ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Windows Firewall

    Scheduled Pinned Locked Moved Water Closet
    windows firewall
    91 Posts 8 Posters 6.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DashrenderD
      Dashrender @Obsolesce
      last edited by

      @obsolesce said in Windows Firewall:

      @wrcombs said in Windows Firewall:

      I am not a "Junior Admin" Im a support tech for POS across the US in Restaurants.

      So, this could be a wide-spread thing across many restaurants in the U.S....

      I'd definitely be taking this up the ladder.

      Could be? LOL most definitely IS!

      1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @WrCombs
        last edited by

        @wrcombs said in Windows Firewall:

        From our Guides:

        Configuring the Windows Network
        • Install an up to date operating system on all computers in the Aloha network, such as Windows
        XP, or Windows Server 2003.
        • Establish a network firewall that includes a firewall device, such as a router, between the Aloha
        network and the Internet. Install firewall software on each computer in the network, or enable
        and configure the Windows firewall.

        That's a pretty bad guide and STILL better than what the boss said, lol.

        1 Reply Last reply Reply Quote 1
        • DashrenderD
          Dashrender @scottalanmiller
          last edited by

          @scottalanmiller said in Windows Firewall:

          @wrcombs said in Windows Firewall:

          I am not a "Junior Admin" Im a support tech for POS across the US in Restaurants.

          We didn't think that you were. I thought that he said that your boss was the Junior Admin.

          I was calling Wr a junior admin because I had no clue what his title was.

          scottalanmillerS 1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @Dashrender
            last edited by

            @dashrender said in Windows Firewall:

            @scottalanmiller said in Windows Firewall:

            @wrcombs said in Windows Firewall:

            I am not a "Junior Admin" Im a support tech for POS across the US in Restaurants.

            We didn't think that you were. I thought that he said that your boss was the Junior Admin.

            I was calling Wr a junior admin because I had no clue what his title was.

            OH!!! You responded as if the Junior Admin was his boss, because it was his boss I was questioning. And given his job role, Admin doesn't fit, so it never occurred to me you were implying him.

            1 Reply Last reply Reply Quote 0
            • WrCombsW
              WrCombs @scottalanmiller
              last edited by

              @scottalanmiller said in Windows Firewall:

              @wrcombs said in Windows Firewall:

              I am not a "Junior Admin" Im a support tech for POS across the US in Restaurants.

              We didn't think that you were. I thought that he said that your boss was the Junior Admin.

              The "Job title" held by my boss is Direct supervisor for PoS tech support, it's very much possible that this is set up above him and he never asked questions, I on the other hand, having learned from @Dashrender and my Dad, I thought it was weird we turned windows firewall off, and I ask questions, Hence the post, I don't believe that my boss is knowingly and blanatly cuasing a possibile breach. I think it's a fair assumption that he does what the vendor tells us to do, or he was taught wrong.

              My curiosity of why it wouldn't work has now turned into a Much bigger deal than I originally thought it to be. So I thank you for bring it to my attention, definitely will be looking into this more.

              ObsolesceO scottalanmillerS 4 Replies Last reply Reply Quote 0
              • ObsolesceO
                Obsolesce @WrCombs
                last edited by Obsolesce

                @wrcombs said in Windows Firewall:

                I don't believe that my boss is knowingly and blanatly cuasing a possibile breach

                It seems like he is... I could ask anyone (outside of IT even) what it means to turn off a firewall or if it's good or bad to do it... and I'm sure most would say it's bad.

                I doubt he is 100% clueless given he's a tech support supervisor, so this means not only does he know what it means to have a firewall turned off, he's actively telling people to do it, and ignoring all aspects of it.

                1 Reply Last reply Reply Quote 1
                • scottalanmillerS
                  scottalanmiller @WrCombs
                  last edited by

                  @wrcombs said in Windows Firewall:

                  The "Job title" held by my boss is Direct supervisor for PoS tech support, it's very much possible that this is set up above him and he never asked questions....

