> I realize you're after an answer for a software based > firewall, but what we're trying to tell you in a not so > helpful way is that it isn't recommended to put a software > firewall on an OS. It adds overheard, can cause instability, > and if you're that worried about malware sending things from > your box then you have a bigger issue than a firewall will help. > > The recommended method is a hardware based firewall, put the > server in a DMZ behind the firewall and it's not allowed to > be touched with anything besides the approved upon open > ports, and put antivirus on the computer. Keep up with > updates and patches and your server will be just fine. Also > if you can try to move different services to different > servers so if there is a 0 day vulnerability it will only > affect one server.
While all the things you recommend are important, host-based protection is also an important part of an overall network security policy. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:243236 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54