OT-Firewall
Any recommendations for a good, inexpensive firewall for a web server? [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
(OT) Firewall
Anyone know of a god network firewall system? Zonealarm is good for a single machine, but I think that mothernature.com needs a system wide firewall. What do you use, what do you suggest? Thanks -- Michael Dinowitz http://www.houseoffusion.com For all your ColdFusion needs [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: OT-Firewall
Eric Creese wrote: > Any recommendations for a good, inexpensive firewall for a web server? Hardware or software? If hardware, other server running a diskless OpenBSD. If software, which OS? Jochem -- I don't get it immigrants don't work and steal our jobs - Loesje [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: OT-Firewall
OS - Single Web server running Win2kSP4 Looking for software. _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: OT-Firewall
If you want something easy to setup, it will not be free, but will cost you a bit. Most "hard to setup" FW are 'free' i.e. they either come with operating system or are free add ons (like using Linux or OpenBSD. Try to look for an appliance (otherwise known as HW firewall) - a little box which is designed to just do firewalling for you, they tend to be more secure, cheaper (than say ISA on windows box) and easier to setup than FW running on top of a well known OS. You may also consider picking a good book, since any firewall can live up to its full potential only if the sysadmin knows what he/she is doing. TK -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 1:04 PM To: CF-Talk Subject: Re: OT-Firewall Eric Creese wrote: > Any recommendations for a good, inexpensive firewall for a web server? Hardware or software? If hardware, other server running a diskless OpenBSD. If software, which OS? Jochem -- I don't get it immigrants don't work and steal our jobs - Loesje [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: OT-Firewall
Ok so what HW Firewall would you recommend? -Original Message- From: Tom Kitta [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 12:16 PM To: CF-Talk Subject: RE: OT-Firewall If you want something easy to setup, it will not be free, but will cost you a bit. Most "hard to setup" FW are 'free' i.e. they either come with operating system or are free add ons (like using Linux or OpenBSD. Try to look for an appliance (otherwise known as HW firewall) - a little box which is designed to just do firewalling for you, they tend to be more secure, cheaper (than say ISA on windows box) and easier to setup than FW running on top of a well known OS. You may also consider picking a good book, since any firewall can live up to its full potential only if the sysadmin knows what he/she is doing. TK -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 1:04 PM To: CF-Talk Subject: Re: OT-Firewall Eric Creese wrote: > Any recommendations for a good, inexpensive firewall for a web server? Hardware or software? If hardware, other server running a diskless OpenBSD. If software, which OS? Jochem -- I don't get it immigrants don't work and steal our jobs - Loesje _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: OT-Firewall
nokia ip380 is what we just installed, 2 of them with checkpoint's latest release. hardened hardware with a solid software platform running on it! tw -Original Message- From: Eric Creese [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 2:37 PM To: CF-Talk Subject: RE: OT-Firewall Ok so what HW Firewall would you recommend? -Original Message- From: Tom Kitta [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 12:16 PM To: CF-Talk Subject: RE: OT-Firewall If you want something easy to setup, it will not be free, but will cost you a bit. Most "hard to setup" FW are 'free' i.e. they either come with operating system or are free add ons (like using Linux or OpenBSD. Try to look for an appliance (otherwise known as HW firewall) - a little box which is designed to just do firewalling for you, they tend to be more secure, cheaper (than say ISA on windows box) and easier to setup than FW running on top of a well known OS. You may also consider picking a good book, since any firewall can live up to its full potential only if the sysadmin knows what he/she is doing. TK -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 1:04 PM To: CF-Talk Subject: Re: OT-Firewall Eric Creese wrote: > Any recommendations for a good, inexpensive firewall for a web server? Hardware or software? If hardware, other server running a diskless OpenBSD. If software, which OS? Jochem -- I don't get it immigrants don't work and steal our jobs - Loesje _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: OT-Firewall
Netscreen. They have a rack-mountable unlimited session device for less than $1000. Then there's always Cisco. -Original Message- From: Eric Creese [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 11:54 AM To: CF-Talk Subject: OT-Firewall Any recommendations for a good, inexpensive firewall for a web server? _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: OT-Firewall
