Windows Firewall
-
@dustinb3403 would both be an acceptable answer?
-
As for working to remedy the situation I would look to the vendor to tell you what ports need to be open on both the client and server.
If they are useless and tell you "just disable the firewall" then setup wireshark between the client and "back room" and see where and what is dropped when you have the firewall enabled.
-
https://www.howtogeek.com/220204/how-to-track-firewall-activity-with-the-windows-firewall-log/
A basic guide to tracking logs for Windows firewall.
-
@wrcombs said in Windows Firewall:
@dustinb3403 would both be an acceptable answer?
Doesn't really help to get a feeling for the person. . .
-
He is kind of Both, Sometimes he has a stick up there and sometimes hes chill and laid back.
It really depends on Call load and if anybody is slacking off and not doing any work. -
@wrcombs said in Windows Firewall:
He is kind of Both, Sometimes he has a stick up there and sometimes hes chill and laid back.
It really depends on Call load and if anybody is slacking off and not doing any work.Ask him if the only reason Windows Firewall is turned off is because nobody knew how to use Firewalls and needed a quick way to allow any and all communications to get the Point of Sales Terminals and Back Office PC talking.
Maybe not in those exact words, but get at if there's no real reason to have it off, it should be on... especially if there's someone who knows how to use a firewall to set up the rule to make it work.
-
@obsolesce there isn't any reason to have the firewall off at all, which I get is your point and to tiptoe around the fact that whoever set this up like this needs to get slapped in the back of the head. . .
Edit: Which of course might be your boss needing the slap in the back of his head @WrCombs . . .
-
@dustinb3403 said in Windows Firewall:
@obsolesce there isn't any reason to have the firewall off at all, which I get is your point and to tiptoe around the fact that whoever set this up like this needs to get slapped in the back of the head. . .
Edit: Which of course might be your boss needing the slap in the back of his head @WrCombs . . .
-
@wrcombs said in Windows Firewall:
Im generally curious, Why does Windows Firewall block communication between Point of Sales Terminals, and the Back office PC?
Because by default it should block everything. You certainly don't want that stuff wide open without having explicitly made it so. That's the whole purpose of the firewall is to block until allowed.
-
@wrcombs said in Windows Firewall:
We supply Firewalls to every site because we turn windows firewall off,
Someone should be fired for that. That's so bad.
-
@scottalanmiller said in Windows Firewall:
@wrcombs said in Windows Firewall:
We supply Firewalls to every site because we turn windows firewall off,
Someone should be fired for that. That's so bad.
I dont know the full reason behind what we do yet, Im brand new to the company. When i asked i was told that is just how we do things.
-
@black3dynamite said in Windows Firewall:
@wrcombs said in Windows Firewall:
Im generally curious, Why does Windows Firewall block communication between Point of Sales Terminals, and the Back office PC?
Example: we had a Site call in that their Credit Cards wouldnt Process, and they were having problem settling the Credit Card batch from the previous day. Someone thought they were helping and turned on Windows firewall on the Terminal that was set as "master"
With windows firewall blocking communication between the 2 points Their Credit Cards were creating mock transaction stored on the Terminal set as "master" for the amount they were supposed to pay,
Turning windows firewall off on the terminal allowed the processing of the cards to flow as it should.Im just wondering why , if anybody knows, Windows Firewall would stop the program from communicating?
We supply Firewalls to every site because we turn windows firewall off, So we protect the sites as much as possible with configured firewalls from the office. ( I think we use Sonic Walls, I dont make the rules guys, Im just a tech). Im only asking because im curious if there is an answer out there.
ThanksI never turn off Windows Firewall even when I have an edge firewall. The same goes for Linux too.
The Windows firewall is WAY more important than the edge one, anyway. The edge firewall ONLY protects against outside attacks, the Windows firewalls protect against the same attacks as well as inside ones. You can, in theory, eliminate the edge firewall, you cannot ever eliminate the Windows / OS level firewall.
-
@wrcombs said in Windows Firewall:
@scottalanmiller said in Windows Firewall:
@wrcombs said in Windows Firewall:
We supply Firewalls to every site because we turn windows firewall off,
Someone should be fired for that. That's so bad.
I dont know the full reason behind what we do yet, Im brand new to the company. When i asked i was told that is just how we do things.
There is NO reason for it. Literally none. There is no acceptable case for this in IT. This falls under "avoiding basic best practices" and if there was a breach that that would have stopped, the person who decided to turn it off could certainly face criminal charges, rather than civil, because anyone who things that it is okay to turn off knows that they are not in a valid position to be dictating anything in IT and/or is doing so for malicious purposes.
Anything that they give you as a reason is just BS. There is, quite literally, no viable reason for having no firewall at that level. And even suggesting that the edge firewall is somehow special or excuses it shows a total disregard for you that they think they can state something so ridiculous as a fake reason. It's offensive that they might do so.
-
@wrcombs said in Windows Firewall:
@black3dynamite If we dont turn it off, It wont communicate with the Back office PC and problems with Credit Card processing and general communication between front house and back office.
This is not correct. It cannot be correct. Someone is blowing smoke hoping that you won't question an obvious lie.
It's not plausible that this is the reason. They don't know the most basic things about configuring or securing Windows, perhaps, and are hoping that management doesn't catch on and call their bluff, but this reason isn't possible.
-
@obsolesce said in Windows Firewall:
@wrcombs said in Windows Firewall:
If we dont turn it off, It wont communicate with the Back office PC and problems with Credit Card processing and general communication between front house and back office.
By that logic, nobody would use a firewall anywhere, ever. But they are everywhere, and services are flowing through just fine.
You need to create the proper rules to allow communication.
Good point.
-
@wrcombs said in Windows Firewall:
So it is possible to use Windows Firewall in our system, but instead of going through and creating rules in windows firewall, we just turn it off..
Correct. This is how all firewalls work. If the firewall is mangling packets and has to be turned off, that means that it is broken. If the Windows firewall is broken to that degree, it would mean that your managers believe Windows isn't viable in production and use it anyway. No matter how you look at what they believe, they are doing something knowing it isn't okay to keep moving forward with what they are doing.
This is a bit like someone claiming that their car is broken and refusing to listen to reason. When in fact they are knowingly leaving the garage door closed and using the door being closed as their logic for claiming that the car doesn't work. Obviously there could be something wrong with the car, but we know that they've never even attempted to drive it as they left the door closed.
-
@scottalanmiller said in Windows Firewall:
@wrcombs said in Windows Firewall:
@scottalanmiller said in Windows Firewall:
@wrcombs said in Windows Firewall:
We supply Firewalls to every site because we turn windows firewall off,
Someone should be fired for that. That's so bad.
I dont know the full reason behind what we do yet, Im brand new to the company. When i asked i was told that is just how we do things.
There is NO reason for it. Literally none. There is no acceptable case for this in IT. This falls under "avoiding basic best practices" and if there was a breach that that would have stopped, the person who decided to turn it off could certainly face criminal charges, rather than civil, because anyone who things that it is okay to turn off knows that they are not in a valid position to be dictating anything in IT and/or is doing so for malicious purposes.
Anything that they give you as a reason is just BS. There is, quite literally, no viable reason for having no firewall at that level. And even suggesting that the edge firewall is somehow special or excuses it shows a total disregard for you that they think they can state something so ridiculous as a fake reason. It's offensive that they might do so.
My boss doesnt consider this an IT job, because there is alot of other components to it, such as building menus and doing some menu "programming" I dont think anybody has looked into the fact that we dont use Window Firewall other than me because it sounded ridiculous.
-
@wrcombs said in Windows Firewall:
@dustinb3403 said in Windows Firewall:
@wrcombs said in Windows Firewall:
So it is possible to use Windows Firewall in our system, but instead of going through and creating rules in windows firewall, we just turn it off..
That is a horrible practice. . .
Like i said, I dont make the rules, I just follow them being only a month old in the company
I thought it sounded off when they were going through the system requirements with me.Yup, you are correct. You are either working for people who are inept beyond reason, or outright crooks.
Or both.
-
@dustinb3403 said in Windows Firewall:
@obsolesce there isn't any reason to have the firewall off at all, which I get is your point and to tiptoe around the fact that whoever set this up like this needs to get slapped in the back of the head. . .
Edit: Which of course might be your boss needing the slap in the back of his head @WrCombs . . .
But there are a few huge reasons to have it on...
- Criminal Negligence with customer data risk.
- PCI compliance.
- Professional embarrassment.
- Being ethical and respectful of customer data.
- Protecting the company.
-
@wrcombs said in Windows Firewall:
@scottalanmiller said in Windows Firewall:
@wrcombs said in Windows Firewall:
@scottalanmiller said in Windows Firewall:
@wrcombs said in Windows Firewall:
We supply Firewalls to every site because we turn windows firewall off,
Someone should be fired for that. That's so bad.
I dont know the full reason behind what we do yet, Im brand new to the company. When i asked i was told that is just how we do things.
There is NO reason for it. Literally none. There is no acceptable case for this in IT. This falls under "avoiding basic best practices" and if there was a breach that that would have stopped, the person who decided to turn it off could certainly face criminal charges, rather than civil, because anyone who things that it is okay to turn off knows that they are not in a valid position to be dictating anything in IT and/or is doing so for malicious purposes.
Anything that they give you as a reason is just BS. There is, quite literally, no viable reason for having no firewall at that level. And even suggesting that the edge firewall is somehow special or excuses it shows a total disregard for you that they think they can state something so ridiculous as a fake reason. It's offensive that they might do so.
My boss doesnt consider this an IT job, because there is alot of other components to it, such as building menus and doing some menu "programming" I dont think anybody has looked into the fact that we dont use Window Firewall other than me because it sounded ridiculous.
Someone has looked into it enough to not just set it up, but to make it part of your process. So you must be way past having looked into it, someone made a decision about it.
