Re: Client End Firewalls

From: Ken S (ken.securitylist_at_gmail.com)
Date: 10/06/04

  • Next message: Shaineel Singh: "RE: TCP/IP CRC question" 
    Date: Wed, 6 Oct 2004 16:42:53 -0500
To: security-basics@securityfocus.com

    I've found the Symantec Client Security (SCS) 2.0 product to be very
    robust, although I'm still looking for a good solution to do
    reporting. That's one of Symantec's biggest weaknesses. However, the
    Symantec System Center console does provide a good view of your users
    and good data on Symantec AntiVirus (SAV) and Symantec Client Firewall
    (SCF) issues.

    We're requiring SCS on all remote / mobile machines and have over 1500
    of 5000 installed to date. As for management, I'm doing all the admin
    work myself, and this is just one of my projects. There was quite a
    lot of work up front, but I haven't had any issues come up in the last
    month. I created a policy that's being used company-wide, although
    I've had to modify it to create rules for a few applications that
    didn't functional properly without it.

    We took the approach of locking down the SCF completely, so users
    cannot make any decisions about what's allowed. For most 99% of
    users, this is working fine. I have wondered if we're doing users a
    disservice by not training them and requiring them to learn more about
    security. That's a topic for another discussion, however.

    We decided to create trusted zones for our LAN, to avoid the necessity
    of creating rules for every application. This means the utility of
    the SCF is nill if there's an outbreak inside the company, but at
    least we feel better protected from our biggest risk: our VPN users. I
    put an unpatched laptop on a DSL line with my policy and hammered it
    with several tools. The SCF stealthed the machine very well, as the
    tools did not return a live host. This is comforting, since more and
    more people want to connect to public wireless access points.

    All in all, I think everyone at my company is pleased with it. Now,
    if I could just get better reporting. I'll save the discussion of
    'Symantec's SESA product for another time as well.

    Good luck.

    Ken

  • Next message: Shaineel Singh: "RE: TCP/IP CRC question"