
administration are not good choices for each end client machine, but 
fairly simple firewalls on every end client are trivial to implement. 
While they don't offer the same level of burliness as a well configured 
edge or core firewall, they still offer some additional protection in 
cases of an internal threat.

-Bop


</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00495" href="msg00495.html">[ale] Good windows firewall ?</a></strong>
<ul><li><em>From:</em> haswes at mindspring.com (Adrin)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00454" href="msg00454.html">[ale] Good windows firewall ?</a></strong>
<ul><li><em>From:</em> exodous at m-net.arbornet.org (exo)</li></ul></li>
<li><strong><a name="00460" href="msg00460.html">[ale] Good windows firewall ?</a></strong>
<ul><li><em>From:</em> n4zm at mindspring.com (zeb)</li></ul></li>
<li><strong><a name="00462" href="msg00462.html">[ale] Good windows firewall ?</a></strong>
<ul><li><em>From:</em> esoteric at 3times25.net (Geoffrey)</li></ul></li>
<li><strong><a name="00470" href="msg00470.html">[ale] Good windows firewall ?</a></strong>
<ul><li><em>From:</em> vf5 at plm.gatech.edu (Vincent Fox)</li></ul></li>
<li><strong><a name="00474" href="msg00474.html">[ale] Good windows firewall ?</a></strong>
<ul><li><em>From:</em> esoteric at 3times25.net (Geoffrey)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00486.html">[ale] FS: Sprint Wireless Modem (Novatel Merlin C201) Works With 	Linux</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00488.html">[ale] Oracle DBD-DBI</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00481.html">[ale] Good windows firewall ?</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00495.html">[ale] Good windows firewall ?</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00487"><strong>Date</strong></a></li>
<li><a href="threads.html#00487"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>