Slashdot Mirror
Are Desktop Firewalls Overkill?
Barence writes "Should you be running firewalls on your desktop and server machines? PC Pro's Jon Honeyball argues the case for switching off Windows firewalls and handing over responsibility for security to server-based solutions. 'I'd rather have security baked right into my network design than scattered willy-nilly around my desktops and servers,' Honeyball argues. 'It seems to me that there's much sense in concentrating your security into a small number of trusty gatekeepers rather than relying on a fog of barely managed faux security devices. Of course, it puts your eggs into fewer baskets, but it does mean these gatekeepers are easier to control and manage: monitoring them in real-time becomes routine.'"
I prefer using desktop traffic to restrict ports 1-65535 tcp/udp outbound on the client machines. It helps keep them focused.
Do not meddle in the affairs of sysadmins, for they are subtle, and quick to anger.
Absolutely. I've been running without my Windows Firewall on for several weeks now and so far it hasn't
Support the EFF and Creative Commons. The war is coming, and they're supporting you...
"Why expose ports unnecessarily?"
I tried using this argument with my teenage daughter, but she just laughed at me.
Actually, I do lock my bedroom door at night. If someone breaks into my house I may not hear them but if they try to break into my room I'm most likely to hear them giving me time to grab my gun and get into a vantage point where I'm well protected from return fire but have a great shot on anyone walking through the door. Even if they knock down the door with the first strike they are likely to grab for the handle first which will wake me up and if it doesn't the kicking down the door part will allow me time to roll off the side of the bed and pull the gun from under my bed and load it.
WTF Slashdot, why do I have to login 50 times to post?
But in the event of an accident, those people who are not belted in will be thrown free of the car to relative safety whereas those belted in will be strapped into a deathcage which could easily catch fire!!!
my girlfriend sleeps with her bedroom door locked, even with the front door to her house locked down.
I think this says more about you than about Windows and firewalls.
I eat only the real part of complex carbohydrates.
The most important "desktops" are the laptops that get hauled around airports by the powers that be. Relying exclusively on your servers/switches to isolate your "desktops" doesn't work in a Beijing hotel.
This really is too obvious to be worth mentioning. Anyone indulging this non-debate is a liability.
Don't be silly. Haven't you heard of the Great Firewall of China? Clearly, it is completely unnecessary to worry about a laptop getting infected in Beijing, as it has been behind a firewall the whole time.
Linux users do that. Windows users, leave their girlfriends naked in their cars parked on the outskirts of the city, unlocked even.
My plan is to run downstairs, get a bucket and fill it with water. Then I'll balance it on my door. Then I go back downstairs and bake a pie. After it cools, I take it upstairs and find a good place to attack from. When the intruder comes in the bucket of water will soak him head to toe, and that's when I hit him in the face with the pie. My pies are AWESOME so when he stops to eat the pie, I sneak around him and run out the front door naked. Someone is bound to see me naked and call the cops on me. When they show up I can explain that I'm naked because I didn't have time to pull on some shorts and also bake a pie. I had to choose just one thing to save my life.
Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
Scream in a girlish manner "Do anything you want to the girl, just don't hurt me!"
You can tell the difference?
Do you live in a neighborhood where someone jiggles your front door handle every few seconds?
No, but I wish I did! My "front door handle" has gone without jiggling for a while...