alphadog
May 7th, 2008, 04:53 PM
So, I guess there are three filtering modes. But, in an business setting, where I have locked down each client, I have some issues:
automatic - all outgoing allowed; all inbound blocked
--> not good; monitoring software can get in, can't use remoting software (although I guess Remote Dektop can be allowed through advanced options?)
interactive - all inbound and outbound ask
--> not good; users must be given a password to allow adding of rules leaving AV open to internal attack; users don't know good from bad software and would allow everything anyways
policy-based - variable rules
--> good, but lots of work to get right. Tempted to set to "allow all outbound", "allow all trusted inbound" and "deny all internet inbound". What common apps will break? I don't want my help desk flooded.
I would appreciate knowing how sysadmins have configured their clients. Any advice? What did you use? Would also appreciate knowing if generic rulesets are available anywhere for use with the policy-based mode?
Thanks.
automatic - all outgoing allowed; all inbound blocked
--> not good; monitoring software can get in, can't use remoting software (although I guess Remote Dektop can be allowed through advanced options?)
interactive - all inbound and outbound ask
--> not good; users must be given a password to allow adding of rules leaving AV open to internal attack; users don't know good from bad software and would allow everything anyways
policy-based - variable rules
--> good, but lots of work to get right. Tempted to set to "allow all outbound", "allow all trusted inbound" and "deny all internet inbound". What common apps will break? I don't want my help desk flooded.
I would appreciate knowing how sysadmins have configured their clients. Any advice? What did you use? Would also appreciate knowing if generic rulesets are available anywhere for use with the policy-based mode?
Thanks.