Windows Firewall

scottalanmiller

@wrcombs said in Windows Firewall:

Im generally curious, Why does Windows Firewall block communication between Point of Sales Terminals, and the Back office PC?

Because by default it should block everything. You certainly don't want that stuff wide open without having explicitly made it so. That's the whole purpose of the firewall is to block until allowed.

scottalanmiller

@wrcombs said in Windows Firewall:

We supply Firewalls to every site because we turn windows firewall off,

Someone should be fired for that. That's so bad.

WrCombs

@scottalanmiller said in Windows Firewall:

@wrcombs said in Windows Firewall:

We supply Firewalls to every site because we turn windows firewall off,

Someone should be fired for that. That's so bad.

I dont know the full reason behind what we do yet, Im brand new to the company. When i asked i was told that is just how we do things.

scottalanmiller

@black3dynamite said in Windows Firewall:

@wrcombs said in Windows Firewall:

Im generally curious, Why does Windows Firewall block communication between Point of Sales Terminals, and the Back office PC?
Example: we had a Site call in that their Credit Cards wouldnt Process, and they were having problem settling the Credit Card batch from the previous day. Someone thought they were helping and turned on Windows firewall on the Terminal that was set as "master"
With windows firewall blocking communication between the 2 points Their Credit Cards were creating mock transaction stored on the Terminal set as "master" for the amount they were supposed to pay,
Turning windows firewall off on the terminal allowed the processing of the cards to flow as it should.

Im just wondering why , if anybody knows, Windows Firewall would stop the program from communicating?

We supply Firewalls to every site because we turn windows firewall off, So we protect the sites as much as possible with configured firewalls from the office. ( I think we use Sonic Walls, I dont make the rules guys, Im just a tech). Im only asking because im curious if there is an answer out there.
Thanks

I never turn off Windows Firewall even when I have an edge firewall. The same goes for Linux too.

The Windows firewall is WAY more important than the edge one, anyway. The edge firewall ONLY protects against outside attacks, the Windows firewalls protect against the same attacks as well as inside ones. You can, in theory, eliminate the edge firewall, you cannot ever eliminate the Windows / OS level firewall.

scottalanmiller

@wrcombs said in Windows Firewall:

@scottalanmiller said in Windows Firewall:

@wrcombs said in Windows Firewall:

We supply Firewalls to every site because we turn windows firewall off,

Someone should be fired for that. That's so bad.

I dont know the full reason behind what we do yet, Im brand new to the company. When i asked i was told that is just how we do things.

There is NO reason for it. Literally none. There is no acceptable case for this in IT. This falls under "avoiding basic best practices" and if there was a breach that that would have stopped, the person who decided to turn it off could certainly face criminal charges, rather than civil, because anyone who things that it is okay to turn off knows that they are not in a valid position to be dictating anything in IT and/or is doing so for malicious purposes.

Anything that they give you as a reason is just BS. There is, quite literally, no viable reason for having no firewall at that level. And even suggesting that the edge firewall is somehow special or excuses it shows a total disregard for you that they think they can state something so ridiculous as a fake reason. It's offensive that they might do so.

scottalanmiller

@wrcombs said in Windows Firewall:

@black3dynamite If we dont turn it off, It wont communicate with the Back office PC and problems with Credit Card processing and general communication between front house and back office.

This is not correct. It cannot be correct. Someone is blowing smoke hoping that you won't question an obvious lie.

It's not plausible that this is the reason. They don't know the most basic things about configuring or securing Windows, perhaps, and are hoping that management doesn't catch on and call their bluff, but this reason isn't possible.

scottalanmiller

@obsolesce said in Windows Firewall:

@wrcombs said in Windows Firewall:

If we dont turn it off, It wont communicate with the Back office PC and problems with Credit Card processing and general communication between front house and back office.

By that logic, nobody would use a firewall anywhere, ever. But they are everywhere, and services are flowing through just fine.

You need to create the proper rules to allow communication.

Good point.

scottalanmiller

@wrcombs said in Windows Firewall:

So it is possible to use Windows Firewall in our system, but instead of going through and creating rules in windows firewall, we just turn it off..

Correct. This is how all firewalls work. If the firewall is mangling packets and has to be turned off, that means that it is broken. If the Windows firewall is broken to that degree, it would mean that your managers believe Windows isn't viable in production and use it anyway. No matter how you look at what they believe, they are doing something knowing it isn't okay to keep moving forward with what they are doing.

This is a bit like someone claiming that their car is broken and refusing to listen to reason. When in fact they are knowingly leaving the garage door closed and using the door being closed as their logic for claiming that the car doesn't work. Obviously there could be something wrong with the car, but we know that they've never even attempted to drive it as they left the door closed.

WrCombs

@scottalanmiller said in Windows Firewall:

@wrcombs said in Windows Firewall:

@scottalanmiller said in Windows Firewall:

@wrcombs said in Windows Firewall:

We supply Firewalls to every site because we turn windows firewall off,

Someone should be fired for that. That's so bad.

I dont know the full reason behind what we do yet, Im brand new to the company. When i asked i was told that is just how we do things.

There is NO reason for it. Literally none. There is no acceptable case for this in IT. This falls under "avoiding basic best practices" and if there was a breach that that would have stopped, the person who decided to turn it off could certainly face criminal charges, rather than civil, because anyone who things that it is okay to turn off knows that they are not in a valid position to be dictating anything in IT and/or is doing so for malicious purposes.

Anything that they give you as a reason is just BS. There is, quite literally, no viable reason for having no firewall at that level. And even suggesting that the edge firewall is somehow special or excuses it shows a total disregard for you that they think they can state something so ridiculous as a fake reason. It's offensive that they might do so.

My boss doesnt consider this an IT job, because there is alot of other components to it, such as building menus and doing some menu "programming" I dont think anybody has looked into the fact that we dont use Window Firewall other than me because it sounded ridiculous.

scottalanmiller

@wrcombs said in Windows Firewall:

@dustinb3403 said in Windows Firewall:

@wrcombs said in Windows Firewall:

So it is possible to use Windows Firewall in our system, but instead of going through and creating rules in windows firewall, we just turn it off..

That is a horrible practice. . .

Like i said, I dont make the rules, I just follow them being only a month old in the company
I thought it sounded off when they were going through the system requirements with me.

Yup, you are correct. You are either working for people who are inept beyond reason, or outright crooks.

Or both.

scottalanmiller

@dustinb3403 said in Windows Firewall:

@obsolesce there isn't any reason to have the firewall off at all, which I get is your point and to tiptoe around the fact that whoever set this up like this needs to get slapped in the back of the head. . .

Edit: Which of course might be your boss needing the slap in the back of his head @WrCombs . . .

But there are a few huge reasons to have it on...

1. Criminal Negligence with customer data risk.
2. PCI compliance.
3. Professional embarrassment.
4. Being ethical and respectful of customer data.
5. Protecting the company.

scottalanmiller

@wrcombs said in Windows Firewall:

@scottalanmiller said in Windows Firewall:

@wrcombs said in Windows Firewall:

@scottalanmiller said in Windows Firewall:

@wrcombs said in Windows Firewall:

We supply Firewalls to every site because we turn windows firewall off,

Someone should be fired for that. That's so bad.

I dont know the full reason behind what we do yet, Im brand new to the company. When i asked i was told that is just how we do things.

There is NO reason for it. Literally none. There is no acceptable case for this in IT. This falls under "avoiding basic best practices" and if there was a breach that that would have stopped, the person who decided to turn it off could certainly face criminal charges, rather than civil, because anyone who things that it is okay to turn off knows that they are not in a valid position to be dictating anything in IT and/or is doing so for malicious purposes.

Anything that they give you as a reason is just BS. There is, quite literally, no viable reason for having no firewall at that level. And even suggesting that the edge firewall is somehow special or excuses it shows a total disregard for you that they think they can state something so ridiculous as a fake reason. It's offensive that they might do so.

My boss doesnt consider this an IT job, because there is alot of other components to it, such as building menus and doing some menu "programming" I dont think anybody has looked into the fact that we dont use Window Firewall other than me because it sounded ridiculous.

Someone has looked into it enough to not just set it up, but to make it part of your process. So you must be way past having looked into it, someone made a decision about it.

scottalanmiller

@wrcombs said in Windows Firewall:

My boss doesnt consider this an IT job, because ....

Ask him if he's willing to testify to that there being no IT responsibilities if a PCI civil suit or a professional negligence criminal suit are filed against the company or him personally.

Dashrender

@scottalanmiller said in Windows Firewall:

@wrcombs said in Windows Firewall:

My boss doesnt consider this an IT job, because ....

Ask him if he's willing to testify to that there being no IT responsibilities if a PCI civil suit or a professional negligence criminal suit are filed against the company or him personally.

Why, so he can be fired? or at best just belittled because he's the junior admin.

scottalanmiller

@dashrender said in Windows Firewall:

@scottalanmiller said in Windows Firewall:

@wrcombs said in Windows Firewall:

My boss doesnt consider this an IT job, because ....

Ask him if he's willing to testify to that there being no IT responsibilities if a PCI civil suit or a professional negligence criminal suit are filed against the company or him personally.

Why, so he can be fired? or at best just belittled because he's the junior admin.

No matter who he is in an organization, he should not "pass on" bad decisions or make them. No one with an admin role should be claiming that security can be skipped and IT due diligence ignored because they think it's "someone else's job" for reasons that they just made up.

If the Junior Admin wants to hold the hot potato, he has to take responsibility for it. If he wants to pass the potato up the ladder, that's his job to do so.

scottalanmiller

Don't use "junior admin" titles as an excuse for not knowing or doing the basics.

WrCombs

I am not a "Junior Admin" Im a support tech for POS across the US in Restaurants.

WrCombs

At this stage in my employment I was simply wondering, Im trying to learn the most As i possibly can about IT and my current field of POS Support. I am right now reading the "Aloha security Guide" on how to configure and why we do what we do with the Firewalls we use.

Obsolesce

@wrcombs said in Windows Firewall:

I am not a "Junior Admin" Im a support tech for POS across the US in Restaurants.

So, this could be a wide-spread thing across many restaurants in the U.S....

I'd definitely be taking this up the ladder.

WrCombs

From our Guides:

Configuring the Windows Network
• Install an up to date operating system on all computers in the Aloha network, such as Windows
XP, or Windows Server 2003.
• Establish a network firewall that includes a firewall device, such as a router, between the Aloha
network and the Internet. Install firewall software on each computer in the network, or enable
and configure the Windows firewall.