                  So this is where we get into a bunch of questions like...

                  1. Is he responsible for asking questions?
                  2. Is he responsible for anything involving basic security and practices that put customers at risk?
                  3. Is breaching PCI and other regulations okay even if you are told to do so?
                  4. Is repeating a lie as if it were true acceptable, when it is known that it can't reasonably be true?

                  I think point 4 is the main one. If HE told you the BS reasons for why things are the way that they are, he risks having grabbed hold of the hot potato even if he didn't have it before.

                  WrCombsW 1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @WrCombs
                    last edited by

                    @wrcombs said in Windows Firewall:

                    My curiosity of why it wouldn't work has now turned into a Much bigger deal than I originally thought it to be. So I thank you for bring it to my attention, definitely will be looking into this more.

                    It's a bit like asking "should these prisoners under the warden's nose" be allowed to run a heroin market?

                    Um.....

                    1 Reply Last reply Reply Quote 1
                    • scottalanmillerS
                      scottalanmiller @WrCombs
                      last edited by

                      @wrcombs said in Windows Firewall:

                      I think it's a fair assumption that he does what the vendor tells us to do, or he was taught wrong.

                      Well, working in IT means that doing "what the vendor says" is no excuse. That's like driving over pedestrians and claiming "the car maker said it was okay". That's not how it works, the rules for operating a car have zero dependency on manufacturer statements.

                      If he was taught wrong, this goes against all industry education, best practices, and common sense. It means he's not been taught up to the most minimal standards and is pretty hard to overlook.

                      1 Reply Last reply Reply Quote 1
                      • WrCombsW
                        WrCombs @scottalanmiller
                        last edited by

                        @scottalanmiller said in Windows Firewall:

                        @wrcombs said in Windows Firewall:

                        The "Job title" held by my boss is Direct supervisor for PoS tech support, it's very much possible that this is set up above him and he never asked questions....

                        So this is where we get into a bunch of questions like...

                        1. Is he responsible for asking questions?
                        2. Is he responsible for anything involving basic security and practices that put customers at risk?
                        3. Is breaching PCI and other regulations okay even if you are told to do so?
                        4. Is repeating a lie as if it were true acceptable, when it is known that it can't reasonably be true?

                        I think point 4 is the main one. If HE told you the BS reasons for why things are the way that they are, he risks having grabbed hold of the hot potato even if he didn't have it before.

                        I honestly have no clue. I wish I had a better explanation.
                        I Just wasnt sure what the reasoning surronding the non use

                        So even though we provide hardware Firewalls to every site its still a problem?
                        Im sure that question will come up

                        scottalanmillerS 3 Replies Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @WrCombs
                          last edited by

                          @wrcombs said in Windows Firewall:

                          So even though we provide hardware Firewalls to every site its still a problem?

                          So there are two ways to look at this. But simply, yes.

                          1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @WrCombs
                            last edited by

                            @wrcombs said in Windows Firewall:

                            So even though we provide hardware Firewalls to every site its still a problem?

                            First Way:

                            Network Edge firewalls do almost nothing to protect workloads inside of the company. The majority of network risks originate inside the LAN, not from outside of it. That's not to say that that edge firewall is a bad thing, it's quite good, but it is trivial in importance compared to the ones on the computers because they do the same job that it does, and a lot more. The firewall on the network edge is almost superfluous as it is redundant with the vastly more important system firewalls.

                            Basically you "need" the Windows Firewall here, the extra network edge firewall is good, but just a "nicety." You can replace the hardware firewall with the Windows firewalls, but not vice versa.

                            However, the best practice is that you never, ever skip either. It's always both.

                            WrCombsW 1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @WrCombs
                              last edited by

                              @wrcombs said in Windows Firewall:

                              So even though we provide hardware Firewalls to every site its still a problem?

                              Second Way:

                              This is a ridiculous bit of misdirection that implies that there is some case where there isn't a hardware firewall at the edge of the network. A statement like this would be used only to trick someone into thinking that not having that firewall is an option, it is not. There is no way to not have a firewall there.

