Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security IT

Are Desktop Firewalls Overkill? 440

Posted by CmdrTaco from the not-in-my-office dept.
Barence writes "Should you be running firewalls on your desktop and server machines? PC Pro's Jon Honeyball argues the case for switching off Windows firewalls and handing over responsibility for security to server-based solutions. 'I'd rather have security baked right into my network design than scattered willy-nilly around my desktops and servers,' Honeyball argues. 'It seems to me that there's much sense in concentrating your security into a small number of trusty gatekeepers rather than relying on a fog of barely managed faux security devices. Of course, it puts your eggs into fewer baskets, but it does mean these gatekeepers are easier to control and manage: monitoring them in real-time becomes routine.'"
This discussion has been archived. No new comments can be posted.

Are Desktop Firewalls Overkill? More

Are Desktop Firewalls Overkill?

Comments Filter:

  • Comment removed (Score:5, Interesting)

    by account_deleted ( 4530225 ) on Wednesday September 22, 2010 @11:43AM (#33663394)
    Comment removed based on user account deletion

  • Whatever, it just doesn't work. (Score:4, Interesting)

    by h00manist ( 800926 ) on Wednesday September 22, 2010 @11:44AM (#33663432) Journal
    In order to get a terminal which does something as simple as read all websites, it has to support a ton of bloated technologies, which more or less forces you to run some expensive bloaty OS, with a bunch of other protections. Gigabytes of support libraries to display a page. Websites are supposed to be universally readable. Thankfully now mobile devices are popular and low-powered, perhaps now the universal-readable concept and argument will gain more strength over the most-visual-selling argument.

  • Re:stating the obvious... (Score:5, Interesting)

    by Gadget_Guy ( 627405 ) * on Wednesday September 22, 2010 @11:49AM (#33663524)

    The article started to address this, but failed miserably.

    One group will undoubtedly be saying "there's no harm in running both client- and server-side firewalls, so why even contemplate the heresy of turning off the built-in Windows firewall?" You would of course be right, except for one thing - it's actually quite hard to turn off the built-in firewall

    Ah, what? The reason for not turning off the firewall is that it is hard to turn off the firewall? That makes no sense at all. It also doesn't seem too hard to me. In Win7, type firewall into the start menu search box and click on Windows Firewall. From there, choose "turn firewall on or off".

    The reason for leaving the firewall on is to give a last line of defence if someone gets around the server protection. It also acts as a barrier when idiots decide to add an unauthorised wireless access point onto the network.

  • Re:stating the obvious... (Score:3, Interesting)

    by kestasjk ( 933987 ) * on Wednesday September 22, 2010 @11:55AM (#33663672) Homepage
    We're talking about having firewalls installed on desktop machines as well as having firewalls installed on server and gateway machines. Any network admin or person with an ounce of intelligence realizes this is just common sense.

    You seem to be talking about having "desktop firewalls" and "server firewalls" running on the same machine, i.e. two firewall systems on the same machine, which is of course only going to lead to problems.

    An important distinction to make clear because it sounded like you think desktop machines' firewalls are made redundant by server machines' firewalls, which they are definitely not.

  • Re:Outgoing firewall: Yes. Incoming firewall: why? (Score:2, Interesting)

    by GoingDown ( 741380 ) on Wednesday September 22, 2010 @01:10PM (#33665000)

    Agreed. Inbound connections should be blocked by disabling all unnecessary services which open listening ports. If service is not needed, then it should be disabled. If it is needed, then access to that service is probably needed too. Problem is, that in Windows it is impossible to disable certain listening ports.

    Outbound connection blocking is much more valuable - if the malware is not clever enough to disable local firewall, it cannot open outbound connections.

  • Re:stating the obvious... (Score:5, Interesting)

    by Culture20 ( 968837 ) on Wednesday September 22, 2010 @03:42PM (#33667374)

    Keeping workstation firewalls on behind network level firewalls is like locking the door of each room of your house as you pass through it. Unlock, open, go through, shut, and lock. Suddenly, the security measures outweigh their usefulness.

    That depends: Do you live in a neighborhood where someone jiggles your front door handle every few seconds? Do you live in an apartment with roommates? Are the roommates close friends of yours, or only real-estate associates? Do your roommates bring over people you don't know? Do your roommates or roommates' friends jiggle your bedroom door handle occasionally to see if they can steal something? This would be more close to the computer analogy.

  • Re:stating the obvious... (Score:5, Interesting)

    by Rick17JJ ( 744063 ) on Wednesday September 22, 2010 @05:03PM (#33668544)
    I would prefer to have a solid core or metal door with a good sturdy slide bolt for my bedroom. Most master bedrooms just have a hollow core door that an intruder could easily kick his foot through. I mentioned having a slide bolt, because bedrooms typically have a bathroom door style lock which can quickly be opened with a screwdriver. I would also want a good strong door frame. I would probably have just enough time to quickly get my .356 magnum from the pistol safe (or a shotgun if I ever get one). I should start regularly practicing opening the push-button combination lock quickly.

    Unfortunately, my knowledge and experience with guns is very limited. If possible, I would prefer to position myself in a direction where any missed shots would be least likely to hit neighbors after passing through the walls. I wonder if shooting from behind a water bed would protect me from handgun bullets or not? Perhaps the distinctive sound of a pump type shotgun loading a shell into the chamber would discourage the intruders from continuing to try to break down the bedroom door.

    Unfortunately, all I have ever had, anywhere I have ever lived, is flimsy hollow core exterior doors and hollow core bedroom doors.

    Late at night, a few years ago, I had a minor encounter with a burglar who was trying to open the front door. I looked through the window in the front door and there was his face on the other side of the glass about two feet away from my face. We both started each other. There I was, unarmed and face to face with some guy who was covered with prison tattoos. As he took off, I noticed that there was also another guy who had been hiding in the bushes along side the building.

    Perhaps, looking through the door's window face to face with the burglar was not the brightest thing to do, but it did scare them off. A sheriffs deputy later examined the minor damage to one window on the side of the building, and also the minor damage both the front and rear door frames and one striker plate. He wrote up a report.

Slashdot Top Deals

"Look! There! Evil!.. pure and simple, total evil from the Eighth Dimension!" -- Buckaroo Banzai

Close