If you would like something cheap and easy to use go for SonicWall. If you want something (acording to some) more secure but less easy to use go for fireBox. If you want ultimate security without any compromises go for Symantec Gauntlet - regarded as the best in the industry by most experts. You can find out more about these HW FW by going to their respective websites. There are many models to choose, prices vary a lot (usually you can get the box for much less than the listed price on company website). TK [Tom Kitta] -Original Message- From: Eric Creese [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 2:37 PM To: CF-Talk Subject: RE: OT-Firewall Ok so what HW Firewall would you recommend? -Original Message- From: Tom Kitta [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 12:16 PM To: CF-Talk Subject: RE: OT-Firewall If you want something easy to setup, it will not be free, but will cost you a bit. Most "hard to setup" FW are 'free' i.e. they either come with operating system or are free add ons (like using Linux or OpenBSD. Try to look for an appliance (otherwise known as HW firewall) - a little box which is designed to just do firewalling for you, they tend to be more secure, cheaper (than say ISA on windows box) and easier to setup than FW running on top of a well known OS. You may also consider picking a good book, since any firewall can live up to its full potential only if the sysadmin knows what he/she is doing. TK -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 1:04 PM To: CF-Talk Subject: Re: OT-Firewall Eric Creese wrote: > Any recommendations for a good, inexpensive firewall for a web server? Hardware or software? If hardware, other server running a diskless OpenBSD. If software, which OS? Jochem -- I don't get it immigrants don't work and steal our jobs - Loesje _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: OT-Firewall
SmoothWall it's open source and free, runs likes a train and easy to install.. Taco Fleur Blog http://www.tacofleur.com/index/blog/ Methodology http://www.tacofleur.com/index/methodology/ Tell me and I will forget Show me and I will remember Teach me and I will learn -Original Message- From: Eric Creese [mailto:[EMAIL PROTECTED] Sent: Thursday, 5 February 2004 3:54 AM To: CF-Talk Subject: OT-Firewall Any recommendations for a good, inexpensive firewall for a web server? _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: OT-Firewall
Eric Creese wrote: > OS - Single Web server running Win2kSP4 > > Looking for software. What sort of ruleset are you looking at? Doing simple "only port 80 & 443" rules, or do you want to do stuff like limit the amount of syn's per remote IP address + total connection limit, statefull UDP filtering (for as far as UDP is statefull) etc. Can you talk to whoever controls the upstream router and have him block stuff? Have you looked into what is natively built into Win2K (or every 32-bit version of Windows for that matter)? Jochem -- I don't get it immigrants don't work and steal our jobs - Loesje [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: OT-Firewall
Mike Brunt wrote: > Eric, we use Tiny Firewall for this sort of requirement. > > http://www.tinysoftware.com/home/tiny2?la=EN > > Hth, I am sure Jochem will have some good recommendations on this also. I'm not sure if they are good, I could use some peer review ;-) My usual solution is to enable the built-in packetfilter and don't run anything else. Open port 80 for HTTP and optionally 21 for FTP (active only), 443 for HTTPS, X for remote control software and leave the rest closed. UDP is a bit more tricky, DNS will fail because you are really using a client and the client runs on an ephemeral port (the server runs on 53). You should be able to get around this if you have a second NIC and your DNS server is on the local subnet, or else I just leave it unfiltered (it is filtered at the router here anyway.) After that, follow the instructions in the Microsoft TCP/IP whitepaper [1] to further harden your stack. There are also some templates available from the NSA. Overall I have not had any problems with such a configuration. It is also a great way to connect unpatched systems during installation. [1]http://www.microsoft.com/windows2000/techinfo/howitworks/communications/networkbasics/tcpip_implement.asp Jochem -- I don't get it immigrants don't work and steal our jobs - Loesje [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: OT-Firewall
Until we upgraded to a multi-server rack system we were quite happy with our Linksys 4 port firewall/router Under $100 and you can lock down ports , open up specific ports as needed for various serviceswith a web interface (need to be logged into the server)... At 12:13 PM 2/4/04, you wrote: >OS - Single Web server running Win2kSP4 > > >Looking for software. > > _ > >-- >[ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: OT-Firewall
Using just Windows packet filtering is not enough, it is stateless and doesn't offer much protection. It is better than nothing at all, but not much more. Even using personal firewall is better. one of the reasons people say that Linux is a more secure OS is unavailability of firewall in Windows. Linux comes with strong firewall in popular distributions. Here is my estimate of the security your windows box: 1 no firewall at all 2 using MS build-in packet filter 3 personal firewall 4 using a router with a firewall 5 using "real" firewall that is statefull on common OS 6 using "real" firewall that is statefull on dedicated OS 7 using "real" proxy firewall on common OS 8 using "real" proxy firewall on dedicated OS I would tie 6 and 7. Of course, specifics of the product will matter a lot and knowledge of the person that sets it all up. So above is only very general outline. TK [Tom Kitta] -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 4:32 PM To: CF-Talk Subject: Re: OT-Firewall Mike Brunt wrote: > Eric, we use Tiny Firewall for this sort of requirement. > > http://www.tinysoftware.com/home/tiny2?la=EN > > Hth, I am sure Jochem will have some good recommendations on this also. I'm not sure if they are good, I could use some peer review ;-) My usual solution is to enable the built-in packetfilter and don't run anything else. Open port 80 for HTTP and optionally 21 for FTP (active only), 443 for HTTPS, X for remote control software and leave the rest closed. UDP is a bit more tricky, DNS will fail because you are really using a client and the client runs on an ephemeral port (the server runs on 53). You should be able to get around this if you have a second NIC and your DNS server is on the local subnet, or else I just leave it unfiltered (it is filtered at the router here anyway.) After that, follow the instructions in the Microsoft TCP/IP whitepaper [1] to further harden your stack. There are also some templates available from the NSA. Overall I have not had any problems with such a configuration. It is also a great way to connect unpatched systems during installation. [1]http://www.microsoft.com/windows2000/techinfo/howitworks/communications/n etworkbasics/tcpip_implement.asp Jochem -- I don't get it immigrants don't work and steal our jobs - Loesje [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: OT-Firewall
- Original Message - From: "Jochem van Dieten" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, February 04, 2004 2:32 PM Subject: Re: OT-Firewall > Mike Brunt wrote: > > Eric, we use Tiny Firewall for this sort of requirement. > > > > http://www.tinysoftware.com/home/tiny2?la=EN > > > > Hth, I am sure Jochem will have some good recommendations on this also. > > I'm not sure if they are good, I could use some peer review ;-) > > My usual solution is to enable the built-in packetfilter and > don't run anything else. Open port 80 for HTTP and optionally 21 > for FTP (active only), 443 for HTTPS, X for remote control > software and leave the rest closed. UDP is a bit more tricky, DNS > will fail because you are really using a client and the client > runs on an ephemeral port (the server runs on 53). You should be > able to get around this if you have a second NIC and your DNS > server is on the local subnet, or else I just leave it unfiltered > (it is filtered at the router here anyway.) > After that, follow the instructions in the Microsoft TCP/IP > whitepaper [1] to further harden your stack. There are also some > templates available from the NSA. > > Overall I have not had any problems with such a configuration. It > is also a great way to connect unpatched systems during installation. It's better than nothing, but not very flexible. I have yet to figure out, for instance, how to protect a box and still permit FTP out (for CFFTP). If you can't use a good, dedicated hardware or *nix firewall, then I'll second the nod for Tiny Firewall. Nice for standalone servers that you just need to plug into a network. A server license is $79 from Tiny Software. http://www.tinysoftware.com [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: OT-Firewall
Tom Kitta said: > Using just Windows packet filtering is not enough, it is stateless > and doesn't offer much protection. It is better than nothing at all, > but not much more. It is sufficient. If you are suffering from attacks that start messing with for instance syn flags *and* are subtle enough to pass the router, you have bigger problems anyway. > Here is my estimate of the security your windows box: > 1 no firewall at all > 2 using MS build-in packet filter > 3 personal firewall > 4 using a router with a firewall > 5 using "real" firewall that is statefull on common OS > 6 using "real" firewall that is statefull on dedicated OS > 7 using "real" proxy firewall on common OS > 8 using "real" proxy firewall on dedicated OS I would swap 2 and 3. Also, 4 to 8 might have different positions depending on what you are ranking exactly. I would rank a Cisco router with dedicated hardware firewall blades a bit higher as a "real" firewall on common OS. Jochem [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: OT-Firewall
We recommend Cisco and Sonicwall. For most applications, the SonicWall will do everything needed and it is has a great administrative interface. The Cisco PIX is more flexible, but it needs a lot of attention and an expensive Cisco maintenance contract so you have something to attend to it with. You can run one of these without going to Cisco's PIX school, but I don't recommend it. We do sell these, as well. Cary Gordon The Cherry Hill Company At 01:37 PM 2/4/2004 -0600, you wrote: >Ok so what HW Firewall would you recommend? [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
OT: Firewall Question
This is a multi-part message in MIME format. --=_NextPart_000_0016_01C05A52.F1CFA7F0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable My network administrator insists that opening ports 2047 and 2048 = through the Firewall is a security hazard. Can anyone advise me on this = please? I need to do send and receive video transmission. Jim Watkins http://www.ngtcollege.org --=_NextPart_000_0016_01C05A52.F1CFA7F0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable My network administrator insists that = opening ports=20 2047 and 2048 through the Firewall is a security hazard. Can = anyone advise=20 me on this please? I need to do send and receive video=20 transmission. Jim Watkinshttp://www.ngtcollege.org">http://www.ngtcollege.org --=_NextPart_000_0016_01C05A52.F1CFA7F0-- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: (OT) Firewall
We use sonicwall appliances and are very happy with them. They're easy to set up and work great.\ Regards, -- Howie Hamlin - inFusion Project Manager On-Line Data Solutions, Inc. - www.CoolFusion.com inFusion Mail Server (iMS) - The Award-winning, Intelligent Mail Server PrismAV - Virus scanning for ColdFusion applications >>> Find out how iMS Stacks up to the competition: http://www.coolfusion.com/imssecomparison.cfm - Original Message - From: Michael Dinowitz To: CF-Talk Sent: Monday, August 02, 2004 12:51 PM Subject: (OT) Firewall Anyone know of a god network firewall system? Zonealarm is good for a single machine, but I think that mothernature.com needs a system wide firewall. What do you use, what do you suggest? Thanks -- Michael Dinowitz http://www.houseoffusion.com For all your ColdFusion needs [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: (OT) Firewall
Michael Dinowitz wrote: > Anyone know of a god network firewall system? What features do you need? Statefull I presume, so how big should the state table be? Throughput in pps? SYN-proxy? Payload inspection? Redundancy/fail-over? Clickety-click or CLI? SSL-offloading? VPN-server? etc. Jochem [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: (OT) Firewall
Netscreen. Now Jupiter I think. Using them for over 4 years. Have not found one bad thing about Netscreen. At 09:51 AM 8/2/2004, you wrote: >Anyone know of a god network firewall system? Zonealarm is good for a >single machine, but I think that mothernature.com needs a system wide >firewall. What do you use, what do you suggest? >Thanks > >-- >Michael Dinowitz >http://www.houseoffusion.com >For all your ColdFusion needs > >-- >[Todays Threads] >[This Message] >[Subscription] >[Fast > Unsubscribe] [User Settings] >[Donations >and Support] > >-- > >57be21aa.jpg > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: (OT) Firewall
Hi Mike, >Anyone know of a god network firewall system? For his/her/its networks, common mythology has it the God uses a guy named Peter. However, the other side has its tools too: http://www.amazon.com/exec/obidos/tg/detail/-/B6L558/qid=1091465888/sr=8-1/ref=sr_8_xs_ap_i1_xgl14/002-8189120-5867211?v=glance&s=books&n=507846 Seriously though...as a developer who's not a network guy who's been asked to to networkish type stuff, I've had good luck with the rack-mountable, standalone, web-administratable dedicated devices made by Nokia and the like. My experience with software-based firewalls has been shaky, but, again, I'm not a netadmin. -joe - Original Message - From: Michael Dinowitz <[EMAIL PROTECTED]> Date: Mon, 2 Aug 2004 12:51:00 -0400 Subject: (OT) Firewall To: CF-Talk <[EMAIL PROTECTED]> Anyone know of a god network firewall system? Zonealarm is good for a single machine, but I think that mothernature.com needs a system wide firewall. What do you use, what do you suggest? Thanks -- Michael Dinowitz http://www.houseoffusion.com For all your ColdFusion needs [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: (OT) Firewall
>Anyone know of a god network firewall system? Zonealarm is good for a >single machine, but I think that mothernature.com needs a system wide >firewall. What do you use, what do you suggest? >Thanks i've used kerio for personal fw.. i /think/ they might have a network solution... http://www.kerio.com -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-[ Ctz Consulting ]-= =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-[ http://ctzconsulting.com ]-= [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: (OT) Firewall
