RE: [fw-wiz] Worms, Air Gaps and Responsibility

From: Carson Gaspar (carson_at_taltos.org)
Date: 05/05/04

  • Next message: Patrick M. Hausen: "Re: [fw-wiz] Worms, Air Gaps and Responsibility" 
    To: firewall-wizards@honor.icsalabs.com
Date: Wed, 05 May 2004 16:04:51 -0400

    I can answer for the financials - the user desktops _are_ production. If
    the homedir fileserver is compromised, you're in trouble, but you can't
    isolate it from the desktops...

    VPN is a fact of life given 24/7 trading, and the client desktops need to
    access file servers. The best you can do is lock down the VPN clients, and
    manage the hell out of them.

    In many cases you can firewall your core back office data from everything
    else. Some companies try to firewall by business unit, but the inter-BU
    requirements quickly make those such swiss cheese that they're mostly
    useful as emergency fire doors when an outbreak happens.

    Doing firewall-on-a-nic for all desktops and servers is possible, but is
    extremely expensive with current technology (mostly due to deployment and
    support costs). Even firewalling each subnet is a support nightmare in the
    dynamic environment that exists in most modern financials.

    As for patching your servers, MS _still_ doesn't have a non-broken patch
    for win2k. Most companies haven't upgraded to 2003 server yet, so a lot of
    companies had patched XP desktops, but unpatched servers. 

    -- 
Carson
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: Patrick M. Hausen: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"

    Relevant Pages

    • Re: McAfee Desktop Firewall 8.0 on Servers
      ... > be marketed for desktops, although the vendor endorses the use on servers. ... > of installing McAfee on servers and the technical differences between the ... 8Signs Firewall, made to protect Windows servers, affordable too. ...
      (comp.security.firewalls)
    • Re: McAfee Desktop Firewall 8.0 on Servers
      ... > be marketed for desktops, although the vendor endorses the use on servers. ... > of installing McAfee on servers and the technical differences between the ... 8Signs Firewall, made to protect Windows servers, affordable too. ...
      (comp.security.firewalls)
    • RE: [fw-wiz] Worms, Air Gaps and Responsibility
      ... Some companies try to firewall by business unit, ... Even firewalling each subnet is a support nightmare in the ... "This set of things should never talk" isn't a difficult security policy ... > companies had patched XP desktops, ...
      (Firewall-Wizards)
    • Re: Event SRV error 2012
      ... Thank you for responding but if I am not mistaken if you install or have ... 913446 installed on all my servers already. ... We are running a Windows 2003 SP1 network. ... Desktops are all windows XP ...
      (microsoft.public.windows.server.general)
    • RE: connecting to client desktop still not working
      ... I discovered it is indeed Trend Micro's PC-cillin Internet Security ... If I disable the firewall ... > desktops in my own network through RWW, although I can connect to the server. ...
      (microsoft.public.windows.server.sbs)