The question regarding f/ws on each workstation isn't
so much "should we", but "how would we manage
something like that"?

Strong password policies on all the systems, w/
auditing and logging enabled, along with a defense in
depth security posture w/ monitoring and verification
of systems should obviate the need for the personal
firewalls.

Verifying the systems is relatively easy...using
either RK utilities or Perl scripts, you can go to
each machine and verify that local accounts haven't
been added, that auditing is still enabled and
configured to specs, etc.

--- jradtkeadmin1.umaryland.edu wrote:
>
>
> We have a LAN with a mix of Win2000 and WinNT4
> (phasing out the NT4)
> workstations.
>
> The only local user account on the workstation is
> the admin account. The
> local admin account has no rights on the domain.
> Users are authenticated
> through their domain accounts.
>
> We have a campus wide firewall.
>
> Should we be concerned enough about someone hacking
> into the workstations
> and then tapping into our servers to put software
> based firewalls at each
> workstation.
>
> I would like to thank all of you in advance.
>
> Jason

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]