Since the topic is sort of alive hereis there a good resource online to tell the differences in routers, switches, etc? I do programming and web dev for my company and trying to do light networking as needed here too. Thanks, Donna - Original Message - From: Critter To: CF-Talk Sent: Monday, August 02, 2004 12:01 PM Subject: Re: (OT) Firewall >Anyone know of a god network firewall system? Zonealarm is good for a >single machine, but I think that mothernature.com needs a system wide >firewall. What do you use, what do you suggest? >Thanks i've used kerio for personal fw.. i /think/ they might have a network solution... http://www.kerio.com -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-[ Ctz Consulting ]-= =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-[ http://ctzconsulting.com ]-= [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: (OT) Firewall
I second SonicWall. Piece of caketo use. -Original Message- From: Howie Hamlin [mailto:[EMAIL PROTECTED] Sent: Monday, August 02, 2004 12:56 PM To: CF-Talk Subject: Re: (OT) Firewall We use sonicwall appliances and are very happy with them. They're easy to set up and work great.\ Regards, -- Howie Hamlin - inFusion Project Manager On-Line Data Solutions, Inc. - www.CoolFusion.com inFusion Mail Server (iMS) - The Award-winning, Intelligent Mail Server PrismAV - Virus scanning for ColdFusion applications >>> Find out how iMS Stacks up to the competition: http://www.coolfusion.com/imssecomparison.cfm - Original Message - From: Michael Dinowitz To: CF-Talk Sent: Monday, August 02, 2004 12:51 PM Subject: (OT) Firewall Anyone know of a god network firewall system? Zonealarm is good for a single machine, but I think that mothernature.com needs a system wide firewall. What do you use, what do you suggest? Thanks -- Michael Dinowitz http://www.houseoffusion.com For all your ColdFusion needs [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: (OT) Firewall
I use a Watchguard Firebox X500 (scalable hardware solution, very reasonable, with lots of add ons). The new NetGear Gigabit switches are extremely reasonable. Still using a Cisco router... Cutter Michael Dinowitz wrote: > Anyone know of a god network firewall system? Zonealarm is good for a > single machine, but I think that mothernature.com needs a system wide > firewall. What do you use, what do you suggest? > Thanks > > -- > Michael Dinowitz > http://www.houseoffusion.com > For all your ColdFusion needs > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: (OT) Firewall
> > Anyone know of a god network firewall system? > > What features do you need? Statefull I presume, so how big > should the state table be? Throughput in pps? SYN-proxy? > Payload inspection? Redundancy/fail-over? Clickety-click or CLI? > SSL-offloading? VPN-server? etc. Jochem's asking all the right questions, as usual, but if you're interested in seeing how firewalls work, and don't mind building your own, you might look at one of the many Linux firewall distributions available, like Smoothwall. These can be perfectly suitable for many uses, and are kind of fun to play with as well. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: (OT) Firewall
Personally, I use IPTables for network firewall protection, both because of the price and the ease of use. For me, it is simpler to crank out a list of rules on the command line than to trust some GUI that may or may not be doing what it says it is doing. Also, as a Flash developer who sometimes works with 'wierd ports', being able to configure NAT on the fly is incredibly useful. M Michael Dinowitz <[EMAIL PROTECTED]> wrote: Anyone know of a god network firewall system? Zonealarm is good for a single machine, but I think that mothernature.com needs a system wide firewall. What do you use, what do you suggest? Thanks -- Michael Dinowitz http://www.houseoffusion.com For all your ColdFusion needs [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: (OT) Firewall
Checkpoint solutions is easy to setup and manage. Tha hardware / software bundles (for example NOKIA IP130) is very close to a "solid state firewall" if such a thing existed :) http://www.checkpoint.com/products/choice/platforms.html IMHO... Helge (-: From: Michael Dinowitz [mailto:[EMAIL PROTECTED] Sent: 2. august 2004 18:51 To: CF-Talk Subject: (OT) Firewall Anyone know of a god network firewall system? Zonealarm is good for a single machine, but I think that mothernature.com needs a system wide firewall. What do you use, what do you suggest? Thanks -- Michael Dinowitz http://www.houseoffusion.com For all your ColdFusion needs [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: (OT) Firewall
