We have the Windows FW off. Traffic between major apps, and/or between internal security zones, is routed via internal firewalls. So, we rely on the internal FWs to avoid the scenario you describe below.
Cheers Ken -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Kennedy, Jim Sent: Tuesday, 20 May 2014 1:16 AM To: [email protected] Subject: RE: [NTSysADM] Do you run Windows firewall on your internal servers? He needs to think about what is called pivoting. Where a box is compromised and they use it to pivot to the next box. Your external firewall won't see that happening. Windows Firewall might. The firewall on 2008 and up is pretty hassle free as far as I have experienced. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Dave Lum Sent: Monday, May 19, 2014 11:11 AM To: [email protected] Subject: [NTSysADM] Do you run Windows firewall on your internal servers? All y'all leave Windows Firewall on on your servers right? I heard a comment recently that "Win 2008 R2 and later have so many services off by default nowadays, running with it off saves headaches vs. the value it adds for servers that are behind our firewall". I leave it on and spend the time to make exceptions as necessary - sometimes it's frustrating and does take a lot of time, but still it seems like the prudent way to go. Seems odd to not run it, but I'm willing to change my thinking if I can hear reasonable arguments, but they'd have to be pretty convincing... Dave
