Re: OT: Firewall question
Andy Ousterhout wrote: Which is more secure: Running your firewall on the NT 2003 Server or running it on a router? Both. Jochem ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:193868 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: OT: Firewall question
LOL. So both can be equally secure? -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 09, 2005 10:50 AM To: CF-Talk Subject: Re: OT: Firewall question Andy Ousterhout wrote: Which is more secure: Running your firewall on the NT 2003 Server or running it on a router? Both. Jochem ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:193871 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: OT: Firewall question
Andy Ousterhout wrote: LOL. So both can be equally secure? Yes, they can be equally secure. But why not run one on both? Jochem ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:193873 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: OT: Firewall question
Well, cause I don't need the router if I go directly to the NT machine (I've got a hub too). So the doubling up adds 1 more layer to be broken thru? So you route LAN through router into Server and out of Server to hub? Andy -Original Message- From: Jochem van Dieten Andy Ousterhout wrote: LOL. So both can be equally secure? Yes, they can be equally secure. But why not run one on both? Jochem ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:193877 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: OT: Firewall question
With a hardware firewall to be extra safe. -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: 09 February 2005 16:57 To: CF-Talk Subject: Re: OT: Firewall question Andy Ousterhout wrote: LOL. So both can be equally secure? Yes, they can be equally secure. But why not run one on both? Jochem ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:193881 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: OT: Firewall question
Andy Ousterhout wrote: Well, cause I don't need the router if I go directly to the NT machine (I've got a hub too). So the doubling up adds 1 more layer to be broken thru? So you route LAN through router into Server and out of Server to hub? Hub? LAN? WAN? Router? Firewall? How about some ASCII art? Jochem ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:193888 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: (OT) Firewall
I have been using IPCop with great success for a couple of years now. Simple to use, fast to respond to patching requirements.Old versions are RedHat based but the current Dev Tree uses Linux From Scratch. -- Jay -Original Message- From: Michael Dinowitz [mailto:[EMAIL PROTECTED] Sent: 02 August 2004 17:51 To: CF-Talk Subject: (OT) Firewall Anyone know of a god network firewall system? Zonealarm is good for a single machine, but I think that mothernature.com needs a system wide firewall. What do you use, what do you suggest? Thanks -- Michael Dinowitz http://www.houseoffusion.com For all your ColdFusion needs [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: (OT) Firewall
We use sonicwall appliances and are very happy with them.They're easy to set up and work great.\ Regards, -- Howie Hamlin - inFusion Project Manager On-Line Data Solutions, Inc. - www.CoolFusion.com inFusion Mail Server (iMS) - The Award-winning, Intelligent Mail Server PrismAV - Virus scanning for ColdFusion applications Find out how iMS Stacks up to the competition: http://www.coolfusion.com/imssecomparison.cfm - Original Message - From: Michael Dinowitz To: CF-Talk Sent: Monday, August 02, 2004 12:51 PM Subject: (OT) Firewall Anyone know of a god network firewall system? Zonealarm is good for a single machine, but I think that mothernature.com needs a system wide firewall. What do you use, what do you suggest? Thanks -- Michael Dinowitz http://www.houseoffusion.com For all your ColdFusion needs [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: (OT) Firewall
Michael Dinowitz wrote: Anyone know of a god network firewall system? What features do you need? Statefull I presume, so how big should the state table be? Throughput in pps? SYN-proxy? Payload inspection? Redundancy/fail-over? Clickety-click or CLI? SSL-offloading? VPN-server? etc. Jochem [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: (OT) Firewall
Netscreen.Now Jupiter I think. Using them for over 4 years.Have not found one bad thing about Netscreen. At 09:51 AM 8/2/2004, you wrote: Anyone know of a god network firewall system? Zonealarm is good for a single machine, but I think that mothernature.com needs a system wide firewall. What do you use, what do you suggest? Thanks -- Michael Dinowitz http://www.houseoffusion.com For all your ColdFusion needs -- [http://www.houseoffusion.com/lists.cfm/link=t:4Todays Threads] [http://www.houseoffusion.com/lists.cfm/link=i:4:172759This Message] [http://www.houseoffusion.com/lists.cfm/link=s:4Subscription] [http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=649.569.4Fast Unsubscribe] [http://www.houseoffusion.com/signin/User Settings] [https://www.paypal.com/cgi-bin/webscr?amount=item_name=House+of+Fusionbusiness=donations%40houseoffusion.comundefined_quantity=cmd=_xclickDonations and Support] -- http://www.houseoffusion.com/banners/view.cfm?bannerid=35 57be21aa.jpg [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: (OT) Firewall
