[SASAG] Windows Servers firewall question

James Affeld jamesaffeld at yahoo.com
Thu Apr 9 23:23:40 PDT 2009


Yep - the "hard crust" perimeter defense approach is old school - like medicine before germ theory.  One compromise through the hardware firewall, to an unpatched web server, say, and all the exposed services running on an interior machine are at risk.


--- On Thu, 4/9/09, Lee Damon <nomad at castle.org> wrote:

> From: Lee Damon <nomad at castle.org>
> Subject: Re: [SASAG] Windows Servers firewall question
> To: "Lap Huynh" <laphuy01 at yahoo.com>, "Seattle Area System Administrators Guild" <members at lists.sasag.org>
> Date: Thursday, April 9, 2009, 7:18 PM
> Just because a firewall is protecting the exterior access
> doesn't mean
> your hosts are individually protected.  What happens when
> someone brings
> in an infected laptop?  You're completely exposed if
> they're inside your
> firewall.
> 
> You need host-based protection in addition to network
> protection.
> 
> nomad
> 
> Lap Huynh wrote:
> > At my previous company we disabled Windows firewall on
> our servers.
> > However, at my current company we turn on windows
> firewall. My opinion
> > is that we don't need to turn on Windows Firewall
> if we already have
> > hardware firewall. Of course, reading on Microsoft
> technet it says we
> > should turn on Windows firewall even with hardware
> firewall. Does Cisco
> > or any other vendor suggest turning off that feature?
> > 
> > Thanks,
> > 
> > 
> >
> ------------------------------------------------------------------------
> > 
> > _______________________________________________
> > Members mailing list
> > Members at lists.sasag.org
> > http://lists.sasag.org/mailman/listinfo/members
> _______________________________________________
> Members mailing list
> Members at lists.sasag.org
> http://lists.sasag.org/mailman/listinfo/members


      



More information about the Members mailing list