1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Antivirus and Firewall problem

Discussion in 'Computer Security' started by michael78, Nov 8, 2005.

  1. michael78

    michael78 Terabyte Poster

    2,085
    29
    141
    Hi all, I have a problem with our protection setup and was wanting to get peoples opinions and setups that you use. Basically we Trend Server Protect for our antivirus and Checkpoint firewall's. The problem we are having is that when people work offsite they still have antivirus protection but no firewall. The question I want to ask is how do you sort this problem out as having two firewall's is meant to be problematic and this would be the case when they are back in the office. Would this be the case or is a software firewall compatible with applicience firewall's.

    Cheers in advance of any help

    Michael
     
    Certifications: A+ | Network+ | Security+ | MCP | MCDST | MCTS: Hyper-V | MCTS: AD | MCTS: Exchange 2007 | MCTS: Windows 7 | MCSA: 2003 | ITIL Foundation v3 | CCA: Xenapp 5.0 | MCITP: Enterprise Desktop Administrator on Windows 7 | MCITP: Enterprise Desktop Support Technician on Windows 7
    WIP: Online SAN Overview, VCP in December 2011
  2. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    All of our teachers here have laptops that they take home.

    What I do is to simply install Windows Firewall on all of their Laptops as it provides a basic level of protection, and doesnt interfere with our Linux firewall.

    At home what they do is up to them. :blink
     
  3. michael78

    michael78 Terabyte Poster

    2,085
    29
    141
    Simon, thats been our view until recently with it's up to them what they do. The problem is a lot of them are now bringing viruses into our system and web hijackers on their laptops. It's causing a major headache and security problem.
     
    Certifications: A+ | Network+ | Security+ | MCP | MCDST | MCTS: Hyper-V | MCTS: AD | MCTS: Exchange 2007 | MCTS: Windows 7 | MCSA: 2003 | ITIL Foundation v3 | CCA: Xenapp 5.0 | MCITP: Enterprise Desktop Administrator on Windows 7 | MCITP: Enterprise Desktop Support Technician on Windows 7
    WIP: Online SAN Overview, VCP in December 2011
  4. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    The viruses shouldn't cause you a problem as AVP should pick it up, is Real Time protection enabled on your AVP, so that it is constantly scanning files?

    As for the other stuff, well that is a problem that many of us face is this day and age with spyware and stuff being so common. Do you install any anti spyware software onto their systems? if you tell them to frequently check for spyware then you may find that it lessens the problem. Some Anti Spyware programs can be set to run on startup.

    8)
     
  5. JonnyMX

    JonnyMX Petabyte Poster

    5,239
    211
    236
    There was a question on this in my 270 exam...

    You need to enable the firewalls on the laptops to allow them to be protected whilst at home, then use group policy to disallow the use of the firewalls when attached to the network in the office.
     
    Certifications: MCT, MCTS, i-Net+, CIW CI, Prince2, MSP, MCSD
  6. michael78

    michael78 Terabyte Poster

    2,085
    29
    141
    Ahh my memory is coming back to me I remember that when doing 70-270 as well. I'm going to have a look into it. Cheers Jonny :D
     
    Certifications: A+ | Network+ | Security+ | MCP | MCDST | MCTS: Hyper-V | MCTS: AD | MCTS: Exchange 2007 | MCTS: Windows 7 | MCSA: 2003 | ITIL Foundation v3 | CCA: Xenapp 5.0 | MCITP: Enterprise Desktop Administrator on Windows 7 | MCITP: Enterprise Desktop Support Technician on Windows 7
    WIP: Online SAN Overview, VCP in December 2011
  7. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    Hi slypie. Just a couple of things. Firstly, you won't have any trouble with firewall conflicts with the setup you have now. One firewall (appliance) is protecting your network and is on the edge of the network, the other is a software solution that is on the users machine therefore no problems. Where the conflicts happen is if you have 2 software firewalls installed and running on the same machine. The main problem will be with the user as he will generally get annoyed with the pop-up warnings/questions and will then click the allow all button.

    I use a SW based firewall on my laptop even though the company network has its own firewall setup. You could try setting up a SW based one on your laptop and configuring it to work within your network, export the rule sets and then import them onto the target machines.

