|
Posted by Juergen Nieveler on September 8, 2007, 3:31 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>> Also, speaking as somebody who had to roll out a centrally managed
>> McAfee- Firewall - it's a hell of a lot of work to make sure that a)
>> the firewall works, b) the user cannot tamper with it, and c)
>> everything else still works, too...
>
> Aha, this is the real problem!
Yep. But I intend to solve this, as soon as I've finished calculating
Pi, feed the whole world, stop global warming and stop all wars ;-)
Juergen Nieveler
--
I usually define SuSE as AIX written by Germans on crack
Derry Hamilton in the Monastery
|
|
Posted by john toynbee on September 9, 2007, 12:33 pm
If you were Registered and logged in, you could reply and use other advanced thread options
On Sat, 08 Sep 2007 19:31:17 +0000, Juergen Nieveler wrote:
>
>>> Also, speaking as somebody who had to roll out a centrally managed
>>> McAfee- Firewall - it's a hell of a lot of work to make sure that a)
>>> the firewall works, b) the user cannot tamper with it, and c)
>>> everything else still works, too...
>>
>> Aha, this is the real problem!
>
> Yep. But I intend to solve this, as soon as I've finished calculating
> Pi, feed the whole world, stop global warming and stop all wars ;-)
Would it not be more simple to change the firewall brand? :-)
I advise you to read this:
"Firewalls can help or hurt, so plan carefully"
http://searchwinit.techtarget.com/
originalContent/0,289142,sid1_gci1121674,00.html
and
"Firewalls: Friend or Foe?"
http://staff.washington.edu/gray/papers/fff.html
John
|
|
Posted by Juergen Nieveler on September 9, 2007, 2:46 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>> Yep. But I intend to solve this, as soon as I've finished calculating
>> Pi, feed the whole world, stop global warming and stop all wars ;-)
>
> Would it not be more simple to change the firewall brand? :-)
Corporate decision - world peace will be much easier to achieve, unless
the current rumours are true... we might get to change to a different
firewall soon, and it's going to be the built-in one from MS :-(...
Juergen Nieveler
--
William Froglegs says 'yes' and the volume rises meaning Bob Pelham kills
sweep,SAFE and FBI.
|
|
Posted by Volker Birk on September 8, 2007, 5:18 am
If you were Registered and logged in, you could reply and use other advanced thread options > Yes, but is defense in depth less important for business users?
Defense in depth does not imply using "Personal Firewalls". It should
imply configuring machines so, that firewalls are not neccessary at all,
and then afterwards filtering at the network boundery additionally.
> Pag.30: "Included in Windows XP Service Pack 2 and Windows Server 2003 is
> Windows Firewall, a host-based firewall used to restrict unsolicited in-
> bound traffic to a computer. Windows Firewall settings can be configured
> locally on a host, or, preferably via Group Policy. The following are
> recommendations regarding the use of Windows Firewall:
> ? Enable Windows Firewall.
> ? Windows Firewall configurations should be pushed down via Group
> Policy within a domain if possible. In general, do not allow local
> administrators to disable/enable the firewall or make changes"
The Windows-Firewall can be used for Windows, because Windows has the
design flaw to offer network services even if none are wanted to be
there.
It's the second best option compared with shutting down unwanted
services. Unfortunately it's second best because there are attacks
possible with a packet filter, which are not possible if there is
no such service.
Yours,
VB.
--
"Es muss darauf geachtet werden, dass das Grundgesetz nicht mit Methoden
geschützt wird, die seinem Ziel und seinem Geist zuwider sind."
Gustav Heinemann, "Freimütige Kritik und demokratischer Rechtsstaat"
|
| Similar Threads | Posted | | Netgear FVS318 and Netgear (ProSafe) VPN Client problem through firewalls | July 15, 2004, 9:17 am |
| Netgear FVS114 with Netgear DG814 with Single IP Address | February 26, 2007, 7:48 pm |
| How did netgear do that? | December 5, 2004, 6:30 pm |
| Netgear VPN | April 19, 2007, 7:54 am |
| NETGEAR WGT 624 Log Viewer? | November 6, 2004, 2:06 pm |
| Netgear FVS338 | April 25, 2005, 7:52 pm |
| Netgear FR114P | May 21, 2005, 8:19 pm |
| Netgear FR114P` | September 5, 2005, 11:11 pm |
| netgear fsm7326 | September 14, 2005, 8:16 am |
| NetGear FVS124G | April 6, 2006, 9:47 am |
|
XML site map