Hi Mike, Anyone know of a god network firewall system? For his/her/its networks, common mythology has it the God uses a guy named Peter.However, the other side has its tools too: http://www.amazon.com/exec/obidos/tg/detail/-/B6L558/qid=1091465888/sr=8-1/ref=sr_8_xs_ap_i1_xgl14/002-8189120-5867211?v=glances=booksn=507846 Seriously though...as a developer who's not a network guy who's been asked to to networkish type stuff, I've had good luck with the rack-mountable, standalone, web-administratable dedicated devices made by Nokia and the like.My experience with software-based firewalls has been shaky, but, again, I'm not a netadmin. -joe - Original Message - From: Michael Dinowitz [EMAIL PROTECTED] Date: Mon, 2 Aug 2004 12:51:00 -0400 Subject: (OT) Firewall To: CF-Talk [EMAIL PROTECTED] Anyone know of a god network firewall system? Zonealarm is good for a single machine, but I think that mothernature.com needs a system wide firewall. What do you use, what do you suggest? Thanks -- Michael Dinowitz http://www.houseoffusion.com For all your ColdFusion needs [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: (OT) Firewall
Anyone know of a god network firewall system? Zonealarm is good for a single machine, but I think that mothernature.com needs a system wide firewall. What do you use, what do you suggest? Thanks i've used kerio for personal fw.. i /think/ they might have a network solution... http://www.kerio.com -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-[ Ctz Consulting ]-= =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-[ http://ctzconsulting.com ]-= [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: (OT) Firewall
Since the topic is sort of alive hereis there a good resource online to tell the differences in routers, switches, etc? I do programming and web dev for my company and trying to do light networking as needed here too. Thanks, Donna - Original Message - From: Critter To: CF-Talk Sent: Monday, August 02, 2004 12:01 PM Subject: Re: (OT) Firewall Anyone know of a god network firewall system? Zonealarm is good for a single machine, but I think that mothernature.com needs a system wide firewall. What do you use, what do you suggest? Thanks i've used kerio for personal fw.. i /think/ they might have a network solution... http://www.kerio.com -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-[ Ctz Consulting ]-= =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-[ http://ctzconsulting.com ]-= [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: (OT) Firewall
I second SonicWall. Piece of caketo use. -Original Message- From: Howie Hamlin [mailto:[EMAIL PROTECTED] Sent: Monday, August 02, 2004 12:56 PM To: CF-Talk Subject: Re: (OT) Firewall We use sonicwall appliances and are very happy with them.They're easy to set up and work great.\ Regards, -- Howie Hamlin - inFusion Project Manager On-Line Data Solutions, Inc. - www.CoolFusion.com inFusion Mail Server (iMS) - The Award-winning, Intelligent Mail Server PrismAV - Virus scanning for ColdFusion applications Find out how iMS Stacks up to the competition: http://www.coolfusion.com/imssecomparison.cfm - Original Message - From: Michael Dinowitz To: CF-Talk Sent: Monday, August 02, 2004 12:51 PM Subject: (OT) Firewall Anyone know of a god network firewall system? Zonealarm is good for a single machine, but I think that mothernature.com needs a system wide firewall. What do you use, what do you suggest? Thanks -- Michael Dinowitz http://www.houseoffusion.com For all your ColdFusion needs [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: (OT) Firewall
I use a Watchguard Firebox X500 (scalable hardware solution, very reasonable, with lots of add ons). The new NetGear Gigabit switches are extremely reasonable. Still using a Cisco router... Cutter Michael Dinowitz wrote: Anyone know of a god network firewall system? Zonealarm is good for a single machine, but I think that mothernature.com needs a system wide firewall. What do you use, what do you suggest? Thanks -- Michael Dinowitz http://www.houseoffusion.com For all your ColdFusion needs [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: (OT) Firewall
Anyone know of a god network firewall system? What features do you need? Statefull I presume, so how big should the state table be? Throughput in pps? SYN-proxy? Payload inspection? Redundancy/fail-over? Clickety-click or CLI? SSL-offloading? VPN-server? etc. Jochem's asking all the right questions, as usual, but if you're interested in seeing how firewalls work, and don't mind building your own, you might look at one of the many Linux firewall distributions available, like Smoothwall. These can be perfectly suitable for many uses, and are kind of fun to play with as well. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: (OT) Firewall
Personally, I use IPTables for network firewall protection, both because of the price and the ease of use. For me, it is simpler to crank out a list of rules on the command line than to trust some GUI that may or may not be doing what it says it is doing. Also, as a Flash developer who sometimes works with 'wierd ports', being able to configure NAT on the fly is incredibly useful. M Michael Dinowitz [EMAIL PROTECTED] wrote: Anyone know of a god network firewall system? Zonealarm is good for a single machine, but I think that mothernature.com needs a system wide firewall. What do you use, what do you suggest? Thanks -- Michael Dinowitz http://www.houseoffusion.com For all your ColdFusion needs [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: (OT) Firewall
Checkpoint solutions is easy to setup and manage. Tha hardware / software bundles (for example NOKIA IP130) is very close to a solid state firewall if such a thing existed :) http://www.checkpoint.com/products/choice/platforms.html IMHO... Helge (-: From: Michael Dinowitz [mailto:[EMAIL PROTECTED] Sent: 2. august 2004 18:51 To: CF-Talk Subject: (OT) Firewall Anyone know of a god network firewall system? Zonealarm is good for a single machine, but I think that mothernature.com needs a system wide firewall. What do you use, what do you suggest? Thanks -- Michael Dinowitz http://www.houseoffusion.com For all your ColdFusion needs [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: (OT) Firewall
Dave Watts wrote: What features do you need? Statefull I presume, so how big should the state table be? Throughput in pps? SYN-proxy? Payload inspection? Redundancy/fail-over? Clickety-click or CLI? SSL-offloading? VPN-server? etc. Jochem's asking all the right questions, as usual, but if you're interested in seeing how firewalls work, and don't mind building your own, you might look at one of the many Linux firewall distributions available, like Smoothwall. These can be perfectly suitable for many uses, and are kind of fun to play with as well. I was probably going to recommend that anyway, only when you are firewalling a very fat pipe (Gbit or more) or you have specialty requirements you might need something with specialty hardware. The difference is that I would recommend to build your own on OpenBSD. OpenBSD is pretty much designed for running on the edge of your network, and IMHO it is far ahead of other firewall systems in terms of power and features. Statefull firewall clustering, loadbalancing and failover, SYN-proxy, an IP-based anti-spam solution of the ugliest kind (for the spammer) integrated into the firewall right on top of what is arguably the most secure Unix ever: http://www.countersiege.com/doc/pfsync-carp/ http://www.openbsd.org/ The upside of OpenBSD: everything is in the manual. The downside of OpenBSD: the developers are not afraid of strong words to tell you so. Jochem [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: (OT) Firewall
The difference is that I would recommend to build your own on OpenBSD. OpenBSD is pretty much designed for running on the edge of your network, and IMHO it is far ahead of other firewall systems in terms of power and features. Yeah, the only reason I didn't recommend it is because I think it's a little harder to learn those. But they're definitely worth learning! Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: (OT) Firewall
We use, recommend and sell SonicWall products.We also sell Cisco (Pix). SonicWall is reasonably priced, easy to use, and well supported. Cary Gordon The Cherry Hill Company _ From: Michael Dinowitz [mailto:[EMAIL PROTECTED] Sent: Monday, August 02, 2004 9:51 AM To: CF-Talk Subject: (OT) Firewall Anyone know of a god network firewall system? Zonealarm is good for a single machine, but I think that mothernature.com needs a system wide firewall. What do you use, what do you suggest? Thanks -- Michael Dinowitz http://www.houseoffusion.com For all your ColdFusion needs _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: OT-Firewall
Tom Kitta said: Using just Windows packet filtering is not enough, it is stateless and doesn't offer much protection. It is better than nothing at all, but not much more. It is sufficient. If you are suffering from attacks that start messing with for instance syn flags *and* are subtle enough to pass the router, you have bigger problems anyway. Here is my estimate of the security your windows box: 1 no firewall at all 2 using MS build-in packet filter 3 personal firewall 4 using a router with a firewall 5 using real firewall that is statefull on common OS 6 using real firewall that is statefull on dedicated OS 7 using real proxy firewall on common OS 8 using real proxy firewall on dedicated OS I would swap 2 and 3. Also, 4 to 8 might have different positions depending on what you are ranking exactly. I would rank a Cisco router with dedicated hardware firewall blades a bit higher as a real firewall on common OS. Jochem [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: OT-Firewall
We recommend Cisco and Sonicwall. For most applications, the SonicWall will do everything needed and it is has a great administrative interface. The Cisco PIX is more flexible, but it needs a lot of attention and an expensive Cisco maintenance contract so you have something to attend to it with.You can run one of these without going to Cisco's PIX school, but I don't recommend it. We do sell these, as well. Cary Gordon The Cherry Hill Company At 01:37 PM 2/4/2004 -0600, you wrote: Ok so what HW Firewall would you recommend? [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: OT-Firewall
Eric Creese wrote: Any recommendations for a good, inexpensive firewall for a web server? Hardware or software? If hardware, other server running a diskless OpenBSD. If software, which OS? Jochem -- I don't get it immigrants don't work and steal our jobs - Loesje [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: OT-Firewall
OS - Single Web server running Win2kSP4 Looking for software. _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: OT-Firewall
If you want something easy to setup, it will not be free, but will cost you a bit. Most hard to setup FW are 'free' i.e. they either come with operating system or are free add ons (like using Linux or OpenBSD. Try to look for an appliance (otherwise known as HW firewall) - a little box which is designed to just do firewalling for you, they tend to be more secure, cheaper (than say ISA on windows box) and easier to setup than FW running on top of a well known OS. You may also consider picking a good book, since any firewall can live up to its full potential only if the sysadmin knows what he/she is doing. TK -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 1:04 PM To: CF-Talk Subject: Re: OT-Firewall Eric Creese wrote: Any recommendations for a good, inexpensive firewall for a web server? Hardware or software? If hardware, other server running a diskless OpenBSD. If software, which OS? Jochem -- I don't get it immigrants don't work and steal our jobs - Loesje [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: RE: OT-Firewall
Eric, we use Tiny Firewall for this sort of requirement. http://www.tinysoftware.com/home/tiny2?la=EN Hth, I am sure Jochem will have some good recommendations on this also. Kind Regards - Mike Brunt Original Message --- OS - Single Web server running Win2kSP4 Looking for software. _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: OT-Firewall
Ok so what HW Firewall would you recommend? -Original Message- From: Tom Kitta [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 12:16 PM To: CF-Talk Subject: RE: OT-Firewall If you want something easy to setup, it will not be free, but will cost you a bit. Most hard to setup FW are 'free' i.e. they either come with operating system or are free add ons (like using Linux or OpenBSD. Try to look for an appliance (otherwise known as HW firewall) - a little box which is designed to just do firewalling for you, they tend to be more secure, cheaper (than say ISA on windows box) and easier to setup than FW running on top of a well known OS. You may also consider picking a good book, since any firewall can live up to its full potential only if the sysadmin knows what he/she is doing. TK -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 1:04 PM To: CF-Talk Subject: Re: OT-Firewall Eric Creese wrote: Any recommendations for a good, inexpensive firewall for a web server? Hardware or software? If hardware, other server running a diskless OpenBSD. If software, which OS? Jochem -- I don't get it immigrants don't work and steal our jobs - Loesje _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: OT-Firewall
nokia ip380 is what we just installed, 2 of them with checkpoint's latest release.hardened hardware with a solid software platform running on it! tw -Original Message- From: Eric Creese [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 2:37 PM To: CF-Talk Subject: RE: OT-Firewall Ok so what HW Firewall would you recommend? -Original Message- From: Tom Kitta [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 12:16 PM To: CF-Talk Subject: RE: OT-Firewall If you want something easy to setup, it will not be free, but will cost you a bit. Most hard to setup FW are 'free' i.e. they either come with operating system or are free add ons (like using Linux or OpenBSD. Try to look for an appliance (otherwise known as HW firewall) - a little box which is designed to just do firewalling for you, they tend to be more secure, cheaper (than say ISA on windows box) and easier to setup than FW running on top of a well known OS. You may also consider picking a good book, since any firewall can live up to its full potential only if the sysadmin knows what he/she is doing. TK -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 1:04 PM To: CF-Talk Subject: Re: OT-Firewall Eric Creese wrote: Any recommendations for a good, inexpensive firewall for a web server? Hardware or software? If hardware, other server running a diskless OpenBSD. If software, which OS? Jochem -- I don't get it immigrants don't work and steal our jobs - Loesje _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: OT-Firewall