                              We had a thread about this maybe a month ago. Router and firewall are synonymous terms in the real world since the early 1990s. You can't get a router that isn't a firewall, you can't get a firewall that isn't a router. Sure, the routing functions and the firewall functions are mostly different aspects of the same device, but they are always the same device.

                              In order to "have a network" you must have a firewall. So the very existence of ANY Windows system has the assumption that there is a firewall there because, essentially, there has to be. How could the network exist otherwise? So the very idea that having provided a hardware firewall is "something special" and would somehow negate the need for something else makes no sense.

                              This tells us that someone making that statement either doesn't know what a firewall is or is trying to mislead us.

                              Imagine if we were discussing water (Windows Firewall) and food (hardware firewall) and your life mentor just explained to you the importance of water and you responded with "do we still need water, even if we have provided food?"

                              What? Of course you still need water, providing food is necessary, of course, but when we said you need water to live, we weren't implying that you don't need food. That all living things need food was a base assumption that we shouldn't have needed to mention. That's where we are here.

                              When someone explains that the Windows Firewall is needed, that's always in the context, or essentially so, that a hardware firewall is already there. This assumption is so obvious that no one realizes that it needs to be stated because it's nonsensical to think otherwise. But people trying to pull a fast one sometimes rely on this assumption to act as if it might be viable to have another case and try to use the necessity of the situation as a smoke screen for pretending that the Windows firewall might exist for some use case that really doesn't exist.

                              1 Reply Last reply Reply Quote 0
                              • S
                                scotth
                                last edited by scotth

                                You may not want to hear this but if you don't have your protections turned on, you'll eventually have major PCI compliance issues. By the middle of 2020, if your outfit is found to not be in compliance, the regulators (if they find out) will literally shut off your credit / debit card processing. You'll be cash only until you correct this. And, if you have multiple violations, you'll also be fined in graduating levels.

                                Also, your credit card processor, your franchiser (if you are part of a franchise), even your vendors may and have the right to ask for your compliance proof.

                                I'm not trying to sound all Frankenstein, but I've sloughed through this for several years and fortunately, our outfit has been ok.

                                Keep after this with your higher ups. They'll see the light eventually.

                                scottalanmillerS 1 Reply Last reply Reply Quote 0
                                • WrCombsW
                                  WrCombs @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in Windows Firewall:

                                  @wrcombs said in Windows Firewall:

                                  So even though we provide hardware Firewalls to every site its still a problem?

                                  First Way:

                                  Network Edge firewalls do almost nothing to protect workloads inside of the company. The majority of network risks originate inside the LAN, not from outside of it. That's not to say that that edge firewall is a bad thing, it's quite good, but it is trivial in importance compared to the ones on the computers because they do the same job that it does, and a lot more. The firewall on the network edge is almost superfluous as it is redundant with the vastly more important system firewalls.

                                  Basically you "need" the Windows Firewall here, the extra network edge firewall is good, but just a "nicety." You can replace the hardware firewall with the Windows firewalls, but not vice versa.

                                  However, the best practice is that you never, ever skip either. It's always both.

                                  I understand what you're saying, but i would like to point out, that we dont use edge routers, we have a variety of cisco and linksys switches and provide sonic walls to every site (I believe because everyones that has called in talks about the sonic wall).

                                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @scotth
                                    last edited by

                                    @scotth said in Windows Firewall:

                                    I'm not trying to sound all Frankenstein, but I've sloughed through this for several years and fortunately, our outfit has been ok.

                                    I think that you mean draconian. šŸ™‚

                                    S 1 Reply Last reply Reply Quote 1
                                    • scottalanmillerS
                                      scottalanmiller @WrCombs
                                      last edited by

                                      @wrcombs said in Windows Firewall:

                                      @scottalanmiller said in Windows Firewall:

                                      @wrcombs said in Windows Firewall:

                                      So even though we provide hardware Firewalls to every site its still a problem?

