> A good firewall gives you more functionality than > mere port-blocking. A good > firewall protects you against DoS attacks which, for > one reason or another, > the O/S of your choice may not (I'm no Win2k expert, > but since when have > Microsoft ever got issues like 'security' and > 'robustness' even 90% right?).
MS bashing really doesn't do a lot to support your argument, particularly when you state that you're really not up on 2K). Keeping the system patched and updated, as well as applying a couple of well-documented Registry tweaks, will do a lot to protect you. In fact, I'd like to hear what DoS attacks you're talking about. What specific DoS attacks are out there that target the Win2K IP stack? > A good firewall records logfiles of traffic in and > out of your box - so that > even if your box is compromised in some fashion, you > have redundancy in your logs. Agreed. Other avenues include running snort (free, runs on Win2k, etc). > Firewalls aren't just to protect you against the > wilderness of the Internet. > They're also a great way to protect yourself against > badness happening > inside your own company, and a great way of > generally keeping an eye on > things - though, as stated, probably not the best > idea to run your firewall on a production web server. Will I fully agree, I would like to add a caveat. This is true, as long as the systems are monitored. I see too many systems, every day, that are set up and left to run, w/o an monitoring. __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
