[ale] Good windows firewall ?
Vincent Fox
vf5 at plm.gatech.edu
Mon Jun 21 08:24:00 EDT 2004
> >It's called a Layered Defense.
>
> I am familiar with the concept. Point is, we're talking a home network
> here, if I recall. There are differences. Still, there are other
> solutions that create a 'layered defense' or 'rings of security' as I
> noted in a previous email, which don't require a software firewall on
> every client.
My home network has a software firewall on every machine.
I dunno, maybe I find your resistance strange. I find turning
on a basic software firewall in Linux, or enabling the XP one
to be easy and so worth the small amount of time it takes that
I don't even think about it.
> Certainly every client machine at GA Tech does not have a software
> firewall installed? Of those, how many are properly configured?
I dunno about EVERY client machine, not responsible for all of them.
Of the ones I admin in the PLM lab, every Solaris and Linux and Windows
box was recently patched AND had some sort of firewall enabled locally
on that box. On the Solaris side it took me a few minutes to
run pkg-get to install ipfilter, configure a minimal ruleset,
and reboot it.
*snip*
> Well, I've never had anyone drop a laptop on my network. You don't
> apply the same security solutions to a business network that you do to a
> home network. Again, you have to assess the risks.
I have room-mates. The Korean guy has had several infections other
places and then brings his laptop home and boom problem. Your situation
may vary, but I think it not unlikely that at SOME point during a year
MOST home networks have a guest machine that may get connected
when they are not at home to supervise.
If you have no room-mates or spouse or children, or generally just do
not allow anyone other than yourself in your house, I guess you have
nothing to worry about so why not just run unpatched systems with no
firewall and no antivirus, etc. I know people running unpatched NT4 systems
behind a simple hardware NAT firewall and that works for them because
they rigidly ensure no other machines are ever on that network.
I think the beginning of this thread started with who could suggest
a good Windows firewall, so that's what I answered, eh what?
More information about the Ale
mailing list