Re: Client End Firewalls

[Ken S <ken.securitylist () gmail com>]

I've found the Symantec Client Security (SCS) 2.0 product to be very
robust, although I'm still looking for a good solution to do
reporting.  That's one of Symantec's biggest weaknesses.  However, the
Symantec System Center console does provide a good view of your users
and good data on Symantec AntiVirus (SAV) and Symantec Client Firewall
(SCF) issues.

We're requiring SCS on all remote / mobile machines and have over 1500
of 5000 installed to date.  As for management, I'm doing all the admin
work myself, and this is just one of my projects.  There was quite a
lot of work up front, but I haven't had any issues come up in the last
month.  I created a policy that's being used company-wide, although
I've had to modify it to create rules for a few applications that
didn't functional properly without  it.

We took the approach of locking down the SCF completely, so users
cannot make any decisions about what's allowed.  For most 99% of
users, this is working fine.  I have wondered if we're doing users a
disservice by not training them and requiring them to learn more about
security.  That's a topic for another discussion, however.

We decided to create trusted zones for our LAN, to avoid the necessity
of creating rules for every application.  This means the utility of
the SCF is nill if there's an outbreak inside the company, but at
least we feel better protected from our biggest risk: our VPN users. I
put an unpatched laptop on a DSL line with my policy and hammered it
with several tools.   The SCF stealthed the machine very well, as the
tools did not return a live host.  This is comforting, since more and
more people want to connect to public wireless access points.

All in all, I think everyone at my company is pleased with it.  Now,
if I could just get better reporting.  I'll save the discussion of
'Symantec's SESA product for another time as well.

Good luck.

Ken