                                      First Way:

                                      Network Edge firewalls do almost nothing to protect workloads inside of the company. The majority of network risks originate inside the LAN, not from outside of it. That's not to say that that edge firewall is a bad thing, it's quite good, but it is trivial in importance compared to the ones on the computers because they do the same job that it does, and a lot more. The firewall on the network edge is almost superfluous as it is redundant with the vastly more important system firewalls.

                                      Basically you "need" the Windows Firewall here, the extra network edge firewall is good, but just a "nicety." You can replace the hardware firewall with the Windows firewalls, but not vice versa.

                                      However, the best practice is that you never, ever skip either. It's always both.

                                      I understand what you're saying, but i would like to point out, that we dont use edge routers, we have a variety of cisco and linksys switches and provide sonic walls to every site (I believe because everyones that has called in talks about the sonic wall).

                                      Those are all edge routers. You can't not use them, it's effectively impossible. Sonic Walls are just cheap crappy edge routers.

                                      ObsolesceO DashrenderD 2 Replies Last reply Reply Quote 1
                                      • ObsolesceO
                                        Obsolesce @scottalanmiller
                                        last edited by

                                        @scottalanmiller said in Windows Firewall:

                                        @wrcombs said in Windows Firewall:

                                        @scottalanmiller said in Windows Firewall:

                                        @wrcombs said in Windows Firewall:

                                        So even though we provide hardware Firewalls to every site its still a problem?

                                        First Way:

                                        Network Edge firewalls do almost nothing to protect workloads inside of the company. The majority of network risks originate inside the LAN, not from outside of it. That's not to say that that edge firewall is a bad thing, it's quite good, but it is trivial in importance compared to the ones on the computers because they do the same job that it does, and a lot more. The firewall on the network edge is almost superfluous as it is redundant with the vastly more important system firewalls.

                                        Basically you "need" the Windows Firewall here, the extra network edge firewall is good, but just a "nicety." You can replace the hardware firewall with the Windows firewalls, but not vice versa.

                                        However, the best practice is that you never, ever skip either. It's always both.

                                        I understand what you're saying, but i would like to point out, that we dont use edge routers, we have a variety of cisco and linksys switches and provide sonic walls to every site (I believe because everyones that has called in talks about the sonic wall).

                                        Those are all edge routers. You can't not use them, it's effectively impossible. Sonic Walls are just expensive crappy edge routers.

                                        fixed.

                                        1 Reply Last reply Reply Quote 1
                                        • S
                                          scotth @scottalanmiller
                                          last edited by

                                          @scottalanmiller said in Windows Firewall:

                                          @scotth said in Windows Firewall:

                                          I'm not trying to sound all Frankenstein, but I've sloughed through this for several years and fortunately, our outfit has been ok.

                                          I think that you mean draconian. šŸ™‚

                                          I don't mean to make anyone paranoid.... actually I do.

                                          PCI compliance isn't something to fluff off.
                                          If you're operating a POS and take credit and / or debit cards, you need all of your protections in place and verifiable, subject to audit.

                                          Processors will warn, will shut off, will fine a retailer. Why risk a retail outlet over a little effort?

                                          All of our locations have the POS and the backoffice on separate networks which are also separated by a second router and separate firewall--both hardware based--just for the POS protection. All credit credit / debit cards are processed behind two hardware firewalls and the POS OS firewall is in place and functioning as well.

                                          Good Luck

                                          JaredBuschJ WrCombsW 2 Replies Last reply Reply Quote 0
                                          • JaredBuschJ
                                            JaredBusch @scotth
                                            last edited by

                                            @scotth said in Windows Firewall:

                                            All of our locations have the POS and the backoffice on separate networks which are also separated by a second router and separate firewall--both hardware based--just for the POS protection. All credit credit / debit cards are processed behind two hardware firewalls and the POS OS firewall is in place and functioning as well.

                                            Over spend much?

                                            S 1 Reply Last reply Reply Quote 3
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 2 / 5
                                            • First post
                                              Last post