Can Windows Firewall do this?

D

D.P. Roberts

Our Unix guy claims this can't be done with Windows:

We have a lab at a university with 40 Windows XP Pro computers on a Windows
2003 Active Directory domain. Normally, these computers are open to freely
send/receve data via the internet. However, sometimes a professor conducting
an exam in this lab would like everything blocked except the specific
website used for the exam. In other words, during the exam students cannot
access e-mail or visit any site except for the specific exam site.

Our Unix guy (who hates vehemently hates Windows) has said it can't be done
with Windows firewall because it won't block both outbound and inbound
traffic. So he has set up an elaborate and complicated firewall system which
involves a unix-based firewall hardware device, setting up local accounts on
the 40 lab boxes, and swapping switch cables back and forth each time an
exam takes place.

My question: Isn't there a simpler and easier way to do this using Windows
firewall and/or group policy, or perhaps a third-party software tool?

Thanks, it would be great to show our Unix guy that Windows CAN accomplish
this task!
 
Y

Yves Leclerc

Your Unix guy is right! The SP2 firewall can not do both inbound/outbound
monitoring. Also, you would NEVER place a Widows system as the firewall
system. Windows still has too many security holes and Windows is the main
target of most hackers.
 
L

Leythos

Our Unix guy claims this can't be done with Windows:

We have a lab at a university with 40 Windows XP Pro computers on a Windows
2003 Active Directory domain. Normally, these computers are open to freely
send/receve data via the internet. However, sometimes a professor conducting
an exam in this lab would like everything blocked except the specific
website used for the exam. In other words, during the exam students cannot
access e-mail or visit any site except for the specific exam site.

Our Unix guy (who hates vehemently hates Windows) has said it can't be done
with Windows firewall because it won't block both outbound and inbound
traffic. So he has set up an elaborate and complicated firewall system which
involves a unix-based firewall hardware device, setting up local accounts on
the 40 lab boxes, and swapping switch cables back and forth each time an
exam takes place.

My question: Isn't there a simpler and easier way to do this using Windows
firewall and/or group policy, or perhaps a third-party software tool?

Thanks, it would be great to show our Unix guy that Windows CAN accomplish
this task!
Click to expand...

People need to stop thinking of the SP2 Firewall as a firewall, just a
simple toy that might possibly, maybe, most likely not, save anyone.

We have a bunch of labs, they are all behind firewalls, the firewalls are
configured as needed based on the classes. If we want to limit outbound
access to ONE website it only takes a simple rule and it's done, no need
to make a BUNCH of change in cables/anything. A simple HTTP rule only
allowing outbound access to www.somesite.com would cover the entire group.
 
B

Bruce Chambers

D.P. Roberts said:
Our Unix guy claims this can't be done with Windows:

We have a lab at a university with 40 Windows XP Pro computers on a Windows
2003 Active Directory domain. Normally, these computers are open to freely
send/receve data via the internet. However, sometimes a professor conducting
an exam in this lab would like everything blocked except the specific
website used for the exam. In other words, during the exam students cannot
access e-mail or visit any site except for the specific exam site.

Our Unix guy (who hates vehemently hates Windows) has said it can't be done
with Windows firewall because it won't block both outbound and inbound
traffic. So he has set up an elaborate and complicated firewall system which
involves a unix-based firewall hardware device, setting up local accounts on
the 40 lab boxes, and swapping switch cables back and forth each time an
exam takes place.

My question: Isn't there a simpler and easier way to do this using Windows
firewall and/or group policy, or perhaps a third-party software tool?

Thanks, it would be great to show our Unix guy that Windows CAN accomplish
this task!
Click to expand...


No, the Windows firewall can't do this. Nor should any firewall.
You're talking about the functions of a proxy server instead. Ask your
Unix guy if he knows what a proxy server is, and how to configure one.
Ask him if he knows what a host file is. "Firewall," indeed...

--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

turned off, but still: windows firewall has blocked some features of this program 7
Cannot log into windows xp pro, another time ... 2
Alternative to Windows Firewall 8
how to configure windows firewall? 9
Windows Firewall and WF with Advanced Security rules not working 5
Windows 2003 Server: Firewall allow all but one 1
Firewall and Screen Saver policies? 4
Remote assistant connection times out 1

Top