Netscreen.They have a rack-mountable unlimited session device for less than $1000.Then there's always Cisco. -Original Message- From: Eric Creese [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 11:54 AM To: CF-Talk Subject: OT-Firewall Any recommendations for a good, inexpensive firewall for a web server? _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: OT-Firewall
If you would like something cheap and easy to use go for SonicWall. If you want something (acording to some) more secure but less easy to use go for fireBox. If you want ultimate security without any compromises go for Symantec Gauntlet - regarded as the best in the industry by most experts. You can find out more about these HW FW by going to their respective websites. There are many models to choose, prices vary a lot (usually you can get the box for much less than the listed price on company website). TK [Tom Kitta]-Original Message- From: Eric Creese [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 2:37 PM To: CF-Talk Subject: RE: OT-Firewall Ok so what HW Firewall would you recommend? -Original Message- From: Tom Kitta [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 12:16 PM To: CF-Talk Subject: RE: OT-Firewall If you want something easy to setup, it will not be free, but will cost you a bit. Most hard to setup FW are 'free' i.e. they either come with operating system or are free add ons (like using Linux or OpenBSD. Try to look for an appliance (otherwise known as HW firewall) - a little box which is designed to just do firewalling for you, they tend to be more secure, cheaper (than say ISA on windows box) and easier to setup than FW running on top of a well known OS. You may also consider picking a good book, since any firewall can live up to its full potential only if the sysadmin knows what he/she is doing. TK -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 1:04 PM To: CF-Talk Subject: Re: OT-Firewall Eric Creese wrote: Any recommendations for a good, inexpensive firewall for a web server? Hardware or software? If hardware, other server running a diskless OpenBSD. If software, which OS? Jochem -- I don't get it immigrants don't work and steal our jobs - Loesje _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: OT-Firewall
SmoothWall it's open source and free, runs likes a train and easy to install.. Taco Fleur Bloghttp://www.tacofleur.com/index/blog/ http://www.tacofleur.com/index/blog/ Methodology http://www.tacofleur.com/index/methodology/ Tell me and I will forget Show me and I will remember Teach me and I will learn -Original Message- From: Eric Creese [mailto:[EMAIL PROTECTED] Sent: Thursday, 5 February 2004 3:54 AM To: CF-Talk Subject: OT-Firewall Any recommendations for a good, inexpensive firewall for a web server? _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: OT-Firewall
Eric Creese wrote: OS - Single Web server running Win2kSP4 Looking for software. What sort of ruleset are you looking at? Doing simple only port 80 443 rules, or do you want to do stuff like limit the amount of syn's per remote IP address + total connection limit, statefull UDP filtering (for as far as UDP is statefull) etc. Can you talk to whoever controls the upstream router and have him block stuff? Have you looked into what is natively built into Win2K (or every 32-bit version of Windows for that matter)? Jochem -- I don't get it immigrants don't work and steal our jobs - Loesje [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: OT-Firewall
Mike Brunt wrote: Eric, we use Tiny Firewall for this sort of requirement. http://www.tinysoftware.com/home/tiny2?la=EN Hth, I am sure Jochem will have some good recommendations on this also. I'm not sure if they are good, I could use some peer review ;-) My usual solution is to enable the built-in packetfilter and don't run anything else. Open port 80 for HTTP and optionally 21 for FTP (active only), 443 for HTTPS, X for remote control software and leave the rest closed. UDP is a bit more tricky, DNS will fail because you are really using a client and the client runs on an ephemeral port (the server runs on 53). You should be able to get around this if you have a second NIC and your DNS server is on the local subnet, or else I just leave it unfiltered (it is filtered at the router here anyway.) After that, follow the instructions in the Microsoft TCP/IP whitepaper [1] to further harden your stack. There are also some templates available from the NSA. Overall I have not had any problems with such a configuration. It is also a great way to connect unpatched systems during installation. [1]http://www.microsoft.com/windows2000/techinfo/howitworks/communications/networkbasics/tcpip_implement.asp Jochem -- I don't get it immigrants don't work and steal our jobs - Loesje [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: OT-Firewall
Until we upgraded to a multi-server rack system we were quite happy with our Linksys 4 port firewall/router Under $100 and you can lock down ports , open up specific ports as needed for various serviceswith a web interface (need to be logged into the server)... At 12:13 PM 2/4/04, you wrote: OS - Single Web server running Win2kSP4 Looking for software. _ -- [ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: OT-Firewall
Using just Windows packet filtering is not enough, it is stateless and doesn't offer much protection. It is better than nothing at all, but not much more. Even using personal firewall is better. one of the reasons people say that Linux is a more secure OS is unavailability of firewall in Windows. Linux comes with strong firewall in popular distributions.Here is my estimate of the security your windows box: 1 no firewall at all 2 using MS build-in packet filter 3 personal firewall 4 using a router with a firewall 5 using real firewall that is statefull on common OS 6 using real firewall that is statefull on dedicated OS 7 using real proxy firewall on common OS 8 using real proxy firewall on dedicated OS I would tie 6 and 7. Of course, specifics of the product will matter a lot and knowledge of the person that sets it all up. So above is only very general outline. TK [Tom Kitta]-Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 4:32 PM To: CF-Talk Subject: Re: OT-Firewall Mike Brunt wrote: Eric, we use Tiny Firewall for this sort of requirement. http://www.tinysoftware.com/home/tiny2?la=EN Hth, I am sure Jochem will have some good recommendations on this also. I'm not sure if they are good, I could use some peer review ;-) My usual solution is to enable the built-in packetfilter and don't run anything else. Open port 80 for HTTP and optionally 21 for FTP (active only), 443 for HTTPS, X for remote control software and leave the rest closed. UDP is a bit more tricky, DNS will fail because you are really using a client and the client runs on an ephemeral port (the server runs on 53). You should be able to get around this if you have a second NIC and your DNS server is on the local subnet, or else I just leave it unfiltered (it is filtered at the router here anyway.) After that, follow the instructions in the Microsoft TCP/IP whitepaper [1] to further harden your stack. There are also some templates available from the NSA. Overall I have not had any problems with such a configuration. It is also a great way to connect unpatched systems during installation. [1]http://www.microsoft.com/windows2000/techinfo/howitworks/communications/n etworkbasics/tcpip_implement.asp Jochem -- I don't get it immigrants don't work and steal our jobs - Loesje [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: OT-Firewall
- Original Message - From: Jochem van Dieten [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 2:32 PM Subject: Re: OT-Firewall Mike Brunt wrote: Eric, we use Tiny Firewall for this sort of requirement. http://www.tinysoftware.com/home/tiny2?la=EN Hth, I am sure Jochem will have some good recommendations on this also. I'm not sure if they are good, I could use some peer review ;-) My usual solution is to enable the built-in packetfilter and don't run anything else. Open port 80 for HTTP and optionally 21 for FTP (active only), 443 for HTTPS, X for remote control software and leave the rest closed. UDP is a bit more tricky, DNS will fail because you are really using a client and the client runs on an ephemeral port (the server runs on 53). You should be able to get around this if you have a second NIC and your DNS server is on the local subnet, or else I just leave it unfiltered (it is filtered at the router here anyway.) After that, follow the instructions in the Microsoft TCP/IP whitepaper [1] to further harden your stack. There are also some templates available from the NSA. Overall I have not had any problems with such a configuration. It is also a great way to connect unpatched systems during installation. It's better than nothing, but not very flexible.I have yet to figure out, for instance, how to protect a box and still permit FTP out (for CFFTP). If you can't use a good, dedicated hardware or *nix firewall, then I'll second the nod for Tiny Firewall.Nice for standalone servers that you just need to plug into a network.A server license is $79 from Tiny Software. http://www.tinysoftware.com [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
