[SASAG] Windows Servers firewall question

macker macker at gmail.com
Fri Apr 10 00:58:29 PDT 2009


Not an easy answer to this one. I am a full time infosec guy, having come
from Watchguard where I started security full-time, and part time throughout
my entire college years which seems eons ago.

I work with both host-based and perimeter, among many other things. Many
places (not just universities) are moving towards a more open approach. The
UW is one from what I understand. Bruce Schneider also has some interesting
answers on the topic.

Granted, what is right for one organization, cannot just be 'placed' into
another. I would recommend googling "open network security vs. closed
network insecurity".

'Defense in depth', afaik, has never been debatable, but permiter and host
based is. I use both in *certain situations* or infrastructure. In other
situations, rely on mitigating controls.

You be the judge:
http://staff.washington.edu/gray/talks/2002/netinsec4.ppt. Not sure
there is a 'right' or 'wrong'. Your people are always the weakest
link.

-macker



On Thu, Apr 9, 2009 at 11:23 PM, James Affeld <jamesaffeld at yahoo.com> wrote:

>
> Yep - the "hard crust" perimeter defense approach is old school - like
> medicine before germ theory.  One compromise through the hardware firewall,
> to an unpatched web server, say, and all the exposed services running on an
> interior machine are at risk.
>
>
> --- On Thu, 4/9/09, Lee Damon <nomad at castle.org> wrote:
>
> > From: Lee Damon <nomad at castle.org>
> > Subject: Re: [SASAG] Windows Servers firewall question
> > To: "Lap Huynh" <laphuy01 at yahoo.com>, "Seattle Area System
> Administrators Guild" <members at lists.sasag.org>
> > Date: Thursday, April 9, 2009, 7:18 PM
> > Just because a firewall is protecting the exterior access
> > doesn't mean
> > your hosts are individually protected.  What happens when
> > someone brings
> > in an infected laptop?  You're completely exposed if
> > they're inside your
> > firewall.
> >
> > You need host-based protection in addition to network
> > protection.
> >
> > nomad
> >
> > Lap Huynh wrote:
> > > At my previous company we disabled Windows firewall on
> > our servers.
> > > However, at my current company we turn on windows
> > firewall. My opinion
> > > is that we don't need to turn on Windows Firewall
> > if we already have
> > > hardware firewall. Of course, reading on Microsoft
> > technet it says we
> > > should turn on Windows firewall even with hardware
> > firewall. Does Cisco
> > > or any other vendor suggest turning off that feature?
> > >
> > > Thanks,
> > >
> > >
> > >
> > ------------------------------------------------------------------------
> > >
> > > _______________________________________________
> > > Members mailing list
> > > Members at lists.sasag.org
> > > http://lists.sasag.org/mailman/listinfo/members
> > _______________________________________________
> > Members mailing list
> > Members at lists.sasag.org
> > http://lists.sasag.org/mailman/listinfo/members
>
>
>
> _______________________________________________
> Members mailing list
> Members at lists.sasag.org
> http://lists.sasag.org/mailman/listinfo/members
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sasag.org/pipermail/members/attachments/20090410/7f65356b/attachment.html>


More information about the Members mailing list