Slashdot Mirror

← Back to Stories (view on slashdot.org)

Are Desktop Firewalls Overkill?

Posted by CmdrTaco on from the not-in-my-office dept.

Barence writes "Should you be running firewalls on your desktop and server machines? PC Pro's Jon Honeyball argues the case for switching off Windows firewalls and handing over responsibility for security to server-based solutions. 'I'd rather have security baked right into my network design than scattered willy-nilly around my desktops and servers,' Honeyball argues. 'It seems to me that there's much sense in concentrating your security into a small number of trusty gatekeepers rather than relying on a fog of barely managed faux security devices. Of course, it puts your eggs into fewer baskets, but it does mean these gatekeepers are easier to control and manage: monitoring them in real-time becomes routine.'"

4 of 440 comments (clear)

  1. stating the obvious... by digitalderbs · · Score: 5, Insightful

    why not both?

    1. Re:stating the obvious... by The+Clockwork+Troll · · Score: 5, Insightful

      Yes, this is why I lock the doors on my automobile but I leave the ignition key on the dashboard, and leave the glove compartment open and unlocked!

      Finally someone who sees things as I do!

      Also, first car analogy.

      --

      There are no karma whores, only moderation johns
  2. Defense in Depth by rotide · · Score: 5, Insightful

    Maybe there are cases where running host based Firewalls and/or IPS is overkill. But you _never_ pretend that you've got security 100% covered. It's great to think you have security locked down, but threats come from _all_ angles.

    Case in point, I don't care how good your external firewall/IPS is if John in Sales decides to try and break into a server on the LAN. Hence, Defense in Depth. Multiple layers of security all the way down to the OS. Sure, that desktop over there might contain _no_ critical data whatsoever. That doesn't mean it won't end up becoming a SPAM bot or have a backdoor installed for easy LAN access.

    "Here’s a contentious topic to chew on, but before I go any further let me make something crystal clear – I’m not advocating that you try this, I’m not saying it’s a good idea, and I’m not saying I would do it on my own networks."

    Frankly, it sounds like he just wants to write an article with an absurd title to get clicks, nothing of value to see here

  3. Defense in depth by TopSpin · · Score: 5, Insightful

    The most important "desktops" are the laptops that get hauled around airports by the powers that be. Relying exclusively on your servers/switches to isolate your "desktops" doesn't work in a Beijing hotel.

    This really is too obvious to be worth mentioning. Anyone indulging this non-debate is a liability.

    --
    Lurking at the bottom of the gravity well, getting old