|
Posted by john toynbee on September 6, 2007, 10:58 am
If you were Registered and logged in, you could reply and use other advanced thread options
On Thu, 06 Sep 2007 14:56:56 +0200, Wolfgang Kueter wrote:
> john toynbee wrote:
>
>
>> Double firewalling (hardware + software) is recommended by US-CERT:
>
> The correct use of a proper hardware firewalling device like
>
> http://www.knipex.de/index.php?id=783&L=0&grpID=24&ukat=kabel07
>
> makes any software definitely unneccessary.
>
> Wolfgang
nice joke, but, sorry, between your opinion and US-CERT opinion I prefer
the second.
John
|
|
Posted by Juergen Nieveler on September 6, 2007, 3:31 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Double firewalling (hardware + software) is recommended by US-CERT:
That links are for home users, though - not business users.
Major difference.
Juergen Nieveler
--
"I know how hard it is for you to put food on your family." George W. Bush
—Greater Nashua, N.H., Chamber of Commerce, Jan. 27, 2000
|
|
Posted by john toynbee on September 6, 2007, 9:06 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>
>> Double firewalling (hardware + software) is recommended by US-CERT:
>
> That links are for home users, though - not business users.
>
> Major difference.
>
> Juergen Nieveler
Yes, but is defense in depth less important for business users?
I think the contrary.
Moreover there are also the inside attacks.
At Last: National Security Agency (NSA)
“The 60 Minute Network Security Guide"
2006
www.nsa.gov/snac/downloads_all.cfm?MenuID=scg10.3.1
Pag.12: "The following section addresses recommendations for securing
network perimeter routers and firewalls. These devices remain a first
line of defense that can serve to limit the access a potential adversary
has to an organization's network."
Pag.30: "Included in Windows XP Service Pack 2 and Windows Server 2003 is
Windows Firewall, a host-based firewall used to restrict unsolicited in-
bound traffic to a computer. Windows Firewall settings can be configured
locally on a host, or, preferably via Group Policy. The following are
recommendations regarding the use of Windows Firewall:
• Enable Windows Firewall.
• Windows Firewall configurations should be pushed down via Group
Policy within a domain if possible. In general, do not allow local
administrators to disable/enable the firewall or make changes"
John
|
|
Posted by Juergen Nieveler on September 7, 2007, 8:08 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Yes, but is defense in depth less important for business users?
> I think the contrary.
Businesses that are security-concious prefer to control access to the
LAN in the first place - with an unknown MAC you can't even connect to
the switch, or plug your computer into a socket in the wrong office.
> Moreover there are also the inside attacks.
Those are a real problem, but not one a desktop firewall can prevent.
> The following are recommendations regarding the use of Windows
> Firewall:
> • Enable Windows Firewall.
> • Windows Firewall configurations should be pushed down via
> Group
> Policy within a domain if possible. In general, do not allow local
> administrators to disable/enable the firewall or make changes"
If you remove unnecessary services on the workstations there's even
less chance of attack ;-)
Also, speaking as somebody who had to roll out a centrally managed
McAfee- Firewall - it's a hell of a lot of work to make sure that a)
the firewall works, b) the user cannot tamper with it, and c)
everything else still works, too...
Juergen Nieveler
--
Dawn is nature's way of telling you to go to bed
|
|
Posted by john toynbee on September 7, 2007, 7:52 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>
> Also, speaking as somebody who had to roll out a centrally managed
> McAfee- Firewall - it's a hell of a lot of work to make sure that a) the
> firewall works, b) the user cannot tamper with it, and c) everything
> else still works, too...
Aha, this is the real problem!
John
|
| Similar Threads | Posted | | Netgear FVS318 and Netgear (ProSafe) VPN Client problem through firewalls | July 15, 2004, 9:17 am |
| Netgear FVS114 with Netgear DG814 with Single IP Address | February 26, 2007, 7:48 pm |
| How did netgear do that? | December 5, 2004, 6:30 pm |
| Netgear VPN | April 19, 2007, 7:54 am |
| NETGEAR WGT 624 Log Viewer? | November 6, 2004, 2:06 pm |
| Netgear FVS338 | April 25, 2005, 7:52 pm |
| Netgear FR114P | May 21, 2005, 8:19 pm |
| Netgear FR114P` | September 5, 2005, 11:11 pm |
| netgear fsm7326 | September 14, 2005, 8:16 am |
| NetGear FVS124G | April 6, 2006, 9:47 am |
|
XML site map