Security Basics mailing list archives
FW: win2k firewall
From: "Mahoney, Paul" <paul () fiberstarr com>
Date: Thu, 9 Jan 2003 00:13:22 -0800
Ok guys, I have to add my pennyworths here. I have for many years run web servers live on the Internet in environments with and without any type of firewall. I would not recommend this way to an individual, but the benefits seen through increased performance, lack of admin, reduced costing etc are easily identifiable. Additionally I have had experience with using BlackIce on W2k Web servers; I have not found this software reliable enough to be used in production environments, although it is a great product for workstations or on an 'as needed' basis for servers. Good design and thought to security policies is fundamental to the security of data. We should start not with the device, but the 'wire security' to it. Firstly I would recommend allowing, in a simple access list on a Cisco router to allow only port 80 and 443 inbound. Secondly it is imperative to harden that server in any way possible, without the addition of 3rd party software (Microsoft's website is a great starting point for this). Only once that is complete you should be asking yourself about Firewalls and IDS systems. With processing power and memory available, people are less concerned with shoehorning as many resources as possible from these machines; therefore it IS common place to see the likes of BlackIce etc on production servers. People have recommended the Cisco PIX firewall, a great device, a great price. However I feel that as this post is based upon WIN2K firewalls, I believe we need to look at something more like a GUI configuration. My advice would be to look at the Netscreen range of products, competitively priced, easy to configure and yes a top performer. Regards, Paul Mahoney FiberStarr Systems www.fiberstarr.com
Current thread:
- RE: win2k firewall, (continued)
- RE: win2k firewall Jimmy Sansi (Jan 09)
- RE: win2k firewall Jason Dixon (Jan 11)
- RE: win2k firewall David Gillett (Jan 13)
- re: win2k firewall Theo Spears (Jan 08)
- RE: win2k firewall Mark S. Searle (Jan 06)
- RE: win2k firewall Paul Carroll (Jan 07)
- RE: win2k firewall H C (Jan 07)
- RE: win2k firewall Mark S. Searle (Jan 08)
- RE: win2k firewall Zimin, Alex (Jan 09)
- RE: win2k firewall Richard H. Cotterell (Jan 21)
- FW: win2k firewall Mahoney, Paul (Jan 09)
- RE: win2k firewall Zimin, Alex (Jan 11)
- Re: win2k firewall alexanderdelarge (Jan 11)
- RE: win2k firewall Mahoney, Paul (Jan 15)
- win2k firewall Eric Griffin (Jan 21)