Educause Security Discussion mailing list archives
Re: Personal Firewalls
From: "Bradley D. Thornton" <Bradley () NORTHTECH US>
Date: Sun, 27 Jun 2004 03:39:59 -0700
Sunday, June 27, 2004 2:53:09 AM (-08:00hrs UTC) Hello Connie, On Friday, June 25, 2004, 9:32:32 AM, you wrote:
Does anyone recommend a personal firewall on campus? If not, are you considering doing so? If you do make a recommendation, did you do an eval? We're considering an evaluation of personal firewalls, for remote users as well as users on campus, and know that it presents risks and challenges. I'm interested in what others may have learned about this.
Hi Connie. There was a serious exploit that specifically targetted Black Ice a couple of months back, but that's been patched now. it's a decent product. I would stay away from both Symantec and ZoneLabs - it's almost as if those products are broken. Sygate can be an elegant and promising solution too. I might recommend also, if you have the capability where you are, to push onto the desktops via SMS or some other remote administrative technology - most of the solutions that exist are targetted for the consumer on windows OSes, and lack good central administrative capabilities - Symantec comes to mind as one of those failed initiatives for the enterprise. The windows XP security in the latest incarnation is a joke. I just returned from the conference a couple of days ago for the second time and it's practically useless again. Not to mention that this only addresses XP users, and not other MS users - people need a solution that transcends the real demographics of their installed user base, and not a sales pitch for software that is easily circumvented and touted as a reason to buy a new OS. Besides that, it's extremely ineffective. It may be that the best solution is hardware based, and they're not much more than the software solutions which depend first of all upon the Windows operating system for it's integrety. I think that may be where the gist of the failings are, and again, encourage you to look at hardware soltutions - in the long run these little proxy-boxes, as I call them, can probably save four to five times what it would cost to support a software solution for even a few months. Hope that helps.
Connie J. Sadler, CM, CISSP, CISM Director, IT Security, Brown University Box 1885, Providence, RI 02912 Connie_Sadler () Brown edu Office: 401-863-7266 PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB PGP Fingerprint: DA5F ED84 06D7 1635 4BC7 560D 9A07 80BA 91E3 8EFB
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
-- Kindest regards, Bradley D. Thornton MCSE; MCT; Manager Network Operations NorthTech Computer ----------------------------------------------- There are 10 kinds of people in this world... Those who understand binary and those who don't ----------------------------------------------- ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Personal Firewalls Sadler, Connie (Jun 25)
- <Possible follow-ups>
- Re: Personal Firewalls Lucas, Bryan (Jun 25)
- Re: Personal Firewalls Gary Dobbins (Jun 25)
- Re: Personal Firewalls Steve Schuster (Jun 25)
- Re: Personal Firewalls Christopher E. Cramer (Jun 25)
- Re: Personal Firewalls Kay Sommers (Jun 25)
- Re: Personal Firewalls Jenny Sara Gluck (Jun 25)
- Re: Personal Firewalls Kay Sommers (Jun 26)
- Re: Personal Firewalls Bradley D. Thornton (Jun 27)