I've been working in an IT department for over a year, supporting 180 users across three facilities. A lot of users have local admin rights, and most Windows firewalls on client machines are turned off, while the firewalls on our servers are basically non-existent, aside from the ones I built myself. My IT manager believes that since he knows everyone on the network, there's no need for firewalls. I tried reasoning with him, especially after one of our users was hacked, but he's still resistant to the idea of enabling firewalls or implementing MFA. How can I effectively argue for the necessity of firewalls? I prefer that regular users didn't have admin rights either, but that change could lead to major pushback.
5 Answers
Make it clear that it’s not just about trust; it’s about limiting damage. A firewall helps control unauthorized access, even if a trusted employee clicks on something bad. You could also highlight how a lot of breaches start with innocent mistakes or phishing attacks!
Exactly! Think of it like locking office doors. Just because you trust your coworkers doesn't mean you leave everything wide open.
Honestly, if your manager won’t listen after documented breaches, you might want to consider updating your resume. This level of negligence in security could end up causing major issues for the company.
Agreed! Better to find a place that values good security practices before something catastrophic happens.
And when looking for a new job, you can discuss these experiences. It's critical to understand risks involved in poor security practices.
Just set up the firewall correctly and it’ll work smoothly in the background. Some people are resistant to change, but you can’t underestimate the value of firewalls. If users push back, let them know that even you, as a senior IT member, have a firewall enabled. If you're not an admin on your own machine, then no one should be!
Right! Keeping a layered approach to security helps everyone. It might feel restrictive, but it’s protecting the whole network.
Totally agree! Using security measures like firewalls isn’t just about control, it’s about safeguarding everyone.
It's crucial to push for better practices. Host firewalls are not just an added luxury—they're a must. Aim to get a security audit from an external firm. They can show how vulnerable your setup really is, and those insights might finally get your manager to pay attention!
A valid point! Sometimes, management listens to outsiders more than their own team.
Yes! A reality check from a professional can be a game changer.
Disabling host firewalls was a bad idea back in 2005, and it’s definitely outdated now. The trend is towards a zero-trust architecture—not trusting every host or application blindly on your local network. Even if you trust your users, can you trust every website they visit or every email they open? One slip can lead to a serious breach!
Exactly! The landscape has become more dangerous with ransomware and malware campaigns targeting unsuspecting users. Just because everyone is trusted doesn’t mean external threats can be ignored.
Plus, consider that even trusted users can make mistakes. Wouldn't you want measures in place to mitigate that risk?
You can even bring in compliance aspects; if someone gets breached, it could have legal repercussions for the whole company.