Security Basics mailing list archives
RE: Client End Firewalls
From: "Bryan S. Sampsel" <bsampsel () libertyactivist org>
Date: Tue, 5 Oct 2004 11:01:44 -0600 (MDT)
I've worked with the free version of the zone labs product...while it doesn't provide the same level of protection the commercial product does, I found it intuitive to use. The only confusion for users may lay with, "Allow this exe to blah blah blah" messages. The average user won't know enough to say yes or no in an informed manner. I've also used F-Secure's firewall/AV combination package. It works quite well, not quite as easy to use, but very reliable once configured. You could much more easily "Pre-Can" a standard and expect it to work. In fact, they pioneered much of the "distributed firewall" concept. I've also used Symantec's and found it to be awful. It was kludgy and problematic. Client side firewalls are a great "last layer" defense. Preferably, the client is behind at least one firewall device/system, whether it is a SOHO Netgear Broadband "router" or a Raptor Firewall or a Cisco PIX. It helps mitigate the "crunchy on the outside, chewy in the center" problem that most networks have. Sincerely, Bryan S. Sampsel LibertyActivist.org Grant.Orchard () aws aust com said:
Hi Scott, I should have provided more detail sorry. I'm looking to centrally manage this. Employees will be given basic training, more for awareness than "how to" knowledge. We are planning on developing a corporate rule set which we can modify upon legitimate requests. We recently had our comms company come out and tell us about the "great new zone labs product". Of course, I don't trust them not to be impartial so I thought you guys could provide some help. 1. Are client side firewalls worth having (yes) 2. Have you had any experience with Zone Labs 3. If not, what client firewall product would you recommend? Thanks a lot Grant Orchard IT Coordinator Australian Water Services 02 9224 7916 0403 457 315 staylor@velectric .com To 05/10/2004 06:50 securityfocus () delahunty com, AM security-basics () securityfocus com, Grant.Orchard () aws aust com cc Subject RE: Client End Firewalls What would be a good one to implement? I would be interested in knowing: 1. Would you train all employee's on managing the local firewall? 2. Would you just have your IT people configure it and not let individual users mess with it? 3. It seems it could create a lot of administration overhead. Thoughts on this would be greatly appreciated. Scott -----Original Message----- From: Steve [mailto:securityfocus () delahunty com] Sent: Thursday, September 30, 2004 6:21 AM To: security-basics () securityfocus com; Grant.Orchard () aws aust com Subject: Re: Client End Firewalls These can be very effective at blocking incoming traffic to the workstations and also the ones like from Symantec get firewall policy/rule updates downloaded periodically. Consider the situation where some of your folks with laptops are at a customer site, or a vendor site - they are wide open to threats without desktop firewall protection. Consider the situation where a worm gets inside your network somehow, it will bounce around infecting many machines if there is no desktop protection. ----- Original Message ----- From: <Grant.Orchard () aws aust com> To: <security-basics () securityfocus com> Sent: Tuesday, September 28, 2004 12:27 AM Subject: Client End Firewalls Hi guys, How much protection do you believe client side firewalls provide? My boss has asked for my thoughts on a system like Zone Labs are now offering. Can anyone provide me with their thoughts on what benefits this actually provides? Many thanks Grant Orchard NOTICE - This e-mail (and any attachments) is confidential. It may contain privileged information or copyright material. You should not read, copy, use or disclose it without the written authorisation of AWS. If you are not an intended recipient, please contact AWS by return e-mail and then delete both messages. AWS does not accept liability in connection with computer virus, data corruption, delay, interruption, unauthorised access or unauthorised amendment.
Current thread:
- Re: Client End Firewalls, (continued)
- Re: Client End Firewalls GuidoZ (Oct 19)
- Re: Client End Firewalls Ansgar -59cobalt- Wiechers (Oct 20)
- Re: Client End Firewalls GuidoZ (Oct 28)
- RE: Client End Firewalls Jef Feltman (Oct 30)
- Re: Client End Firewalls GuidoZ (Oct 05)
- Re: Client End Firewalls xyberpix (Oct 07)
- Re: Client End Firewalls Ken S (Oct 07)
- Re: Client End Firewalls GuidoZ (Oct 08)
- Message not available
- RE: Client End Firewalls Bryan S. Sampsel (Oct 06)
- Re: Client End Firewalls Josh Mills (Oct 07)
- Re: Client End Firewalls Ken S (Oct 07)