+ Post New Thread
Results 1 to 15 of 15
Wireless Networks Thread, Windows Firewall in Technical; Do you keep the Windows Firewall enabled or disabled on your machines at your school?...
  1. #1
    IanT's Avatar
    Join Date
    Aug 2008
    Location
    @ the back of my server racks farting.....
    Posts
    1,891
    Thank Post
    2
    Thanked 118 Times in 109 Posts
    Rep Power
    60

    Windows Firewall

    Do you keep the Windows Firewall enabled or disabled on your machines at your school?

  2. #2
    TheLibrarian
    Guest
    Disabled.

  3. #3

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,038
    Thank Post
    160
    Thanked 909 Times in 713 Posts
    Blog Entries
    3
    Rep Power
    270
    Enabled Exceptions in place if need to be. File and Print Sharing Turned ON

    James.

  4. #4

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    3,905
    Thank Post
    1,186
    Thanked 1,057 Times in 749 Posts
    Rep Power
    328
    Disabled :-)

  5. #5

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    I keep it disabled with a GPO. It should be worth noting however that the XP Firewall is only 50%, blocking incoming but not outgoing connections. So long as your security is up-to-date and you have something secure/reliable at the edge of your network you should be absolutely fine.

  6. #6

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    would having the firewall on or off have any affect on a fully patched network if the likes of confiker got through a usb?

  7. #7

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Every school should be running anti-virus software, so if it's any good, it should catch out such viruses.

  8. #8

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,799
    Thank Post
    272
    Thanked 1,134 Times in 1,030 Posts
    Rep Power
    349
    ours is off by gpo on every machine, we have our isa server between us and the internet, and even then on the other side of our isa we have a cisco router provided by the lea which is also a firewall.

  9. #9

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    Quote Originally Posted by Michael View Post
    Every school should be running anti-virus software, so if it's any good, it should catch out such viruses.
    true but a load of folk on here had it there was loads of posts

  10. #10

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,038
    Thank Post
    160
    Thanked 909 Times in 713 Posts
    Blog Entries
    3
    Rep Power
    270
    Quote Originally Posted by RabbieBurns View Post
    would having the firewall on or off have any affect on a fully patched network if the likes of confiker got through a usb?
    That is the only reason why i have it enabled, is because of the above... we do have updated anti-virus but it's better to be safe then sorry and it dont do any harm with it been turned on

  11. #11
    Rick2134's Avatar
    Join Date
    Feb 2009
    Location
    Leeds
    Posts
    30
    Thank Post
    16
    Thanked 5 Times in 5 Posts
    Rep Power
    11

    Firewall

    Disable it as anti-virus realise on your firewall being off to update if you use a enterprise console and any exam software that you run.

    Cheers Rich

  12. #12
    rh91uk's Avatar
    Join Date
    Sep 2008
    Location
    UK
    Posts
    876
    Thank Post
    137
    Thanked 132 Times in 114 Posts
    Rep Power
    35
    We did keep it disabled but due to our recent outbreak of conficker we turned it back on, adding exceptions in GPO for WMI and VNC

  13. #13

    Join Date
    Apr 2006
    Posts
    388
    Thank Post
    23
    Thanked 95 Times in 61 Posts
    Rep Power
    44
    Antivirus *should* catch viruses . . . . .
    Perimeter security *should* keep you safe from attack from outside . . . . .

    But all technology has off days. Zero day exploits exist, AV software does not catch all viruses, and not all attacks come from outside. If you get a worm inside the network and there's not security between machines, then you're stuffed.

    One other important thing to think about is that not all PCs stay on site - laptops will get taken home, plugged into home networks and in some cases directly into the Internet. And what's the first thing numpty ISP tech support tells the home user to do? Disable their firewalls & antivirus software . . . .

    So I set up like this: all machines have the firewall on, via group policy, and can't be turned off by the user. When connected to the domain, exceptions are there for WMI, Remote Desktop and the odd one or two that require file/print sharing (or something more exotic). When not connected, there are no exceptions allowed.

  14. #14

    Join Date
    Nov 2005
    Location
    North
    Posts
    1,817
    Thank Post
    24
    Thanked 91 Times in 71 Posts
    Rep Power
    50
    Defo on, it takes 10 minutes to GPO it and get the exceptions sorted and it may not be perfect but even it it gives me 1% extra protection its worth it.

  15. #15
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,196
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    I keep it disabled with a GPO. It should be worth noting however that the XP Firewall is only 50%, blocking incoming but not outgoing connections. So long as your security is up-to-date and you have something secure/reliable at the edge of your network you should be absolutely fine.

    Defence in depth. Why disable and easy to configure built in security feature? Yes it only covers incoming traffic but that's the most important in my opinion. We turn it on via GPO and then set exceptions.
    Perimeter firewalls don't protect against USB drives or laptops bought on site, firewalls are the best defence against zero day exploits. Anti-Virus software is the 'last' line of defence.
    Last edited by cookie_monster; 29th November 2009 at 09:22 PM.

SHARE:
+ Post New Thread

Similar Threads

  1. Windows Firewall
    By cookie_monster in forum Windows Server 2008
    Replies: 3
    Last Post: 21st July 2009, 09:00 PM
  2. Lanview - Windows Firewall
    By EduTech in forum Network and Classroom Management
    Replies: 3
    Last Post: 20th October 2008, 02:44 PM
  3. Did MS do something windows firewall?
    By Teth in forum Windows
    Replies: 5
    Last Post: 20th September 2007, 09:15 AM
  4. Windows Firewall
    By Mintsoft in forum Windows
    Replies: 3
    Last Post: 22nd March 2006, 09:59 AM
  5. Windows Firewall
    By GrumbleDook in forum Windows
    Replies: 16
    Last Post: 31st August 2005, 12:54 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •