Antivirus and Firewall problem

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi all, I have a problem with our protection setup and was wanting to get peoples opinions and setups that you use. Basically we Trend Server Protect for our antivirus and Checkpoint firewall's. The problem we are having is that when people work offsite they still have antivirus protection but no firewall. The question I want to ask is how do you sort this problem out as having two firewall's is meant to be problematic and this would be the case when they are back in the office. Would this be the case or is a software firewall compatible with applicience firewall's.

Cheers in advance of any help

Michael

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

All of our teachers here have laptops that they take home.

What I do is to simply install Windows Firewall on all of their Laptops as it provides a basic level of protection, and doesnt interfere with our Linux firewall.

At home what they do is up to them.

 

Simon, thats been our view until recently with it's up to them what they do. The problem is a lot of them are now bringing viruses into our system and web hijackers on their laptops. It's causing a major headache and security problem.

 

The viruses shouldn't cause you a problem as AVP should pick it up, is Real Time protection enabled on your AVP, so that it is constantly scanning files?

As for the other stuff, well that is a problem that many of us face is this day and age with spyware and stuff being so common. Do you install any anti spyware software onto their systems? if you tell them to frequently check for spyware then you may find that it lessens the problem. Some Anti Spyware programs can be set to run on startup.

 

There was a question on this in my 270 exam...

You need to enable the firewalls on the laptops to allow them to be protected whilst at home, then use group policy to disallow the use of the firewalls when attached to the network in the office.

 

Ahh my memory is coming back to me I remember that when doing 70-270 as well. I'm going to have a look into it. Cheers Jonny

 

Hi slypie. Just a couple of things. Firstly, you won't have any trouble with firewall conflicts with the setup you have now. One firewall (appliance) is protecting your network and is on the edge of the network, the other is a software solution that is on the users machine therefore no problems. Where the conflicts happen is if you have 2 software firewalls installed and running on the same machine. The main problem will be with the user as he will generally get annoyed with the pop-up warnings/questions and will then click the allow all button.

I use a SW based firewall on my laptop even though the company network has its own firewall setup. You could try setting up a SW based one on your laptop and configuring it to work within your network, export the rule sets and then import them onto the target machines.

The second thing is that the users should be using only the normal user account and not be able to install anything. It would also help by not letting them turn off or disable the firewall, anti virus and spyware programs (maybe through GPO's?).

 

Well, this isn't exactly true, but it is true with respect to software conflicts. However, running a software firewall set to protect a standalone computer hooked to the internet will not work well on a domain computer. It can cause quite a few problems as it will block access to services/protocols needed in the domain such as rpc, netbios, and others. Those things must be blocked when in a standalone installation hooked to the internet, but they must not be blocked when part of a domain or there will be problems.

 

Thanks for putting a finer point on it freddy.

 

You say that the worst problem is with Spyware and viruses. To me this is not a firewall issue. The spyware/ad-ware will get through firewalls as they allow people to connect to the Internet. Once communication is allowed to a web site, the firewall will sit back and let the spyware/ad-ware through.

You should do two things IMHO. First train your users to use another browser, because IE is by far the least secure with these kinds of infections. Next install spyware blocking software like Spyware Blaster and train your users to keep it up to date as well as all the operating system critical updates etc.

BTW two firewalls is considered more secure than one. You can have a DMZ between them and it works well. So having two firewalls is not the problem, it is just troubleshooting any issues can become difficult.

 

Pretty good advice, Bluerinse.

I'd just add that it is possible to use a firewall that looks at things at the application level rather than just keeping track of packet states. They are very resource intensive and expensive, but they do exist and do a much better job of keeping the junk out of the network.

 

Thats the setup i have at work and seems to be ok so far

 

cheers for the advice guys defo food for thought. Just a quick question as I'm just getting into AD where in AD Group Policies do you set Windows Firewall to enable whilst off the LAN and switch back on when it's on the LAN? I thought this was setup through local policies on the individual laptop's and PC's.

Anyway again cheers for all the advice it's defo helped me.

Michael

 

The first question that I would have to ask us how do your users log on when they are not attached to the LAN?

For instance my users have a seperate 'home' account that logs them on locally to the laptop when not attached to the Domain.

By having a seperate account I can make sure that when they log onto the network policies are applied from the server through the domain gpo. However when they log on locally to the laptop they do not get the policies applied as they are not authenticating with AD.

HTH.

 

Simon, The users basically logon remotely the same as if they were logged onto the network as the logon's are setup to be stored in the cache. The reason we do this is that basically we are all based in Newcastle and have to look after 9 offices around the UK with a small team.

 

Completeley not sure if this would work, but if you have the firewall enabled by default when the user is attached to the Domian the GPO should apply and disable it.

When the user logs on remotely, even though it is a cached profile, because the laptop can't connect to AD it will not be able to update the GPO, meaning that the default settings (firewall enabled) should be applied.

That's my theory anyway!!!