Bryan Stevenson wrote:
Can ya provide some insight here DaveI took a look at the IP Security
Policy
GUI and honestly didn't know what I was looking at.
Don't use the GUI, use the command line tool. It is documented at the MS
website and there are several example policies at
Can ya provide some insight here DaveI took a look at the
IP Security Policy GUI and honestly didn't know what I was
looking at. If it helps our setup is simple (and yes the
network is small...dev web serverfile server...6
workstations. We are using DSL with a D-Link router.
Thanks to Dave, Denny and Jochem for the IP Security Policy infoI see where
it's going now and will peruse the tutorials etc to get the full picture
Cheers
Bryan Stevenson B.Comm.
VP Director of E-Commerce Development
Electric Edge Systems Group Inc.
phone: 250.480.0642
fax: 250.480.1264
Hey All,
Looking for server OS (specifically MS 2003 Standard Server) firewall software
recommendations.
FYI...it's for a dev server...so not quite as sensitive as a prod server
TIA
Cheers
Bryan Stevenson B.Comm.
VP Director of E-Commerce Development
Electric Edge Systems Group Inc.
phone
the firewall that comes on your DSL router (i.e. NAT).
Russ
-Original Message-
From: Bryan Stevenson [mailto:[EMAIL PROTECTED]
Sent: Monday, June 12, 2006 12:57 PM
To: CF-Talk
Subject: SOT: Server firewall software
Hey All,
Looking for server OS (specifically MS 2003 Standard
Personally, I think all software firewalls are a POS. If you want a decent
firewall grab a hardware firewall, or set up a linux server and use
ipchains. For a dev server, it really depends on where you're hosting and
what you're trying to protect it from. Most shops will be fine with just
My list of recommendations are:
Hope this helps.
Jacob
-Original Message-
From: Bryan Stevenson [mailto:[EMAIL PROTECTED]
Sent: Monday, June 12, 2006 9:57 AM
To: CF-Talk
Subject: SOT: Server firewall software
Hey All,
Looking for server OS (specifically MS 2003 Standard Server
PROTECTED]
Sent: Monday, June 12, 2006 9:57 AM
To: CF-Talk
Subject: SOT: Server firewall software
Hey All,
Looking for server OS (specifically MS 2003 Standard Server) firewall
software recommendations.
FYI...it's for a dev server...so not quite as sensitive as a prod server
TIA
Cheers
My list of recommendations are:
Hope this helps.
Jacob
Oh good...the stand up comics have arrived...
Thanks for your incredibly helpful post Jacob...I'll be sure to give you the
same courtesy when you ask for some advice!!
Bryan Stevenson B.Comm.
VP Director of E-Commerce
.
-Original Message-
From: Bryan Stevenson [mailto:[EMAIL PROTECTED]
Sent: Monday, 12 June 2006 12:16
To: CF-Talk
Subject: Re: Server firewall software
Personally, I think all software firewalls are a POS. If you want a
decent firewall grab a hardware firewall, or set up a linux server
I realize you're after an answer for a software based firewall, but what we're
trying to tell you in a not so helpful way is that it isn't recommended to put
a software firewall on an OS. It adds overheard, can cause instability, and if
you're that worried about malware sending things from your
I find that having both covers area where both are weak and takes advantage
of both of their strengths. I didn't see the original posting...what OS are
you using? What about Black Ice? I think that comes in a format for the
server versions of Windows...not sure if it comes in Linux/Unix vers.
Looking for server OS (specifically MS 2003 Standard Server)
firewall software recommendations.
FYI...it's for a dev server...so not quite as sensitive as a
prod server
I recommend that you consider using the IP security policy functionality
built into Windows.
Dave Watts, CTO, Fig Leaf
I realize you're after an answer for a software based firewall, but what we're
trying to tell you in a not so helpful way is that it isn't recommended to put
a software firewall on an OS. It adds overheard, can cause instability, and if
you're that worried about malware sending things from your
I realize you're after an answer for a software based
firewall, but what we're trying to tell you in a not so
helpful way is that it isn't recommended to put a software
firewall on an OS. It adds overheard, can cause instability,
and if you're that worried about malware sending things
You forgot one other problem with software firewalls, Bob: Since the
firewall is installed on top of the OS it suffers from any/all
vulnerabilities that are present in the OS itself.
