Windows Firewall
-
@wrcombs said in Windows Firewall:
@black3dynamite If we dont turn it off, It wont communicate with the Back office PC and problems with Credit Card processing and general communication between front house and back office.
This is not correct. It cannot be correct. Someone is blowing smoke hoping that you won't question an obvious lie.
It's not plausible that this is the reason. They don't know the most basic things about configuring or securing Windows, perhaps, and are hoping that management doesn't catch on and call their bluff, but this reason isn't possible.
-
@obsolesce said in Windows Firewall:
@wrcombs said in Windows Firewall:
If we dont turn it off, It wont communicate with the Back office PC and problems with Credit Card processing and general communication between front house and back office.
By that logic, nobody would use a firewall anywhere, ever. But they are everywhere, and services are flowing through just fine.
You need to create the proper rules to allow communication.
Good point.
-
@wrcombs said in Windows Firewall:
So it is possible to use Windows Firewall in our system, but instead of going through and creating rules in windows firewall, we just turn it off..
Correct. This is how all firewalls work. If the firewall is mangling packets and has to be turned off, that means that it is broken. If the Windows firewall is broken to that degree, it would mean that your managers believe Windows isn't viable in production and use it anyway. No matter how you look at what they believe, they are doing something knowing it isn't okay to keep moving forward with what they are doing.
This is a bit like someone claiming that their car is broken and refusing to listen to reason. When in fact they are knowingly leaving the garage door closed and using the door being closed as their logic for claiming that the car doesn't work. Obviously there could be something wrong with the car, but we know that they've never even attempted to drive it as they left the door closed.
-
@scottalanmiller said in Windows Firewall:
@wrcombs said in Windows Firewall:
@scottalanmiller said in Windows Firewall:
@wrcombs said in Windows Firewall:
We supply Firewalls to every site because we turn windows firewall off,
Someone should be fired for that. That's so bad.
I dont know the full reason behind what we do yet, Im brand new to the company. When i asked i was told that is just how we do things.
There is NO reason for it. Literally none. There is no acceptable case for this in IT. This falls under "avoiding basic best practices" and if there was a breach that that would have stopped, the person who decided to turn it off could certainly face criminal charges, rather than civil, because anyone who things that it is okay to turn off knows that they are not in a valid position to be dictating anything in IT and/or is doing so for malicious purposes.
Anything that they give you as a reason is just BS. There is, quite literally, no viable reason for having no firewall at that level. And even suggesting that the edge firewall is somehow special or excuses it shows a total disregard for you that they think they can state something so ridiculous as a fake reason. It's offensive that they might do so.
My boss doesnt consider this an IT job, because there is alot of other components to it, such as building menus and doing some menu "programming" I dont think anybody has looked into the fact that we dont use Window Firewall other than me because it sounded ridiculous.
-
@wrcombs said in Windows Firewall:
@dustinb3403 said in Windows Firewall:
@wrcombs said in Windows Firewall:
So it is possible to use Windows Firewall in our system, but instead of going through and creating rules in windows firewall, we just turn it off..
That is a horrible practice. . .
Like i said, I dont make the rules, I just follow them being only a month old in the company
I thought it sounded off when they were going through the system requirements with me.Yup, you are correct. You are either working for people who are inept beyond reason, or outright crooks.
Or both.
-
@dustinb3403 said in Windows Firewall:
@obsolesce there isn't any reason to have the firewall off at all, which I get is your point and to tiptoe around the fact that whoever set this up like this needs to get slapped in the back of the head. . .
Edit: Which of course might be your boss needing the slap in the back of his head @WrCombs . . .
But there are a few huge reasons to have it on...
- Criminal Negligence with customer data risk.
- PCI compliance.
- Professional embarrassment.
- Being ethical and respectful of customer data.
- Protecting the company.
-
@wrcombs said in Windows Firewall:
@scottalanmiller said in Windows Firewall:
@wrcombs said in Windows Firewall:
@scottalanmiller said in Windows Firewall:
@wrcombs said in Windows Firewall:
We supply Firewalls to every site because we turn windows firewall off,
Someone should be fired for that. That's so bad.
I dont know the full reason behind what we do yet, Im brand new to the company. When i asked i was told that is just how we do things.
There is NO reason for it. Literally none. There is no acceptable case for this in IT. This falls under "avoiding basic best practices" and if there was a breach that that would have stopped, the person who decided to turn it off could certainly face criminal charges, rather than civil, because anyone who things that it is okay to turn off knows that they are not in a valid position to be dictating anything in IT and/or is doing so for malicious purposes.
Anything that they give you as a reason is just BS. There is, quite literally, no viable reason for having no firewall at that level. And even suggesting that the edge firewall is somehow special or excuses it shows a total disregard for you that they think they can state something so ridiculous as a fake reason. It's offensive that they might do so.
My boss doesnt consider this an IT job, because there is alot of other components to it, such as building menus and doing some menu "programming" I dont think anybody has looked into the fact that we dont use Window Firewall other than me because it sounded ridiculous.
