Re: Server firewall software

2006-06-13 Thread Jochem van Dieten
Bryan Stevenson wrote: Can ya provide some insight here DaveI took a look at the IP Security Policy GUI and honestly didn't know what I was looking at. Don't use the GUI, use the command line tool. It is documented at the MS website and there are several example policies at

RE: Server firewall software

2006-06-13 Thread Dave Watts
Can ya provide some insight here DaveI took a look at the IP Security Policy GUI and honestly didn't know what I was looking at. If it helps our setup is simple (and yes the network is small...dev web serverfile server...6 workstations. We are using DSL with a D-Link router.

Re: Server firewall software

2006-06-13 Thread Bryan Stevenson
Thanks to Dave, Denny and Jochem for the IP Security Policy infoI see where it's going now and will peruse the tutorials etc to get the full picture Cheers Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264

SOT: Server firewall software

2006-06-12 Thread Bryan Stevenson
Hey All, Looking for server OS (specifically MS 2003 Standard Server) firewall software recommendations. FYI...it's for a dev server...so not quite as sensitive as a prod server TIA Cheers Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. phone

RE: Server firewall software

2006-06-12 Thread Russ
the firewall that comes on your DSL router (i.e. NAT). Russ -Original Message- From: Bryan Stevenson [mailto:[EMAIL PROTECTED] Sent: Monday, June 12, 2006 12:57 PM To: CF-Talk Subject: SOT: Server firewall software Hey All, Looking for server OS (specifically MS 2003 Standard

Re: Server firewall software

2006-06-12 Thread Bryan Stevenson
Personally, I think all software firewalls are a POS. If you want a decent firewall grab a hardware firewall, or set up a linux server and use ipchains. For a dev server, it really depends on where you're hosting and what you're trying to protect it from. Most shops will be fine with just

RE: Server firewall software

2006-06-12 Thread Jacob
My list of recommendations are: Hope this helps. Jacob -Original Message- From: Bryan Stevenson [mailto:[EMAIL PROTECTED] Sent: Monday, June 12, 2006 9:57 AM To: CF-Talk Subject: SOT: Server firewall software Hey All, Looking for server OS (specifically MS 2003 Standard Server

Re: Server firewall software

2006-06-12 Thread Rob Wilkerson
PROTECTED] Sent: Monday, June 12, 2006 9:57 AM To: CF-Talk Subject: SOT: Server firewall software Hey All, Looking for server OS (specifically MS 2003 Standard Server) firewall software recommendations. FYI...it's for a dev server...so not quite as sensitive as a prod server TIA Cheers

Re: Server firewall software

2006-06-12 Thread Bryan Stevenson
My list of recommendations are: Hope this helps. Jacob Oh good...the stand up comics have arrived... Thanks for your incredibly helpful post Jacob...I'll be sure to give you the same courtesy when you ask for some advice!! Bryan Stevenson B.Comm. VP Director of E-Commerce

RE: Server firewall software

2006-06-12 Thread Eric Roberts
. -Original Message- From: Bryan Stevenson [mailto:[EMAIL PROTECTED] Sent: Monday, 12 June 2006 12:16 To: CF-Talk Subject: Re: Server firewall software Personally, I think all software firewalls are a POS. If you want a decent firewall grab a hardware firewall, or set up a linux server

Re: Server firewall software

2006-06-12 Thread Robert Everland III
I realize you're after an answer for a software based firewall, but what we're trying to tell you in a not so helpful way is that it isn't recommended to put a software firewall on an OS. It adds overheard, can cause instability, and if you're that worried about malware sending things from your

Re: Server firewall software

2006-06-12 Thread Bryan Stevenson
I find that having both covers area where both are weak and takes advantage of both of their strengths. I didn't see the original posting...what OS are you using? What about Black Ice? I think that comes in a format for the server versions of Windows...not sure if it comes in Linux/Unix vers.

RE: Server firewall software

2006-06-12 Thread Dave Watts
Looking for server OS (specifically MS 2003 Standard Server) firewall software recommendations. FYI...it's for a dev server...so not quite as sensitive as a prod server I recommend that you consider using the IP security policy functionality built into Windows. Dave Watts, CTO, Fig Leaf

Re: Server firewall software

2006-06-12 Thread Bryan Stevenson
I realize you're after an answer for a software based firewall, but what we're trying to tell you in a not so helpful way is that it isn't recommended to put a software firewall on an OS. It adds overheard, can cause instability, and if you're that worried about malware sending things from your

RE: Server firewall software

2006-06-12 Thread Dave Watts
I realize you're after an answer for a software based firewall, but what we're trying to tell you in a not so helpful way is that it isn't recommended to put a software firewall on an OS. It adds overheard, can cause instability, and if you're that worried about malware sending things

Re: Server firewall software

2006-06-12 Thread Rob Wilkerson
You forgot one other problem with software firewalls, Bob: Since the firewall is installed on top of the OS it suffers from any/all vulnerabilities that are present in the OS itself. On 6/12/06, Robert Everland III [EMAIL PROTECTED] wrote: I realize you're after an answer for a software based

