+ Post New Thread
Results 1 to 6 of 6
Wireless Networks Thread, Server firewalls inside the perimeter in Technical; in another thread, RoyG suggested that it would be OK to give students admin rights so long as server security ...
  1. #1

    Join Date
    Mar 2006
    Posts
    537
    Thank Post
    2
    Thanked 3 Times in 2 Posts
    Rep Power
    19

    Server firewalls inside the perimeter

    in another thread, RoyG suggested that it would be OK to give students admin rights so long as server security was up to par. Best practice normally calls for uptodate patching and disabling unused services.

    I was just wondering if, added to the above, people here also have a firewall inside the LAN between their servers and client PCs

  2. #2

    Join Date
    Mar 2006
    Posts
    537
    Thank Post
    2
    Thanked 3 Times in 2 Posts
    Rep Power
    19

    Re: Server firewalls inside the perimeter

    Oh look! A tumbleweed!

  3. #3

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,911
    Thank Post
    596
    Thanked 2,165 Times in 990 Posts
    Blog Entries
    23
    Rep Power
    628

    Re: Server firewalls inside the perimeter

    Quote Originally Posted by ITWombat
    in another thread, RoyG suggested that it would be OK to give students admin rights so long as server security was up to par. Best practice normally calls for uptodate patching and disabling unused services.

    I was just wondering if, added to the above, people here also have a firewall inside the LAN between their servers and client PCs
    No no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no. It's just plain bad.

  4. #4


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,637
    Thank Post
    275
    Thanked 777 Times in 604 Posts
    Rep Power
    223

    Re: Server firewalls inside the perimeter

    We don't have it here, but it was common practise in a couple of places I contracted in. Development servers were firewalled off from the rest of the LAN, so was the finance server.

    If it's _well_ documented and done for sensible reasons, it can work. Problems arise when changes aren't documented. If you're doing it because a server isn't patched / secure you still have issues, but certain patches break certain expensive systems (I'm looking at you Oracle) so firewalling is sometimes the only option..

    IIRC (few years ago), employees at Sophos (that have been there long enough to be considered sensible), have two computers on their desk, one for the Internet and one for the internal lan. They fire people who attempt to move files from one to another.

  5. #5


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339

    Re: Server firewalls inside the perimeter

    in another thread, RoyG suggested that it would be OK to give students admin rights so long as server security was up to par
    I didn't get the impression he was talking about production machines - any computer can be a server if it serves something and I don't see any problem giving kids admin on 'servers' so they can learn it . Some schools let kids bring in their own laptops, some schools even buy laptops for kids - there is no difference. I can't prevent a student brining in an AD DC on his/her laptop and probably it should be encouraged

    Its definately not a good idea to give anyone admin rights to production servers except admins.

  6. #6

    Join Date
    Feb 2006
    Posts
    1,187
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Server firewalls inside the perimeter

    Quote Originally Posted by Dos_Box
    No no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no. It's just plain bad.
    ROFL

    Actually, I saw that thread too. I think the admin rights were for PCs not servers (now that would be scary). Roy also used hardware disk reset as additonal measure against pishing and persistent badness.

    The question really is whether there would much gained. A lot of malware uses common ports for SMB, SSL, SMTP etc (remember Blaster)

SHARE:
+ Post New Thread

Similar Threads

  1. Meeting Room Booking System - examples config inside!
    By db260179 in forum Network and Classroom Management
    Replies: 7
    Last Post: 25th July 2007, 07:07 PM
  2. Firewalls
    By GrumbleDook in forum Blue Skies
    Replies: 2
    Last Post: 21st July 2007, 12:40 PM
  3. TS inside Cisco ASA firewall
    By BigBadVinny in forum Wireless Networks
    Replies: 5
    Last Post: 15th June 2007, 08:53 AM
  4. What's your inside leg measurement?
    By ITWombat in forum General Chat
    Replies: 18
    Last Post: 5th March 2007, 01:10 PM
  5. Formatting inside code block
    By ITWombat in forum Comments and Suggestions
    Replies: 4
    Last Post: 16th October 2006, 08:34 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •