I too agree on the XP firewall. I dumb it down a little for when a machine is in the perimeter, and lock it down tight when it leaves the perimeter. I have researched extensively the whole outbound vs inbound filtering debate, and I content that for my network, I don't need outbound filtering. - So XP firewall is plenty adequate. (But obviously I have taken other preventative measures to lock down the machines)... I deployed it as soon as SP2 came out. Never had a problem with it. I think for a desktop, it's more that adequate. I also think that desktops should have them, regardless.
________________________________ From: David Mazzaccaro [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 16, 2008 9:12 AM To: NT System Admin Issues Subject: RE: Security: Firewall on desktops that don't leave the company? We are using Windows XP Firewall here. I like it because it can be configured via GPO in Active Directory, and only the required ports are opened. ________________________________ From: René de Haas [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 16, 2008 10:01 AM To: NT System Admin Issues Subject: RE: Security: Firewall on desktops that don't leave the company? Software. It will be the same everyone has on their laptops so management will be easy. From: David Mazzaccaro [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 16, 2008 3:58 PM To: NT System Admin Issues Subject: RE: Security: Firewall on desktops that don't leave the company? Do you mean you are going to implement Windows Firewall or some other software firewall? Or are you going to be putting physical hardware firewalls on everyone's desk?!?! ________________________________ From: René de Haas [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 16, 2008 8:00 AM To: NT System Admin Issues Subject: Security: Firewall on desktops that don't leave the company? Hi All, Asking for opinions. Was informed that we are going to put firewalls on desktop pc's as well, though there is a firewall at the perimeter of the network. One motivation was that with a pentest from the inside we would be more secure. Are you doing this as well? Arguments for/against. Thanks René ________________________________ *** The information in this e-mail is confidential and intended solely for the individual or entity to whom it is addressed. If you have received this e-mail in error please notify the sender by return e-mail delete this e-mail and refrain from any disclosure or action based on the information. *** ________________________________ *** The information in this e-mail is confidential and intended solely for the individual or entity to whom it is addressed. If you have received this e-mail in error please notify the sender by return e-mail delete this e-mail and refrain from any disclosure or action based on the information. *** ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
