Business Firewall for Windows and Mac Laptops

HannsG44

Distinguished
Jun 22, 2011
2
0
18,510
Hey all,

I'm hoping you can give me some guidance with this problem. I'm in charge of creating and maintaining a firewall that will be used accross 200 or so Windows and Mac laptops. Some information that might help:

-We have our own domain
-Users are allowed to take laptops home
-We currently use Sophos for our desktop units
-All laptop users have local admin rights

I need something that will block users from installing unnecessary applications when they are off our domain as well as blocking all incoming connections when connected to a different network.

I hope this makes sense and I'm looking forward to any replies.

Kind Regards,

Hanns
 

Ijack

Distinguished
Your best bet is probably some sort of hardware firewall. There are several different ones from various suppliers so some research will be necessary to determine what is best for your particular network. I would strongly recommend hiring a consultant who is familiar with network security to help you with this. It is a complicated subject, and you don't want to get it wrong. You will almost certainly need help to configure and maintain a firewall.

You are asking for some requirements here that are nothing to do with a firewall on your network. Blocking users from installing applications is not a firewall function, and blocking incoming connections to the laptops is something that will have to be looked after by a firewall on the laptop.

You have made life very difficult for yourself by allowing laptop users to have local admin rights. Without modifying this in some way you are not going to be able to block them from installing applications or bypassing security measures that you try to impose.

Bottom line - hire a guy who knows. Explain your requirements to him, let him inspect your network, and see what he recommends. You really don't want to base this installation on advice that you get from unknown posters on an Internet forum.
 

HannsG44

Distinguished
Jun 22, 2011
2
0
18,510
Hi ijack,

Thank you so much for getting back to me. As far as I know we do have hardware firewalls in place. I didn't really explain the situation fully in my first post so I'll try again. We have a security expert who looks after the antivirus and firewalls. As it stands now the firewall is not in use for any of the laptops (We do have a policy created though).

I understand the local admin rights is a problem and will be changed. The main problem is that Sophos firewall only works on Windows.

Are there any other firewalls that can be used similar to Sophos as in creating a policy, selecting all the Mac computers and rolling it out that way? I don't want to have to install a personal firewall to all the Macs one by one.

Thanks again.


 

Ijack

Distinguished
From a quick look at the Sophos web site it seems that Sophos already has this capability; it's possible that you just need to upgrade your current software.

I wonder if it might be a good idea to contact Sophos, or one of their partners, and explain your requirements to them. It may be that you already have the appropriate software in place, or just need an update to your existing software. Clearly it would make life easier for you if you could use your existing package.