You are not currently logged in. If you do not have a user account then please consider creating one and logging in before you post your comment. This will allow you to track replies to your comment, and take part in the site much more freely.

To add your comment, fill in all the boxes below and then preview it to make sure you're happy with the way that it looks.

This is the comment you were replying to, attached to the article Application level firewalling:

#6 Re: Application level firewalling Posted by peterhoeg (193.163.xx.xx) on Thu 12 May 2005 at 08:43 Because when bad things do come inside, things get messy! There are a number of valid reasons why people should be allowed to run various services, web servers, database servers and the likes on the desktop pc's which is why you simply cannot just disable everything. But there is NO reason (of course you can find some if you really try, but that is not the purpose here) why pc's should be allowed to communicate between themselves. So instead simply block all connection attempts to workstations (except maybe ssh, cfengine and whatever else you need for remote admin) and then leave it at that. You control it centrally and there is no trouble shooting. The reasons are valid for all OS's.

Inappropriate comments will be removed.

Username:

Password:

[ Advanced Login ]

Register Account