Someone has looked into it enough to not just set it up, but to make it part of your process. So you must be way past having looked into it, someone made a decision about it.
-
@wrcombs said in Windows Firewall:
My boss doesnt consider this an IT job, because ....
Ask him if he's willing to testify to that there being no IT responsibilities if a PCI civil suit or a professional negligence criminal suit are filed against the company or him personally.
-
@scottalanmiller said in Windows Firewall:
@wrcombs said in Windows Firewall:
My boss doesnt consider this an IT job, because ....
Ask him if he's willing to testify to that there being no IT responsibilities if a PCI civil suit or a professional negligence criminal suit are filed against the company or him personally.
Why, so he can be fired? or at best just belittled because he's the junior admin.
-
@dashrender said in Windows Firewall:
@scottalanmiller said in Windows Firewall:
@wrcombs said in Windows Firewall:
My boss doesnt consider this an IT job, because ....
Ask him if he's willing to testify to that there being no IT responsibilities if a PCI civil suit or a professional negligence criminal suit are filed against the company or him personally.
Why, so he can be fired? or at best just belittled because he's the junior admin.
No matter who he is in an organization, he should not "pass on" bad decisions or make them. No one with an admin role should be claiming that security can be skipped and IT due diligence ignored because they think it's "someone else's job" for reasons that they just made up.
If the Junior Admin wants to hold the hot potato, he has to take responsibility for it. If he wants to pass the potato up the ladder, that's his job to do so.
-
Don't use "junior admin" titles as an excuse for not knowing or doing the basics.
-
I am not a "Junior Admin" Im a support tech for POS across the US in Restaurants.
-
At this stage in my employment I was simply wondering, Im trying to learn the most As i possibly can about IT and my current field of POS Support. I am right now reading the "Aloha security Guide" on how to configure and why we do what we do with the Firewalls we use.
-
@wrcombs said in Windows Firewall:
I am not a "Junior Admin" Im a support tech for POS across the US in Restaurants.
So, this could be a wide-spread thing across many restaurants in the U.S....
I'd definitely be taking this up the ladder.
-
From our Guides:
Configuring the Windows Network
• Install an up to date operating system on all computers in the Aloha network, such as Windows
XP, or Windows Server 2003.
• Establish a network firewall that includes a firewall device, such as a router, between the Aloha
network and the Internet. Install firewall software on each computer in the network, or enable
and configure the Windows firewall. -
@wrcombs said in Windows Firewall:
From our Guides:
Configuring the Windows Network
• Install an up to date operating system on all computers in the Aloha network, such as Windows
XP, or Windows Server 2003.
• Establish a network firewall that includes a firewall device, such as a router, between the Aloha
network and the Internet. Install firewall software on each computer in the network, or enable
and configure the Windows firewall.Bam, it's right there ITFM to use one...
-
@scottalanmiller said in Windows Firewall:
@wrcombs said in Windows Firewall:
So it is possible to use Windows Firewall in our system, but instead of going through and creating rules in windows firewall, we just turn it off..
Correct. This is how all firewalls work. If the firewall is mangling packets and has to be turned off, that means that it is broken. If the Windows firewall is broken to that degree, it would mean that your managers believe Windows isn't viable in production and use it anyway. No matter how you look at what they believe, they are doing something knowing it isn't okay to keep moving forward with what they are doing.
This is a bit like someone claiming that their car is broken and refusing to listen to reason. When in fact they are knowingly leaving the garage door closed and using the door being closed as their logic for claiming that the car doesn't work. Obviously there could be something wrong with the car, but we know that they've never even attempted to drive it as they left the door closed.
OS firewall can also be broken because it wasn’t configured correctly. And if Windows Firewall rules is messing things up, it’s easy to reset the firewall back to default.
-
@wrcombs said in Windows Firewall:
I am not a "Junior Admin" Im a support tech for POS across the US in Restaurants.
We didn't think that you were. I thought that he said that your boss was the Junior Admin.
-
@wrcombs said in Windows Firewall:
At this stage in my employment I was simply wondering, Im trying to learn the most As i possibly can about IT and my current field of POS Support. I am right now reading the "Aloha security Guide" on how to configure and why we do what we do with the Firewalls we use.
Absolutely, and wondering is what you should do. Ask the questions, don't let the boss get away with something outright bad or, more importantly, don't let him just lie to you. It's not your place to change the policy, it might not even be your place to bring it up, but it is definitely not your place to accept blatant lies. It's important to know when your boss is doing something wrong. Maybe you can do something about it, maybe you can't, that's another question.
But knowing that he's not qualified to be where he is (or anywhere) is important, at the very least, for you to understand.
-
@obsolesce said in Windows Firewall:
@wrcombs said in Windows Firewall:
I am not a "Junior Admin" Im a support tech for POS across the US in Restaurants.
So, this could be a wide-spread thing across many restaurants in the U.S....
I'd definitely be taking this up the ladder.
I would consider this only because if there were to be a breach, and someone knew that you knew, you might end up culpable.