as a rule, I claim that a software firewall should be on every server unless you have proof of performance degradation or other non-remediated interference with production operations. You must remember that not all threats are external. Once an internal device is compromised, it can then be used as a jump point to attack other internal resources. Hopefully the firewall logs *also* provide benefit to compliance for audit and forensic purposes.
On Mon, May 19, 2014 at 11:11 AM, Dave Lum <[email protected]> wrote: > All y'all leave Windows Firewall on on your servers right? I heard a > comment recently that "Win 2008 R2 and later have so many services off by > default nowadays, running with it off saves headaches vs. the value it > adds for servers that are behind our firewall". > > I leave it on and spend the time to make exceptions as necessary - > sometimes it's frustrating and does take a lot of time, but still it seems > like the prudent way to go. > > Seems odd to not run it, but I'm willing to change my thinking if I can > hear reasonable arguments, but they'd have to be pretty convincing... > > Dave > > > >
