Are Desktop Firewalls Overkill?

[Keiichi25]

That is the question posed on slashdot with this link:

Slashdot IT Story | Are Desktop Firewalls Overkill?

I know some of this was argued in another thread, but this now pertains closer to Corporate Level questioning versus the earlier argument which was more on the lines of Home Security and the fact that most people who use Routers are not using Corporate level Firewalls.

 

[Layback Bear]

I work for a company that has over 300 locations around the country. They have corporation security and customer security to take care of. That why I think all security methods should be done. Hardware security, software security and pass word protected systems operations and yes turning off things that shouldn't be on in the first place. Multilayer protection is a must IMHO. To my understanding some companies are cutting back on I.T to save money; not a wise move. Money saved today doing these cutbacks will cost many times that savings tomorrow.

 

[Keiichi25]

Well, the sad thing I am seeing, and this is from one of my last jobs, is people think that anyone can be an IT Manager these days. Case in point, someone with no IT experience and wants to save lots of money, by ignoring parent company wishes on how to handle credit card information, or wanting to move from an established Exchange Server setup to GoogleApps services for a company with over 80 users using Outlook.

The problem these days is instant gratification from some users and thinking that "It's their problem, not ours." with regards to IT when they buy it from someone else. But at the same time, it is still 'your' problem, because while it is the other person's problem to provide the service, you are still sitting on your hands waiting for them to get you back up and running, ignoring the fact they are also dealing with other customers and become a central point of attack as well. Let's not forget to mention the other points of failure that come to this, which also includes networking necessities and the types of mail users there.

But again, a lot of users only see the price tag and the instant gratification, but not what it takes to get there.

 

[jimbo45]

Hi there
Both right and wrong.

Right in the sense if you buy a service from someone else then it IS their problem if things don't work properly -- BUT IT'S ALSO YOURS from the customers point of view -- for example if Credit Card payments go astray etc. The customer doesn't CARE or even want to know about your internal arrangements with 3rd parties since that's NOT THEIR problem.

Wrong in the sense that all this stuff is actually cheaper -- often while the initial up front dollar costs might look good the real and hidden costs are usually HORRENDOUSLY higher as well apart from the inevitable decline in Customer service.

Just look how many "Off Shored" projects actually deliver what was meant to be the huge savings predicted -- and anybody who has ever had the misfortune to have to use one of those Indian or other Far Eastern Telephone Call centres knows what a nightmare and irritation those are.

Customers these days are much more picky than they used to be and they won't always go for the cheapest option either.

While it might look good on a balance sheet for a short while this won't really help a business --but by then the CEO who implemented the policy will have left leaving others to untangle the mess.

The answer of course to the OP's question depends on what you are doing and what the size of your network is.

My take on this is that for desktops in a corporate environment adequtely protected even the Windows firewall is unecessary. Corporate firewalls should handle security with the external environment.

Once you've handled this lot out to 3rd parties you will STILL need protection between your LAN and the Internet of course.

For Home users then the Windows firewall together with careful monitoring of your router should be fine.

Extra Firewalls in this case are merely overkill and unnecessary.

Cheers
jimbo

 

[Keiichi25]

You sort of validated my point, Jimbo. I think you were confusing the semantics I made.

The person decided that outsourcing means "I don't have to deal with the issues like server maintenance or maintaining software... I save money with them dealing with it. If something goes wrong, it is their (the provider's) problem, not mine."

I stated that this is not 100% true. It also becomes yours (The person who is using this outsourced service) problem when said outsourcer is also supporting many other people versus just their problem to get it up and running. In the meantime, you are dead in the water with regards to the outsourced situation. While it may not seem any different than if it was in house, in house should, theoretically should have a fall back situation, whereas the outsourced one, you are stuck with waiting for them in general.

As I stated before, the GoogleApps thing is great idea to a degree, but then comes some issues.

1 ) You have N number of users who will be now constantly be using your bandwidth to get access to their mail where as with an internet server will keep most of that traffic within your own network. This is only a great solution if you are a small company, otherwise, as you get larger, your bandwidth needs outgrow your capacity.
2) You lose access to that mail server when your internet connection goes down. Better hope your users are using a mail client that has it cached, otherwise, no mail access during that time.

As for picky customers, Jimbo... I disagree. I have seen, literally, people who would go the 'cheap path' simply because they don't want to deal with something, like maintaining an internal server, even though it was a higher management decision. There are some who are as dense as lead when it comes to understanding certain things and will continue to look at the wrong end of a gun.

And ideally, it would be easy, if people had enough understanding and knowledge with regards to just the simple home router to monitor it, but then again, a fair deal of us are also a bit more tech savvy than the average joe computer user. And some of us are also a bit more paranoid with regards to what our computer receives or sends out as well.