    The second thing is that the users should be using only the normal user account and not be able to install anything. It would also help by not letting them turn off or disable the firewall, anti virus and spyware programs (maybe through GPO's?).
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  8. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Well, this isn't exactly true, but it is true with respect to software conflicts. However, running a software firewall set to protect a standalone computer hooked to the internet will not work well on a domain computer. It can cause quite a few problems as it will block access to services/protocols needed in the domain such as rpc, netbios, and others. Those things must be blocked when in a standalone installation hooked to the internet, but they must not be blocked when part of a domain or there will be problems.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  9. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224

    Thanks for putting a finer point on it freddy.:D
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  10. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    You say that the worst problem is with Spyware and viruses. To me this is not a firewall issue. The spyware/ad-ware will get through firewalls as they allow people to connect to the Internet. Once communication is allowed to a web site, the firewall will sit back and let the spyware/ad-ware through.

    You should do two things IMHO. First train your users to use another browser, because IE is by far the least secure with these kinds of infections. Next install spyware blocking software like Spyware Blaster and train your users to keep it up to date as well as all the operating system critical updates etc.

    BTW two firewalls is considered more secure than one. You can have a DMZ between them and it works well. So having two firewalls is not the problem, it is just troubleshooting any issues can become difficult.
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  11. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Pretty good advice, Bluerinse.

    I'd just add that it is possible to use a firewall that looks at things at the application level rather than just keeping track of packet states. They are very resource intensive and expensive, but they do exist and do a much better job of keeping the junk out of the network.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  12. mojorisin

    mojorisin Kilobyte Poster

    395
    14
    41

    Thats the setup i have at work and seems to be ok so far
     
    WIP: 70-685 http://www.speedtest.net/result/3377759783.png
  13. michael78

    michael78 Terabyte Poster

    2,085
    29
    141
    cheers for the advice guys defo food for thought. Just a quick question as I'm just getting into AD where in AD Group Policies do you set Windows Firewall to enable whilst off the LAN and switch back on when it's on the LAN? I thought this was setup through local policies on the individual laptop's and PC's.

    Anyway again cheers for all the advice it's defo helped me.

    Michael
     
    Certifications: A+ | Network+ | Security+ | MCP | MCDST | MCTS: Hyper-V | MCTS: AD | MCTS: Exchange 2007 | MCTS: Windows 7 | MCSA: 2003 | ITIL Foundation v3 | CCA: Xenapp 5.0 | MCITP: Enterprise Desktop Administrator on Windows 7 | MCITP: Enterprise Desktop Support Technician on Windows 7
    WIP: Online SAN Overview, VCP in December 2011
  14. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    The first question that I would have to ask us how do your users log on when they are not attached to the LAN?

    For instance my users have a seperate 'home' account that logs them on locally to the laptop when not attached to the Domain.

    By having a seperate account I can make sure that when they log onto the network policies are applied from the server through the domain gpo. However when they log on locally to the laptop they do not get the policies applied as they are not authenticating with AD.

    HTH. 8)
     
  15. michael78

    michael78 Terabyte Poster

    2,085
    29
    141
    Simon, The users basically logon remotely the same as if they were logged onto the network as the logon's are setup to be stored in the cache. The reason we do this is that basically we are all based in Newcastle and have to look after 9 offices around the UK with a small team.
     
    Certifications: A+ | Network+ | Security+ | MCP | MCDST | MCTS: Hyper-V | MCTS: AD | MCTS: Exchange 2007 | MCTS: Windows 7 | MCSA: 2003 | ITIL Foundation v3 | CCA: Xenapp 5.0 | MCITP: Enterprise Desktop Administrator on Windows 7 | MCITP: Enterprise Desktop Support Technician on Windows 7
    WIP: Online SAN Overview, VCP in December 2011
  16. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    Completeley not sure if this would work, but if you have the firewall enabled by default when the user is attached to the Domian the GPO should apply and disable it.

    When the user logs on remotely, even though it is a cached profile, because the laptop can't connect to AD it will not be able to update the GPO, meaning that the default settings (firewall enabled) should be applied.

    That's my theory anyway!!! :blink
     

Share This Page

Loading...