Dave Watts wrote: >> >> What features do you need? Statefull I presume, so how big >> should the state table be? Throughput in pps? SYN-proxy? >> Payload inspection? Redundancy/fail-over? Clickety-click or CLI? >> SSL-offloading? VPN-server? etc. > > Jochem's asking all the right questions, as usual, but if you're interested > in seeing how firewalls work, and don't mind building your own, you might > look at one of the many Linux firewall distributions available, like > Smoothwall. These can be perfectly suitable for many uses, and are kind of > fun to play with as well. I was probably going to recommend that anyway, only when you are firewalling a very fat pipe (Gbit or more) or you have specialty requirements you might need something with specialty hardware. The difference is that I would recommend to build your own on OpenBSD. OpenBSD is pretty much designed for running on the edge of your network, and IMHO it is far ahead of other firewall systems in terms of power and features. Statefull firewall clustering, loadbalancing and failover, SYN-proxy, an IP-based anti-spam solution of the ugliest kind (for the spammer) integrated into the firewall right on top of what is arguably the most secure Unix ever: http://www.countersiege.com/doc/pfsync-carp/ http://www.openbsd.org/ The upside of OpenBSD: everything is in the manual. The downside of OpenBSD: the developers are not afraid of strong words to tell you so. Jochem [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: (OT) Firewall
> The difference is that I would recommend to build your own on > OpenBSD. OpenBSD is pretty much designed for running on the > edge of your network, and IMHO it is far ahead of other > firewall systems in terms of power and features. Yeah, the only reason I didn't recommend it is because I think it's a little harder to learn those. But they're definitely worth learning! Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: (OT) Firewall
We use, recommend and sell SonicWall products. We also sell Cisco (Pix). SonicWall is reasonably priced, easy to use, and well supported. Cary Gordon The Cherry Hill Company _ From: Michael Dinowitz [mailto:[EMAIL PROTECTED] Sent: Monday, August 02, 2004 9:51 AM To: CF-Talk Subject: (OT) Firewall Anyone know of a god network firewall system? Zonealarm is good for a single machine, but I think that mothernature.com needs a system wide firewall. What do you use, what do you suggest? Thanks -- Michael Dinowitz http://www.houseoffusion.com For all your ColdFusion needs _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: (OT) Firewall
I have been using IPCop with great success for a couple of years now. Simple to use, fast to respond to patching requirements. Old versions are RedHat based but the current Dev Tree uses Linux From Scratch. -- Jay > -Original Message- > From: Michael Dinowitz [mailto:[EMAIL PROTECTED] > Sent: 02 August 2004 17:51 > To: CF-Talk > Subject: (OT) Firewall > > Anyone know of a god network firewall system? Zonealarm is > good for a single machine, but I think that mothernature.com > needs a system wide firewall. What do you use, what do you suggest? > Thanks > > -- > Michael Dinowitz > http://www.houseoffusion.com > For all your ColdFusion needs > > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
OT: Firewall question
Which is more secure: Running your firewall on the NT 2003 Server or running it on a router? Andy ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:193864 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: RE: OT-Firewall
Eric, we use Tiny Firewall for this sort of requirement. http://www.tinysoftware.com/home/tiny2?la=EN Hth, I am sure Jochem will have some good recommendations on this also. Kind Regards - Mike Brunt Original Message --- OS - Single Web server running Win2kSP4 Looking for software. _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: OT: Firewall question
Andy Ousterhout wrote: > Which is more secure: Running your firewall on the NT 2003 Server or running > it on a router? Both. Jochem ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:193868 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: OT: Firewall question
LOL. So both can be equally secure? -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 09, 2005 10:50 AM To: CF-Talk Subject: Re: OT: Firewall question Andy Ousterhout wrote: > Which is more secure: Running your firewall on the NT 2003 Server or running > it on a router? Both. Jochem ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:193871 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: OT: Firewall question
Andy Ousterhout wrote: > LOL. So both can be equally secure? Yes, they can be equally secure. But why not run one on both? Jochem ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:193873 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: OT: Firewall question
Well, cause I don't need the router if I go directly to the NT machine (I've got a hub too). So the doubling up adds 1 more layer to be broken thru? So you route LAN through router into Server and out of Server to hub? Andy -Original Message- From: Jochem van Dieten Andy Ousterhout wrote: > LOL. So both can be equally secure? Yes, they can be equally secure. But why not run one on both? Jochem ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:193877 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: OT: Firewall question
