Re: Firewall for laptops, corporation with 1,000 laptops

From: Marlon Brown (marlon_brownj@hotmail.com)
Date: 10/31/02 

From: "Marlon Brown" <marlon_brownj@hotmail.com>
Date: Wed, 30 Oct 2002 19:18:41 -0800

Most laptops are WIn2000 Prof.

When you say "Internet Console Management make me nervous", can you tell me
motives for that ? Security concern ?

I was exploring Orchestrater from Mcafee, as I already have VirusScan
deployed on the network.
My question now is that if it is worthed paying big $ for a "network managed
personal firewall for laptops" ?
I am not sure on how is the maintenance on firewalls once you deployed them
on the laptops...

"Karl Levinson [x y] mvp" <levinson_k@excite.com> wrote in message
news:eLlQQlHgCHA.1636@tkmsftngp10...
> "Marlon Brown" <marlon_brown@hotmail.com> wrote in message
> news:uakG3PGgCHA.2400@tkmsftngp11...
> > Do you recommend any firewall that I can deploy on the network ? About
> 1,000
> > Win2K/WinXP machines.
> >
> > How is Mcafee firewall ?
>
> Personally I can't stand anything by McAfee, and their licensing scheme is
> usually expensive. I think you should pay $30 or less per seat for a
> firewall.
>
> I guess you can't use the free XP ICF firewall since the machines are
> probably joined to a Windows domain.
>
> You could roll out IPsec policy filters for free either using Group Policy
> or a batch file script. This would possibly be the easiest to install
> remotely / quickly, though there's no logging or alerting at all, which
can
> make troubleshooting difficult. If an application doesn't work, there's
no
> indicator to show whether it's the firewall or not. Also, the rules are
> entirely up to you, so the level of security you get depends on your
> knowledge of IP and IP filtering. And it's not stateful, so allowing /
> blocking protocols like FTP may be difficult without opening up lots of
> other ports. Still, it may be an option. Search this newsgroup for
"IPsec"
> for URLs on how to configure IPsec.
>
> www.sygate.com gives the ability to write extremely granular packet
filters,
> and has some sort of central policy manager server I think. It also does
a
> good job of collecting and logging packet contents like a sniffer, though
it
> doesn't really alert much or analyze the content for attack signatures
like
> an IDS such as BlackIce does. I like Sygate. Probably around $30 a seat.
>
> www.iss.net makes BlackIce, which does more analyzing and alerting of
> malicious content. It too probably has a central management server. Also
> around $35 a seat plus yearly update subscriptions.
>
> Norton firewall is probably good, and they may have an option to remotely
> roll out their software and updates, I'm not sure. Probably around $50 a
> seat.
>
> I believe 3com also makes NIC cards for laptops with integrated firewalls
> that can be remotely managed by a policy server. Any firewall that can be
> reconfigured through the internet-facing interface would make me somewhat
> nervous, though. Also it's probably the most expensive solution in the
> list. Probably around $100 a seat.
>
> There's also http://www.kerio.net , don't know much about that except that
> it's respected and may also allow granular packet filtering rules.
>
>
>

Relevant Pages

  • RE: [fw-wiz] Vulnerability Response
    ... >> management effort scales with the number of hosts. ... It scales non-linearly if the problem area is well-defined. ... Now - if you're gonna make a firewall policy for 10,000 desktops ... When someone talks about doing mitigation at the host level, ...
    (Firewall-Wizards)
  • Re: Default Browsers
    ... >>>A File Sharing network is set up on all three computers. ... The two laptops see each other but not the desktop. ... >>>uninstalling the AVG Firewall on my desktop and reconfiguring the ... >Let me refer explicitly to one of the many sections of your blog that I've ...
    (microsoft.public.windowsxp.network_web)
  • Re: Firewall Management
    ... there after or deciding on managing the firewall myself. ... have built this firewall management service into their proposal, ... and event log analysis -- not unless you are a very small organization ...
    (comp.security.firewalls)
  • Re: [fw-wiz] OT: vendors please respond
    ... 1> Exactly what is this firewall supposed to be protecting? ... A separate IDS? ... 10> Do you need centralized management? ... 1> Features you MUST have. ...
    (Firewall-Wizards)
  • Re: XP Home & Workgroup Visibility
    ... I have tried with McAfee Firewall disabled but this does ... The laptops and both able to see the Desktop (one has ... Master browser name is LAPTOP1NAME ...
    (microsoft.public.windowsxp.network_web)