Software Firewall
-
you definitely want both!
somebody on your network plugs in a virus infected usb stick and without your software firewall you now have conficker or something similar running rife on your network. -
I should of explained a little better, im thinking if you trust everybody or if theres very few computers. I know on a network where not everybody trusts each other or large one you do what both. Or should the same apply for both small and large networks? If so whats the best one to use in combination with pf?
-
If you install PF on a full install (not nanobsd), and install squid/havp, the clamav antivirus should do a decent job protecting PCs on your LAN.
-
even still, that only protects against internet bourne attacks ( and isn't 100%). I trust all of my staff but I don't expect the to have the same knowledge or respect of network security. that is what the attackers play on.
what OS are your workstations running?
-
Not sure I get your point. If no virus/trojan can get in from the internet, how else? I guess maybe someone bringing in an infected laptop or whatever.
-
Exactly or and USB stick…
Not sure I get your point. If no virus/trojan can get in from the internet, how else? I guess maybe someone bringing in an infected laptop or whatever.
-
Viruses can still get past the PFsense protection (squid/havp). It is not infalible (even if you can get it working!). The biggest threat is from peapole bringing CDs, USB sticks & emails from home into the office.
I manage 42 pfSense boxes but we were let down when a client brought in a presentation on a USB stick, plugged it into one of our machines and conficker spread across 42 sites within 12 seconds.We resolved that problem by tightening up our rules on the Windows XP firewall.
Home and enterprise are both vulnerable, it just takes longer to clean up the enterprise.
-
I have a lot of users who have software firewalls but just click allow everytime it asks them, so its useless for the most part.
For the following situations:
small amount of users (less than 12)
where the users dont have install rights (they are a standard user)Or should i just go with my gut and use both and leave it up to the user and if the mess up the software firewalls settings then so be it and charge them to fix i (no matter the network size)?
OS that are in use are XP/Win7/Ubuntu
also i always use only full installs (snort/havp/squid), for mine I use both hardware and software firewalls.
@Gob should have used OpenDNS, they would have blocked DNS for your network and sent you an email about questionable network activity (at least thats what they claim)
-
ah, sounds like you are referring to a software firewall blocking outbound requests if your users are getting prompted to allow exceptions (usually after software updates?)
you are right, these are pretty much a waste of tme unless you can prevent end users from adding exceptions and you have the resources to add the checksums manually.I would opt for just blocking inbound connections with a client firewall and use an AV product with decent hips detection. I find Sophos to be very good. your built-in windows / ubuntu firewalls should be fine for blocking your inbound traffic.
I found opendns to be unreliable at times plus my users didn't want the opendns branding In their browsers.
-
You can change the opendns branding with your own logo.
thanks for all the input.