Agreed, any company that just relied on a desktop solution would be daft IMHO.
What I'm suggesting is that they would be used in conjunction with a perimeter
firewall to enhance what was already there.
IMO, anything that can reduce the pressure on the firewall/gateway would be a good
thing.
This would have the added benifit of improving the responsiveness of the firewall when
lots of users are doing allowed things.
Cheers,
Mark.
> -----Original Message-----
> From: Hiemstra, Brenno
> Sent: vrijdag 9 februari 2001 12:56
> To: 'mwatts'
> Subject: RE: Personal Firewalls in corporate settings...
>
> Mark,
>
> Personal Firewalls are not safe for corporate use...
>
> Installing it in a corporate network doesn't disable the ability for
> trojan horses
> to access the internet in some sort of way.
>
> Personal Firewalls grant access to applications which want to connect to
> the
> internet. Corporate Firewalls (like Checkpoint Firewall 1) grant access by
> rules
> on traffic shape (http or ftp) and ports (80, 21). which eliminate trojan
> horses that
> want to access the internet on for example port 3333.
>
> Further more you probably use somekind of internet sharing program like
> sygate
> or winroute which you grant access thru your personal firewall.
> For example sygate.exe.
>
> This service routes every traffic it get's on it's internal interface onto
> the internet.
> So.. you can see.. also traffic of trojan horses which uses some client
> PC in
> the network...
>
> IRC, ICQ, and all that services have access to.. with corporate firewalls
> you can
> eliminate this by your ruleset.... These service uses the internet
> sharing service
> of the gateway/firewall to access the internet... and in my example...
> that executable
> has access thru for example: zonealarm or sygate personal firewall...
>
> I just pointed you some serious flaws in personal firewalls in comparrison
> to a
> corporate firewall like Firewall 1, Raptor, Sidewinder or IPCHAINS /
> Netfilter (linux).
>
> My suggestion is NOT to use a personal firewall in a corporate LAN...
> But that's my opinion...
>
> And we had already a lovely discussion about personal firewalls on this
> list...
> which pointed out NOT to use them in corporate networks...
>
> And various security websites also pointed this out...
> Maybe you have to do some research on the net before you are going to
> deploy a
> personal firewall in a company network... I would like to be the company
> who has
> one and thinks that they are secure of trojans and all that stuff....
>
> Anyway.. enough said from my side...
>
> Hope you have something about it !
>
> Greets
>
> brenno
>
> -----Original Message-----
> From: mwatts [SMTP:[EMAIL PROTECTED]]
> Sent: vrijdag 9 februari 2001 12:42
> To: [EMAIL PROTECTED]
> Subject: Personal Firewalls in corporate settings...
>
> Greetings all,
>
> Does anyone here have any experiance in deploying a Personal Firewall
> (ZoneAlarm, Tiny et al) solution in a corporate setting?
>
> Comments, suggestions, experiances and remarks are all welcome.
>
> Cheers,
>
> Mark Watts,
> Research Scientist
> DERA.
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
