Re: Personal Firewalls

["Bradley D. Thornton" <Bradley () NORTHTECH US>]

                                        Sunday, June 27, 2004
                                        2:53:09 AM (-08:00hrs UTC)
Hello Connie,



On Friday, June 25, 2004, 9:32:32 AM, you wrote:

> Does anyone recommend a personal firewall on campus? If not, are you
> considering doing so? If you do make a recommendation, did you do an
> eval? We're considering an evaluation of personal firewalls, for remote
> users as well as users on campus, and know that it presents risks and
> challenges. I'm interested in what others may have learned about this.


Hi Connie. There was a serious exploit that specifically targetted
Black Ice a couple of months back, but that's been patched now. it's a
decent product. I would stay away from both Symantec and ZoneLabs -
it's almost as if those products are broken.

Sygate can be an elegant and promising solution too.

I might recommend also, if you have the capability where you are, to
push onto the desktops via SMS or some other remote administrative
technology - most of the solutions that exist are targetted for the
consumer on windows OSes, and lack good central administrative
capabilities - Symantec comes to mind as one of those failed
initiatives for the enterprise.

The windows XP security in the latest incarnation is a joke. I just
returned from the conference a couple of days ago for the second time
and it's practically useless again. Not to mention that this only
addresses XP users, and not other MS users - people need a solution
that transcends the real demographics of their installed user base,
and not a sales pitch for software that is easily circumvented and
touted as a reason to buy a new OS.

Besides that, it's extremely ineffective.

It may be that the best solution is hardware based, and they're not
much more than the software solutions which depend first of all upon
the Windows operating system for it's integrety. I think that may be
where the gist of the failings are, and again, encourage you to look
at hardware soltutions - in the long run these little proxy-boxes, as
I call them, can probably save four to five times what it would cost
to support a software solution for even a few months.

Hope that helps.

> Connie J. Sadler, CM, CISSP, CISM
> Director, IT Security, Brown University
> Box 1885, Providence, RI 02912
> Connie_Sadler () Brown edu
> Office: 401-863-7266
> PGP Key:
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB
> PGP Fingerprint: DA5F ED84 06D7 1635 4BC7  560D 9A07 80BA 91E3 8EFB

> **********
> Participation and subscription information for this EDUCAUSE
> Discussion Group discussion list can be found at
> http://www.educause.edu/cg/.



--
Kindest regards,


Bradley D. Thornton MCSE; MCT;
Manager Network Operations
NorthTech Computer

-----------------------------------------------
There are 10 kinds of people in this world...
Those who understand binary and those who don't
-----------------------------------------------

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.