Firewalls are good protection, not great, good when used alone.
A question came to me the other day about fire walls.
This jogged a couple of thoughts loose in my white hair covered grey matter.
When I worked for a major company my boss came to me and told me I was going to be on at 'task force' for build a special server.
Two things had happened in the space of a week:
- One of the company branch stores had a server hacked.
- Some people had been caught with a lot of porn on their computer (really dumb and no longer employed).
My job was to build a low end server with these spec's:
- Have two dissimilar NIC's (Network Interface Cards).
- Not be in the company domain
- Have a fire wall program loaded
- Have a proxy program loaded.
This server would be our Regional Firewall/Proxy server for our state.
All network traffic in to our Region and all network traffic out of the Region would go through this server.
The fire wall program
would catch any invasions that the hardware fire walls in the routers did not
stop (unbelievable but true, all the company routers have a hardware fire wall,
the hackers got past them with a virus.)
The Proxy program would stop people from surfing sites with different words, phrases, and known IP's of porn sites. In addition to stopping the porn surfing the Proxy program will stop a virus from calling home.
Troubleshoot, repair, maintain, upgrade & secure...
If you have more than three computers and you don't know where the users of those other computers are surfing to you may want to consider setting up a
firewall / proxy server. You don't have to go over board with the rules in the fire wall or the proxy because the added layers of security will keep a virus minimized to the computer it has infected and will not be able to call home.
Note: Using an old computer when you buy a new one will suffice, you can use a
workstation Operating System if you have less than ten computers on your
intranet (internal network behind your cable / DSL modem). Why less than
ten? Because the Windows workstation Operating System will allow only ten
consecutive connections, if you need more you will need a Server OS.
Laptop owners that travel with their laptop and have a Windows Operating
System after XP with Service Pack 3 have an additional service: Windows
Fire wall. I would suggest you enable it while working when traveling. However
the built in service will cause connection problems on Server installed
proxy/fire wall services that are on a local network.
Having a fire wall/proxy service is a corporation/big business "Best
Practice", if more companies and personal networks used this type of protection
for their internal or private networks the hackers would be put out of
04/05/15 - The US Congress has passed legislation that US Gov
employees can not have or surf for porn on Government computers... DUH!!!
Update 02/14/20 - News reports tell me that the law passed in 2015 is
being ignored and/or not being enforced, four people in different departments
were arrested for having kiddie porn on a government computer... if ya ain't
gonna enforce a law don't waste our time and money writing/passing the
Sony IT Department and Management will read this page? Probably not...