> Personally I would install a separate linux server (you can use it as a mail > server, file server, or multitude of other uses), and use the iptables > firewall on there to manage the connections to your prd (or dev) web server. > Iptables is one of the best firewalls out there, and if there is an exploit > for the OS (which might kill your windows server, whether or not it has a > firewall on it), at least you have 2 levels of protection here. First they > would have to root your linux server, and then hack your windows box. 2 > separate OS's are more secure then plain old W1nbl0w$. > > Russ
Funny...our resident Linux martyr said the same thing....may give it a whirl Russ...thanks. I think in the very short term we'll look at Windows IP security to get by...then perhaps fire up Linux on one of the older paper weights...errr.desktops and try the IPtables approach. Thanks all for the suggestions (even the hardware ones) folks...great info as usual...and so far nobody has lost an eye in the debate ;-) Cheers Bryan Stevenson B.Comm. VP & Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: [EMAIL PROTECTED] web: www.electricedgesystems.com ----- Original Message ----- From: "Russ" <[EMAIL PROTECTED]> To: "CF-Talk" <cf-talk@houseoffusion.com> Sent: Monday, June 12, 2006 12:55 PM Subject: RE: Server firewall software > Personally I would install a separate linux server (you can use it as a mail > server, file server, or multitude of other uses), and use the iptables > firewall on there to manage the connections to your prd (or dev) web server. > Iptables is one of the best firewalls out there, and if there is an exploit > for the OS (which might kill your windows server, whether or not it has a > firewall on it), at least you have 2 levels of protection here. First they > would have to root your linux server, and then hack your windows box. 2 > separate OS's are more secure then plain old W1nbl0w$. > > Russ > >> -----Original Message----- >> From: Dave Watts [mailto:[EMAIL PROTECTED] >> Sent: Monday, June 12, 2006 3:52 PM >> To: CF-Talk >> Subject: RE: Server firewall software >> >> > I have tried Windows built-in firewall, Zone Alarm, and >> > another software firewall (do not remember what it was) over >> > the past year. All three tests told me that software >> > firewalls on a server are nothing but a pain in the rear. >> > So, I can not recommend anything that works on a server. >> >> Managing servers in general is a pain in the rear. That said, IP security >> policies are quite easy to manage, as long as you know exactly what >> traffic >> you want to allow to and from that server. >> >> Dave Watts, CTO, Fig Leaf Software >> http://www.figleaf.com/ >> >> Fig Leaf Software provides the highest caliber vendor-authorized >> instruction at our training centers in Washington DC, Atlanta, >> Chicago, Baltimore, Northern Virginia, or on-site at your location. >> Visit http://training.figleaf.com/ for more information! >> >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:243260 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
