Mark,
I don't really see the use of a personal firewall on each workstation
because the user
has to give the application access (for example iexplore.exe) thru the
personal firewall...
If the user is able to do that it can also give access to all other
applications that wants
to access the internet... which doesn't reduce the load on the firewall at
all...
if you disable the user to edit / alter the granting of access thru the
personal firewall then
maybe you are getting somewhere... but how you want to do this I don;t
know....
and the user is still bothered with the irritating pop-ups...
and the administration of everything will be a pain in the ass too...
I think the best way is not to grant users the ability to install
applications on their own
but do this centrallized and give access to the applications that they need
to have...
which all can be done with policies / profiles and scripts..
Dunno if this is exactly what you ment.... I thought it
Greets,
Brenno
> -----Original Message-----
> From: mwatts [SMTP:[EMAIL PROTECTED]]
> Sent: vrijdag 9 februari 2001 13:23
> To: '[EMAIL PROTECTED]'
> Subject: RE: Personal Firewalls in corporate settings...
>
> Agreed, any company that just relied on a desktop solution would be daft
> IMHO.
>
> What I'm suggesting is that they would be used in conjunction with a
> perimeter firewall to enhance what was already there.
>
> IMO, anything that can reduce the pressure on the firewall/gateway would
> be a good thing.
> This would have the added benifit of improving the responsiveness of the
> firewall when lots of users are doing allowed things.
>
> Cheers,
>
> Mark.
>
>
> > -----Original Message-----
> > From: Hiemstra, Brenno
> > Sent: vrijdag 9 februari 2001 12:56
> > To: 'mwatts'
> > Subject: RE: Personal Firewalls in corporate settings...
> >
> > Mark,
> >
> > Personal Firewalls are not safe for corporate use...
> >
> > Installing it in a corporate network doesn't disable the ability for
> > trojan horses
> > to access the internet in some sort of way.
> >
> > Personal Firewalls grant access to applications which want to connect to
> > the
> > internet. Corporate Firewalls (like Checkpoint Firewall 1) grant access
> by
> > rules
> > on traffic shape (http or ftp) and ports (80, 21). which eliminate
> trojan
> > horses that
> > want to access the internet on for example port 3333.
> >
> > Further more you probably use somekind of internet sharing program like
> > sygate
> > or winroute which you grant access thru your personal firewall.
> > For example sygate.exe.
> >
> > This service routes every traffic it get's on it's internal interface
> onto
> > the internet.
> > So.. you can see.. also traffic of trojan horses which uses some
> client
> > PC in
> > the network...
> >
> > IRC, ICQ, and all that services have access to.. with corporate
> firewalls
> > you can
> > eliminate this by your ruleset.... These service uses the internet
> > sharing service
> > of the gateway/firewall to access the internet... and in my example...
> > that executable
> > has access thru for example: zonealarm or sygate personal firewall...
> >
> > I just pointed you some serious flaws in personal firewalls in
> comparrison
> > to a
> > corporate firewall like Firewall 1, Raptor, Sidewinder or IPCHAINS /
> > Netfilter (linux).
> >
> > My suggestion is NOT to use a personal firewall in a corporate LAN...
> > But that's my opinion...
> >
> > And we had already a lovely discussion about personal firewalls on this
> > list...
> > which pointed out NOT to use them in corporate networks...
> >
> > And various security websites also pointed this out...
> > Maybe you have to do some research on the net before you are going to
> > deploy a
> > personal firewall in a company network... I would like to be the
> company
> > who has
> > one and thinks that they are secure of trojans and all that stuff....
> >
> > Anyway.. enough said from my side...
> >
> > Hope you have something about it !
> >
> > Greets
> >
> > brenno
> >
> > -----Original Message-----
> > From: mwatts [SMTP:[EMAIL PROTECTED]]
> > Sent: vrijdag 9 februari 2001 12:42
> > To: [EMAIL PROTECTED]
> > Subject: Personal Firewalls in corporate settings...
> >
> > Greetings all,
> >
> > Does anyone here have any experiance in deploying a Personal Firewall
> > (ZoneAlarm, Tiny et al) solution in a corporate setting?
> >
> > Comments, suggestions, experiances and remarks are all welcome.
> >
> > Cheers,
> >
> > Mark Watts,
> > Research Scientist
> > DERA.
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
