A: Tiny Firewall works pretty well, as do the ones listed below(again, maybe not on the blackice...) B: VNC: free, works well, plain text. Or go the terminal services route. Now, both of these require open ports. 5900 and 3389 respectively. However you should limit (via whichever fw you choose) which IP's you can connect to those ports from. Agree with the below as well, cygwin is a huge saver of angst, especially coming from a *nix background. (ls is a spinal macro for me...)
When you get it built, poke it from another machine via nmap or the portscanning tool of your choice, to make sure you didn't miss anything obvious. Then hit it with a vuln scanner(retina, nessus, etc) and see if there are other obvious holes at the app/os layer. Again, patch patch patch. We occasionally get requests outside our norm(we do our own builds for customers): 'i built this box, can you put it up" We scan it thoroughly, and 9 times out of 10, we get preinstalled worms or viruses...always patch BEFORE you open the holes to it.... Hope that helps some, let me know if you want clarification on any....t On Thu, 7 Feb 2002, Scott Nursten wrote: > TGW, > > Get a freeware firewall on there as soon as possible. If he's willing to pay > for PCAnywhere, I would put VNC on and rather get him to pay for BlackICE > (although - maybe not), Norton Personal Firewall, ZoneAlarm Pro or something > of the sort. Install Snort on the box and trim your ruleset to match the > firewall + anything else you want to see. It might be handy to get the > cygwin utils on there (www.cygwin.com) as they supply you with all sorts of > good admin stuff from the GNU/Linux world that I just can't work without - > even on a Windows box. > > Other than that, best practises apply - use hfchknet to ensure you're > patched up-to-date at all times. Uninstall everything you don't need on the > box. Disable indexing and other random useless default services - and you're > away. > > HTH. > > Regards, > > Scott Nursten > > On 6/2/02 0:39, "TGW" <[EMAIL PROTECTED] spam> wrote: > > > Hello all. > > I am a Programmer/Administrator, and I need help with 1 server of mine. Just > > ideas, not money. :-) > > Well, this guy i work for, has a win2k server at an ISP servers farm, > > connected to the internet, with an ext IP. (192.XXX.XXX.XXX). Since he is > > cheap, he won't authorize me buy (almost) any software. > > Of course the win2k server is licensed, but he won't pay for anything else, > > so we are in the freeware market - I won't go pirate. > > > > My questions: > > This server should be a web (IIS based) server, Mail server, and optionally > > FTP server. I know it's quite a lot, even for a Dual PIII700, but that's the > > budget. > > 1) I reckon I need a software firewall. any ideas? > > 2) as a mail server I am using Mercury/32 from Pegasus. cons? > > 3) I need a remote control program. pcanyware10.5? ( I know it'll cost me, > > but i think i can make him buy this one too) > > 4) is there any more security software I should use? > > > > Please don't answer with " You need a DMZ with 3 servers, a honeypot , a log > > server"... > > I know all that. I've been a Linux Admin for about a year, and built it from > > scratch. > > It's the windows security I feel puzzled about. > > > > So, please, contribute all your 2cents. :-) > > TIA. > > > > Idan. > > > >