On 6/12/06, Robert Everland III [EMAIL PROTECTED] wrote:
I realize you're after an answer for a software based
I think that the Black Ice Server product supports only up to 2000 AS.
http://www.iss.net/find_products/server.php
You might check out the Tiny Firewall:
http://www.tinysoftware.com/home/tiny2?s=2583689172949511605A1pg=content05an=tf_comparisoncat=cat_tf6
Kerio WinRoute supports 2003 now as
I recommend that you consider using the IP security policy functionality
built into Windows.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Thanks Dave.
Now is that the ability to lock down a NIC card to only accept connections from
one (or a set of) IP?
Do you know where this
You forgot one other problem with software firewalls, Bob:
Since the firewall is installed on top of the OS it suffers
from any/all vulnerabilities that are present in the OS itself.
That's not necessarily true, actually. The firewall may well block access to
the vulnerability.
Dave Watts,
Thanks Ken!!
Bryan Stevenson B.Comm.
VP Director of E-Commerce Development
Electric Edge Systems Group Inc.
phone: 250.480.0642
fax: 250.480.1264
cell: 250.920.8830
e-mail: [EMAIL PROTECTED]
web: www.electricedgesystems.com
~|
an effect.
Eric
-Original Message-
From: Bryan Stevenson [mailto:[EMAIL PROTECTED]
Sent: Monday, 12 June 2006 12:54
To: CF-Talk
Subject: Re: Server firewall software
I find that having both covers area where both are weak and takes
advantage of both of their strengths. I didn't see
Now is that the ability to lock down a NIC card to only
accept connections from one (or a set of) IP?
You can specify rulesets of all sorts, but yes.
Do you know where this is located in Win 2003?
Administrative Tools ... Local Security Policy via the GUI, or secpol.msc
from the command
Thanks again Dave...I'll check that out.
Cheers
Bryan Stevenson B.Comm.
VP Director of E-Commerce Development
Electric Edge Systems Group Inc.
phone: 250.480.0642
fax: 250.480.1264
cell: 250.920.8830
e-mail: [EMAIL PROTECTED]
web: www.electricedgesystems.com
that works on a server.
On XP desktops, I do not have a problem with the Windows built-in software.
But this is not used as a server.
-Original Message-
From: Bryan Stevenson [mailto:[EMAIL PROTECTED]
Sent: Monday, June 12, 2006 10:43 AM
To: CF-Talk
Subject: Re: Server firewall software
]
web: www.electricedgesystems.com
- Original Message -
From: Jacob [EMAIL PROTECTED]
To: CF-Talk cf-talk@houseoffusion.com
Sent: Monday, June 12, 2006 12:00 PM
Subject: RE: Server firewall software
Enough of my smart comments... ;D
I have tried Windows built-in firewall, Zone Alarm
I have tried Windows built-in firewall, Zone Alarm, and
another software firewall (do not remember what it was) over
the past year. All three tests told me that software
firewalls on a server are nothing but a pain in the rear.
So, I can not recommend anything that works on a server.
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Monday, June 12, 2006 3:52 PM
To: CF-Talk
Subject: RE: Server firewall software
I have tried Windows built-in firewall, Zone Alarm, and
another software firewall (do not remember what it was) over
the past year. All three
PROTECTED]
web: www.electricedgesystems.com
- Original Message -
From: Russ [EMAIL PROTECTED]
To: CF-Talk cf-talk@houseoffusion.com
Sent: Monday, June 12, 2006 12:55 PM
Subject: RE: Server firewall software
Personally I would install a separate linux server (you can use it as a mail
server
On 6/12/06, Russ [EMAIL PROTECTED] wrote:
Personally I would install a separate linux server (you can use it as a mail
server, file server, or multitude of other uses), and use the iptables
firewall on there to manage the connections to your prd (or dev) web server.
While I'm not going to say
Personally I would install a separate linux server (you can
use it as a mail server, file server, or multitude of other
uses), and use the iptables firewall on there to manage the
connections to your prd (or dev) web server.
Iptables is one of the best firewalls out there, and if there
But that still doesn't solve Bryan's immediate problem, which is protecting
his host. Having a dedicated firewall is a good thing, but it is not a
substitute for appropriate host-based security unless you have a very, very
small network. And, if you do have a very, very small network, you can
I wish I remembered what the number of the MS test I took was. 214? 219?
Network administration or some such. At any rate, you can go out and
grab some of those testbusters or whatnot prep exams (the free ones)
aimed at that test, and run through them a couple of times, and you'll
learn all you
32 matches
Mail list logo
