Re: host based firewall for windows 2003 server?

[Graham Toal <gtoal () UTPA EDU>]

> > What outgoing/incoming ports do other institutions block and why? 
>
>   There are now so many "applications" engineered to bypass 
> port filters (and/or tunnel over ports opened for other 
> purposes) that this is really no longer an adequate basis for 
> security.  I think we have to start getting serious about 
> proxies and deep inspection to verify that traffic really 
> complies with policy, and not just with port number use.

You are of course 100% right and going down the expensive path
of deep inspection is a loser's game.  Eventually all evil traffic
will look like an https POST or GET on port 443 and there'll
be no way of telling it from legitimate traffic.  Then the
battle will have to move to the host rather than the network -
or, as you say, via proxies, such as a network which is completely
sealed off from the outside world with only an application relay
proxy available for web, and no end to end privacy because the relay
has to supply the certificate in order to read the traffic.  That'll
be a sad day when it happens.  (Which may be sooner than you
think if the rumours about how Google will be implementing
their free wireless service are true?)

Meanwhile, a traditional firewall lets us pick the low-hanging
fruit...

G