+ Post New Thread
Results 1 to 15 of 15
Wireless Networks Thread, Windows Firewall in Technical; Do you keep the Windows Firewall enabled or disabled on your machines at your school?...
  1. #1
    IanT's Avatar
    Join Date
    Aug 2008
    Location
    @ the back of my server racks farting.....
    Posts
    1,891
    Thank Post
    2
    Thanked 118 Times in 109 Posts
    Rep Power
    59

    Windows Firewall

    Do you keep the Windows Firewall enabled or disabled on your machines at your school?

  2. #2
    TheLibrarian
    Guest
    Disabled.

  3. #3

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,037
    Thank Post
    160
    Thanked 908 Times in 712 Posts
    Blog Entries
    3
    Rep Power
    270
    Enabled Exceptions in place if need to be. File and Print Sharing Turned ON

    James.

  4. #4

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    3,898
    Thank Post
    1,182
    Thanked 1,053 Times in 748 Posts
    Rep Power
    327
    Disabled :-)

  5. #5

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,228
    Thank Post
    239
    Thanked 1,562 Times in 1,246 Posts
    Rep Power
    339
    I keep it disabled with a GPO. It should be worth noting however that the XP Firewall is only 50%, blocking incoming but not outgoing connections. So long as your security is up-to-date and you have something secure/reliable at the edge of your network you should be absolutely fine.

  6. #6

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,510
    Thank Post
    1,319
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    would having the firewall on or off have any affect on a fully patched network if the likes of confiker got through a usb?

  7. #7

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,228
    Thank Post
    239
    Thanked 1,562 Times in 1,246 Posts
    Rep Power
    339
    Every school should be running anti-virus software, so if it's any good, it should catch out such viruses.

  8. #8

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,784
    Thank Post
    272
    Thanked 1,129 Times in 1,025 Posts
    Rep Power
    348
    ours is off by gpo on every machine, we have our isa server between us and the internet, and even then on the other side of our isa we have a cisco router provided by the lea which is also a firewall.

  9. #9

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,510
    Thank Post
    1,319
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    Quote Originally Posted by Michael View Post
    Every school should be running anti-virus software, so if it's any good, it should catch out such viruses.
    true but a load of folk on here had it there was loads of posts

  10. #10

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,037
    Thank Post
    160
    Thanked 908 Times in 712 Posts
    Blog Entries
    3
    Rep Power
    270
    Quote Originally Posted by RabbieBurns View Post
    would having the firewall on or off have any affect on a fully patched network if the likes of confiker got through a usb?
    That is the only reason why i have it enabled, is because of the above... we do have updated anti-virus but it's better to be safe then sorry and it dont do any harm with it been turned on

  11. #11
    Rick2134's Avatar
    Join Date
    Feb 2009
    Location
    Leeds
    Posts
    30
    Thank Post
    16
    Thanked 5 Times in 5 Posts
    Rep Power
    11

    Firewall

    Disable it as anti-virus realise on your firewall being off to update if you use a enterprise console and any exam software that you run.

    Cheers Rich

  12. #12
    rh91uk's Avatar
    Join Date
    Sep 2008
    Location
    UK
    Posts
    871
    Thank Post
    137
    Thanked 132 Times in 114 Posts
    Rep Power
    35
    We did keep it disabled but due to our recent outbreak of conficker we turned it back on, adding exceptions in GPO for WMI and VNC

  13. #13

    Join Date
    Apr 2006
    Posts
    387
    Thank Post
    23
    Thanked 95 Times in 61 Posts
    Rep Power
    44
    Antivirus *should* catch viruses . . . . .
    Perimeter security *should* keep you safe from attack from outside . . . . .

    But all technology has off days. Zero day exploits exist, AV software does not catch all viruses, and not all attacks come from outside. If you get a worm inside the network and there's not security between machines, then you're stuffed.

    One other important thing to think about is that not all PCs stay on site - laptops will get taken home, plugged into home networks and in some cases directly into the Internet. And what's the first thing numpty ISP tech support tells the home user to do? Disable their firewalls & antivirus software . . . .

    So I set up like this: all machines have the firewall on, via group policy, and can't be turned off by the user. When connected to the domain, exceptions are there for WMI, Remote Desktop and the odd one or two that require file/print sharing (or something more exotic). When not connected, there are no exceptions allowed.

  14. #14

    Join Date
    Nov 2005
    Location
    North
    Posts
    1,808
    Thank Post
    24
    Thanked 91 Times in 71 Posts
    Rep Power
    50
    Defo on, it takes 10 minutes to GPO it and get the exceptions sorted and it may not be perfect but even it it gives me 1% extra protection its worth it.

  15. #15
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,196
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    I keep it disabled with a GPO. It should be worth noting however that the XP Firewall is only 50%, blocking incoming but not outgoing connections. So long as your security is up-to-date and you have something secure/reliable at the edge of your network you should be absolutely fine.

    Defence in depth. Why disable and easy to configure built in security feature? Yes it only covers incoming traffic but that's the most important in my opinion. We turn it on via GPO and then set exceptions.
    Perimeter firewalls don't protect against USB drives or laptops bought on site, firewalls are the best defence against zero day exploits. Anti-Virus software is the 'last' line of defence.
    Last edited by cookie_monster; 29th November 2009 at 09:22 PM.

SHARE:
+ Post New Thread

Similar Threads

  1. Windows Firewall
    By cookie_monster in forum Windows Server 2008
    Replies: 3
    Last Post: 21st July 2009, 09:00 PM
  2. Lanview - Windows Firewall
    By EduTech in forum Network and Classroom Management
    Replies: 3
    Last Post: 20th October 2008, 02:44 PM
  3. Did MS do something windows firewall?
    By Teth in forum Windows
    Replies: 5
    Last Post: 20th September 2007, 09:15 AM
  4. Windows Firewall
    By Mintsoft in forum Windows
    Replies: 3
    Last Post: 22nd March 2006, 09:59 AM
  5. Windows Firewall
    By GrumbleDook in forum Windows
    Replies: 16
    Last Post: 31st August 2005, 12:54 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •