[OPLINTECH] Software Firewalls

Chad Neeper cneeper at level9networks.com
Thu Aug 3 11:18:00 EDT 2006


Jeff,

Strictly speaking about the firewall component of network security, you
may want to consider a multi-level approach:

1) Of course have a firewall to protect your network perimeter.
2) Firewall between your DMZ and everything else.
3) Firewall between any wireless access points and everything else.
4) Firewall between any public patron use workstations and everything else.
5) Personal firewall on all workstations.

With this approach, your entire network is protected from direct attacks
from the Internet (1). Your web servers are protected and isolated from
your private network when they become compromised (2). Your private
network is protected from people attaching to your wireless network and
trying to do nasty things (3). Your private network is protected against
patrons using your own public-use workstations against your private
network (4). And your workstations are protected from each other when a
virus/worm/attacker is loose on your network.

Of course, the firewalls are all useless unless they are configured
correctly...

For what it's worth, I typically use the XP firewall on the
workstations. It's crude, but does the job. As far as I know, there
aren't any security issues with the built-in firewall. Has anyone heard
differently and can provide references to such?

My two cents,
Chad

-----------------------
Chad Neeper
Senior Systems Engineer

Level 9 Networks
740-548-8070 (voice)
866-214-6607 (fax)

--   Full LAN/WAN consulting services   --
-- Specialized in libraries and schools --



Jeff Franklin wrote:
> Greetings in Library Land,
>
> For those of you that have a true hardware firewall on your networks, how
> many of you are also running software firewalls on the PC's?  For those of
> you that are running software firewalls, are they installed on staff
> computers, public computers, or have them on both?  What software firewall
> are you using?  On XP computers, are you running the XP firewall, using a
> different firewall instead, or not using the XP or another firewall at all?
>
> Thank you,
>
> Jeff Franklin
> Norwalk Public Library
>
> _______________________________________________
> OPLINTECH mailing list
> OPLINTECH at oplin.org
> http://mail.oplin.org/mailman/listinfo/oplintech
>
>
>   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3273 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.oplin.org/mailman/private/oplintech/attachments/20060803/43faca50/smime.bin


More information about the OPLINTECH mailing list