Re: Server firewall software

2006-06-12 Thread Ken Ferguson
I think that the Black Ice Server product supports only up to 2000 AS. http://www.iss.net/find_products/server.php You might check out the Tiny Firewall: http://www.tinysoftware.com/home/tiny2?s=2583689172949511605A1pg=content05an=tf_comparisoncat=cat_tf6 Kerio WinRoute supports 2003 now as

Re: Server firewall software

2006-06-12 Thread Bryan Stevenson
I recommend that you consider using the IP security policy functionality built into Windows. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Thanks Dave. Now is that the ability to lock down a NIC card to only accept connections from one (or a set of) IP? Do you know where this

RE: Server firewall software

2006-06-12 Thread Dave Watts
You forgot one other problem with software firewalls, Bob: Since the firewall is installed on top of the OS it suffers from any/all vulnerabilities that are present in the OS itself. That's not necessarily true, actually. The firewall may well block access to the vulnerability. Dave Watts,

Re: Server firewall software

2006-06-12 Thread Bryan Stevenson
Thanks Ken!! Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: [EMAIL PROTECTED] web: www.electricedgesystems.com ~|

RE: Server firewall software

2006-06-12 Thread Eric Roberts
an effect. Eric -Original Message- From: Bryan Stevenson [mailto:[EMAIL PROTECTED] Sent: Monday, 12 June 2006 12:54 To: CF-Talk Subject: Re: Server firewall software I find that having both covers area where both are weak and takes advantage of both of their strengths. I didn't see

RE: Server firewall software

2006-06-12 Thread Dave Watts
Now is that the ability to lock down a NIC card to only accept connections from one (or a set of) IP? You can specify rulesets of all sorts, but yes. Do you know where this is located in Win 2003? Administrative Tools ... Local Security Policy via the GUI, or secpol.msc from the command

Re: Server firewall software

2006-06-12 Thread Bryan Stevenson
Thanks again Dave...I'll check that out. Cheers Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: [EMAIL PROTECTED] web: www.electricedgesystems.com

RE: Server firewall software

2006-06-12 Thread Jacob
that works on a server. On XP desktops, I do not have a problem with the Windows built-in software. But this is not used as a server. -Original Message- From: Bryan Stevenson [mailto:[EMAIL PROTECTED] Sent: Monday, June 12, 2006 10:43 AM To: CF-Talk Subject: Re: Server firewall software

Re: Server firewall software

2006-06-12 Thread Bryan Stevenson
] web: www.electricedgesystems.com - Original Message - From: Jacob [EMAIL PROTECTED] To: CF-Talk cf-talk@houseoffusion.com Sent: Monday, June 12, 2006 12:00 PM Subject: RE: Server firewall software Enough of my smart comments... ;D I have tried Windows built-in firewall, Zone Alarm

RE: Server firewall software

2006-06-12 Thread Dave Watts
I have tried Windows built-in firewall, Zone Alarm, and another software firewall (do not remember what it was) over the past year. All three tests told me that software firewalls on a server are nothing but a pain in the rear. So, I can not recommend anything that works on a server.

RE: Server firewall software

2006-06-12 Thread Russ
-Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Monday, June 12, 2006 3:52 PM To: CF-Talk Subject: RE: Server firewall software I have tried Windows built-in firewall, Zone Alarm, and another software firewall (do not remember what it was) over the past year. All three

Re: Server firewall software

2006-06-12 Thread Bryan Stevenson
PROTECTED] web: www.electricedgesystems.com - Original Message - From: Russ [EMAIL PROTECTED] To: CF-Talk cf-talk@houseoffusion.com Sent: Monday, June 12, 2006 12:55 PM Subject: RE: Server firewall software Personally I would install a separate linux server (you can use it as a mail server

Re: Server firewall software

2006-06-12 Thread Jim Wright
On 6/12/06, Russ [EMAIL PROTECTED] wrote: Personally I would install a separate linux server (you can use it as a mail server, file server, or multitude of other uses), and use the iptables firewall on there to manage the connections to your prd (or dev) web server. While I'm not going to say

RE: Server firewall software

2006-06-12 Thread Dave Watts
Personally I would install a separate linux server (you can use it as a mail server, file server, or multitude of other uses), and use the iptables firewall on there to manage the connections to your prd (or dev) web server. Iptables is one of the best firewalls out there, and if there

Re: Server firewall software

2006-06-12 Thread Bryan Stevenson
But that still doesn't solve Bryan's immediate problem, which is protecting his host. Having a dedicated firewall is a good thing, but it is not a substitute for appropriate host-based security unless you have a very, very small network. And, if you do have a very, very small network, you can

Re: Server firewall software

2006-06-12 Thread Denny Valliant
I wish I remembered what the number of the MS test I took was. 214? 219? Network administration or some such. At any rate, you can go out and grab some of those testbusters or whatnot prep exams (the free ones) aimed at that test, and run through them a couple of times, and you'll learn all you