Firewall On
Unless you’re from the East or West coast, many people grew up not locking their doors. In lots of rural areas around the nation, there is still some of that mentality. In the mid 60’s, Star Trek began and everyone heard Captain Kirk say “Shields up Scotty and more power from the reactor!”. Computing history is much the same as early on we were just happy that things worked, but then it became too easy to connect to other systems. It became clear that various people had different ideas about how technology worked and some saw no harm in malicious acts on computers as it wasn’t real life. Maybe art does parrot reality as we had our own Klingons, Romulans, and Ferengi.
The bottom line is that your computer firewall should be on. Even Apple has had to put down their arrogant and naive stance on security and began having a built-in OS X firewall in 2008. The two main reasons why firewalls should be on are: privacy and safety. Without your firewall on, you’re pretty much telling the world take my information. Worse yet, that virus or trojan can freely infect your family, friends, and employer.
It’s fine to turn off the firewall for testing, but the firewall should be on, especially for critical functions like mail and database servers. Hint: If you have the firewall on when installing applications, exclusions will automatically be added or you’ll be alerted to the exact ports to add rather than having to grapple with turning firewalls on later. IT pros it’s not 1989 anymore and all about making your life super easy and ensuring job security from all the problems. That group policy you have to turn off all system firewalls is terrible network security and out of compliance for any regulation or management that are concerned about protecting confidentiality and proprietary information. If this is you, go to management now and tell them that there may be a day or two of intermittent issues turning the firewalls on. However, this step will save tons of money and time versus downtime from viruses and embarrassment or business loss from critical data leakage. Oh, and you should really just add firewall exclusions when enabling the firewall in group policy.