Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

General Firewall Advice Please

Status
Not open for further replies.
rosieb

rosieb

IS-IT--Management
Sep 12, 2002
4,279
0
0
GB
Suddenly, I've got operational responsibility ror security. Talk about being in over my head. 4 weeks ago my knowledge of security was close to zero.

Looks like some laptops which dial in aren't firewalled. Am I wrong to be concerned?

My instincts, supported by what I've read, scream "panic", but I'd appreciate advice.
 
Sort by date Sort by votes
Dial in? Then the sense of urgency need not be so immediate...IMHO. Some argue that ANY internet user needs a firewall, but I believe that it's far more necessary for high-speed connections. With dial-up, you get a new connection, a new IP address, every time you connect. Hackers tend to prefer fixed IPS.

Here's some basic info:


"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
Upvote 0 Downvote
carrr

Thanks, interesting reading. (A big part of my problem is working out where to start on the research, there'e just too much information available so useful pointers like this are a real help).


Rosie
"Never express yourself more clearly than you think" (Niels Bohr)
 
Upvote 0 Downvote
You should be concerned. Really. Even with dynamic IPs, on the average a connected computer is scanned once per 5 to 10 minutes. And it takes only a few seconds to install a backdoor or trojan on a laptop. Once the laptop will get back to your network, this will mean the insider will be inside.
For the story, lots of companies have been hacked this way (and some of the biggest in town, too).
 
Upvote 0 Downvote
Please forgive me if I am naieve about this point, but isn't an un-firewalled laptop fairly safe from attacks from viruses and trojans out in the field if it has the latest anti-virus definitions?
 
Upvote 0 Downvote
Your core network should have security devices between it and any device which will access the core. Whether that is a firewall,IDS,IPS,vulnerability assessment tool is up to you.
At a MINIMUM,I suggest a firewall.
Thats my 2 cent's worth.

Rick Harris
SC Dept of Motor Vehicles
Network Operations
 
Upvote 0 Downvote
I would advise a firewall. If only for the saying "better safe then sorry". Those 2 cents should be considered.
Ben
 
Upvote 0 Downvote
Invest in a decent AV and a good software firewall for your laptops. Worth investing in a spyware checker as well.

Make sure that the firewall isn't some standard home edition either - has to support your networking infrastructure.

I also agree with Rick - all core network services should be at least firewalled, ideally have a good IDS on the system as well.

Steve.
 
Upvote 0 Downvote
If you are talking about a corporate or business that allows outside laptops to dial into the core of your network, or even to check email via OWA of some type. You should be concerned.
Your organization should be running some type of corporate firewall device already, check and see what you are using. Most of the major firewall manufactures have client software that you can install on your laptops that will create a VPN back to your firewall creating a safe tunnel. The are other software apps out there that also give you the security of a VPN connection.

The laptops can pose a threat to your network because you have no control over where they have been, at a minimum you should have an antivirus product installed and some type of firewall also.
 
Upvote 0 Downvote
Upvote 0 Downvote
Thanks all, not ignoring suggestions, just digesting them!!
Much appreciated.

Rosie
"Never express yourself more clearly than you think" (Niels Bohr)
 
Upvote 0 Downvote
If your using Windows 2000 or higher, you can also use Group Policies to lock the system down.

Passwords, whats stored on it, what programs can/can't be ran etc. Really helps control what can be let onto the network by using this method, physcial access (no floppy/CD's etc.) and secuirty as mentioned above.

Steve.
 
Upvote 0 Downvote
I and several others I know use Zone Alarm Lite. It's free and works great. I've got a wireless network and I can't tell you how many times ZA has blocked people trying to hit my machines. Also Stevehewit is correct about anti-virus software. I can't tell you the number of times I've seen laptops in the field get infected then hook up to the network and start infecting it. Good luck.

Zone Alarm Lite

Glen A. Johnson
If you're from Northern Illinois/Southern Wisconsin check out Tek-Tips in Chicago, Illinois Forum.

TTinChicago
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Help Please, Trying to Convince Company Mixing Personal and Corporate Email is Bad Practice
Replies
9
Views
234
DrB0b
DrB0b
sara1995
  • Locked
  • Question
IDS vs Firewall vs WAF for protect website against dos attacks
Replies
1
Views
164
mattKnight
mattKnight
brokenhalo
  • Locked
  • Question
Open Source reverse-proxy/firewall
Replies
0
Views
39
brokenhalo
brokenhalo
iolair
  • Locked
  • Question
Firewalls
Replies
8
Views
64
iolair
iolair
GKChesterton
  • Locked
  • Question
LAN, Internet filtering, 'walk-away' firewall solution
Replies
1
Views
31
pansophic
pansophic

Part and Inventory Search

Sponsor

Back
Top