With a hardware firewall to be extra safe. -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: 09 February 2005 16:57 To: CF-Talk Subject: Re: OT: Firewall question Andy Ousterhout wrote: > LOL. So both can be equally secure? Yes, they can be equally secure. But why not run one on both? Jochem ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:193881 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: OT: Firewall question
Andy Ousterhout wrote: > Well, cause I don't need the router if I go directly to the NT machine (I've > got a hub too). So the doubling up adds 1 more layer to be broken thru? So > you route LAN through router into Server and out of Server to hub? Hub? LAN? WAN? Router? Firewall? How about some ASCII art? Jochem ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:193888 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
sort of OT: firewall issues
Hi Folks, Has anyone else had problems with clients using firewalls/proxy servers not being able to upload files? Not being the server person, I don't even know what to tell this client, other than that our server guy says we're not showing any errors from his IP in our error logs, so the upload is never even getting to our server. He can log into the protected area just fine, he just can't seem to send a file out. Our html server logs show that he's coming through an MS proxy server 2.0. Thanks! Deanna Schneider Interactive Media Developer [EMAIL PROTECTED] ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: sort of OT: firewall issues
No, just the opposite - all of my clients are using either firewalls or proxy servers and have no trouble at all uploading files to their respective sites residing on my server. JoAnn A. Schlosser Senior Consultant Association Management Software Grant Thornton LLP Washington, D. C. 703.837.4428 -Original Message- From: Deanna Schneider [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 16, 2001 3:32 PM To: CF-Talk Subject: sort of OT: firewall issues Hi Folks, Has anyone else had problems with clients using firewalls/proxy servers not being able to upload files? Not being the server person, I don't even know what to tell this client, other than that our server guy says we're not showing any errors from his IP in our error logs, so the upload is never even getting to our server. He can log into the protected area just fine, he just can't seem to send a file out. Our html server logs show that he's coming through an MS proxy server 2.0. Thanks! Deanna Schneider Interactive Media Developer [EMAIL PROTECTED] ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: sort of OT: firewall issues
Most system admins will block outgoing traffic on port 21 which is the default FTP port. I've run into the same situation with other clients several times and this is the case. The reasons for them doing this though varies to bandwidth monitoring or ensuring emplyees are working and not playing. Dan Phillips CFXHosting.com -Original Message- From: Deanna Schneider [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 16, 2001 3:32 PM To: CF-Talk Subject: sort of OT: firewall issues Hi Folks, Has anyone else had problems with clients using firewalls/proxy servers not being able to upload files? Not being the server person, I don't even know what to tell this client, other than that our server guy says we're not showing any errors from his IP in our error logs, so the upload is never even getting to our server. He can log into the protected area just fine, he just can't seem to send a file out. Our html server logs show that he's coming through an MS proxy server 2.0. Thanks! Deanna Schneider Interactive Media Developer [EMAIL PROTECTED] ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: sort of OT: firewall issues
This is true also. There are about 101 ways to do Firewalls and Proxy servers. What is or isn't allowed it really up to the sys admin. When I used to work for a networking company, I had one client that wanted me to config the firewall to access nothing but port 80. Dan Phillips CFXHosting.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 16, 2001 3:34 PM To: CF-Talk Subject: RE: sort of OT: firewall issues No, just the opposite - all of my clients are using either firewalls or proxy servers and have no trouble at all uploading files to their respective sites residing on my server. JoAnn A. Schlosser Senior Consultant Association Management Software Grant Thornton LLP Washington, D. C. 703.837.4428 -Original Message- From: Deanna Schneider [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 16, 2001 3:32 PM To: CF-Talk Subject: sort of OT: firewall issues Hi Folks, Has anyone else had problems with clients using firewalls/proxy servers not being able to upload files? Not being the server person, I don't even know what to tell this client, other than that our server guy says we're not showing any errors from his IP in our error logs, so the upload is never even getting to our server. He can log into the protected area just fine, he just can't seem to send a file out. Our html server logs show that he's coming through an MS proxy server 2.0. Thanks! Deanna Schneider Interactive Media Developer [EMAIL PROTECTED] ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists