+ Post New Thread
Results 1 to 15 of 15
Wireless Networks Thread, Windows Firewall in Technical; Do you keep the Windows Firewall enabled or disabled on your machines at your school?...
  1. #1
    IanT's Avatar
    Join Date
    Aug 2008
    Location
    @ the back of my server racks farting.....
    Posts
    1,893
    Thank Post
    2
    Thanked 118 Times in 109 Posts
    Rep Power
    60

    Windows Firewall

    Do you keep the Windows Firewall enabled or disabled on your machines at your school?

  2. #2
    TheLibrarian
    Guest
    Disabled.

  3. #3

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,080
    Thank Post
    160
    Thanked 941 Times in 733 Posts
    Blog Entries
    3
    Rep Power
    276
    Enabled Exceptions in place if need to be. File and Print Sharing Turned ON

    James.

  4. #4

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    4,035
    Thank Post
    1,262
    Thanked 1,107 Times in 785 Posts
    Rep Power
    338
    Disabled :-)

  5. #5

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,345
    Thank Post
    242
    Thanked 1,602 Times in 1,278 Posts
    Rep Power
    346
    I keep it disabled with a GPO. It should be worth noting however that the XP Firewall is only 50%, blocking incoming but not outgoing connections. So long as your security is up-to-date and you have something secure/reliable at the edge of your network you should be absolutely fine.

  6. #6

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,532
    Thank Post
    1,341
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    200
    would having the firewall on or off have any affect on a fully patched network if the likes of confiker got through a usb?

  7. #7

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,345
    Thank Post
    242
    Thanked 1,602 Times in 1,278 Posts
    Rep Power
    346
    Every school should be running anti-virus software, so if it's any good, it should catch out such viruses.

  8. #8

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,821
    Thank Post
    272
    Thanked 1,140 Times in 1,036 Posts
    Rep Power
    351
    ours is off by gpo on every machine, we have our isa server between us and the internet, and even then on the other side of our isa we have a cisco router provided by the lea which is also a firewall.

  9. #9

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,532
    Thank Post
    1,341
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    200
    Quote Originally Posted by Michael View Post
    Every school should be running anti-virus software, so if it's any good, it should catch out such viruses.
    true but a load of folk on here had it there was loads of posts

  10. #10

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,080
    Thank Post
    160
    Thanked 941 Times in 733 Posts
    Blog Entries
    3
    Rep Power
    276
    Quote Originally Posted by RabbieBurns View Post
    would having the firewall on or off have any affect on a fully patched network if the likes of confiker got through a usb?
    That is the only reason why i have it enabled, is because of the above... we do have updated anti-virus but it's better to be safe then sorry and it dont do any harm with it been turned on

  11. #11
    Rick2134's Avatar
    Join Date
    Feb 2009
    Location
    Leeds
    Posts
    30
    Thank Post
    16
    Thanked 5 Times in 5 Posts
    Rep Power
    12

    Firewall

    Disable it as anti-virus realise on your firewall being off to update if you use a enterprise console and any exam software that you run.

    Cheers Rich

  12. #12
    rh91uk's Avatar
    Join Date
    Sep 2008
    Location
    UK
    Posts
    877
    Thank Post
    137
    Thanked 132 Times in 114 Posts
    Rep Power
    36
    We did keep it disabled but due to our recent outbreak of conficker we turned it back on, adding exceptions in GPO for WMI and VNC

  13. #13

    Join Date
    Apr 2006
    Posts
    390
    Thank Post
    24
    Thanked 95 Times in 61 Posts
    Rep Power
    45
    Antivirus *should* catch viruses . . . . .
    Perimeter security *should* keep you safe from attack from outside . . . . .

    But all technology has off days. Zero day exploits exist, AV software does not catch all viruses, and not all attacks come from outside. If you get a worm inside the network and there's not security between machines, then you're stuffed.

    One other important thing to think about is that not all PCs stay on site - laptops will get taken home, plugged into home networks and in some cases directly into the Internet. And what's the first thing numpty ISP tech support tells the home user to do? Disable their firewalls & antivirus software . . . .

    So I set up like this: all machines have the firewall on, via group policy, and can't be turned off by the user. When connected to the domain, exceptions are there for WMI, Remote Desktop and the odd one or two that require file/print sharing (or something more exotic). When not connected, there are no exceptions allowed.

  14. #14

    Join Date
    Nov 2005
    Location
    North
    Posts
    1,903
    Thank Post
    25
    Thanked 96 Times in 76 Posts
    Rep Power
    51
    Defo on, it takes 10 minutes to GPO it and get the exceptions sorted and it may not be perfect but even it it gives me 1% extra protection its worth it.

  15. #15
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,224
    Thank Post
    396
    Thanked 278 Times in 239 Posts
    Rep Power
    75
    I keep it disabled with a GPO. It should be worth noting however that the XP Firewall is only 50%, blocking incoming but not outgoing connections. So long as your security is up-to-date and you have something secure/reliable at the edge of your network you should be absolutely fine.

    Defence in depth. Why disable and easy to configure built in security feature? Yes it only covers incoming traffic but that's the most important in my opinion. We turn it on via GPO and then set exceptions.
    Perimeter firewalls don't protect against USB drives or laptops bought on site, firewalls are the best defence against zero day exploits. Anti-Virus software is the 'last' line of defence.
    Last edited by cookie_monster; 29th November 2009 at 10:22 PM.



SHARE:
+ Post New Thread

Similar Threads

  1. Windows Firewall
    By cookie_monster in forum Windows Server 2008
    Replies: 3
    Last Post: 21st July 2009, 10:00 PM
  2. Lanview - Windows Firewall
    By EduTech in forum Network and Classroom Management
    Replies: 3
    Last Post: 20th October 2008, 03:44 PM
  3. Did MS do something windows firewall?
    By Teth in forum Windows
    Replies: 5
    Last Post: 20th September 2007, 10:15 AM
  4. Windows Firewall
    By Mintsoft in forum Windows
    Replies: 3
    Last Post: 22nd March 2006, 10:59 AM
  5. Windows Firewall
    By GrumbleDook in forum Windows
    Replies: 16
    Last Post: 31st August 2005, 01:54 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •