Re: Windows server host based firewalls?

[Cal Frye <cjf () CALFRYE COM>]

Aaron Cayard-Roberts wrote:
> Hello all,
>
> We're primarily a *nix shop but we've been getting more and more windows
> 2003 servers as time goes on.  I've taken over supporting these and many
> of them aren't in a true DMZ.  Currently we don't have a standard method
> for firewalling them which I'd like to change.
>
> I'm wondering what others are using for host level firewalls.  Do you
> use the built in windows firewall or a 3rd party product?  Any
> recommendations or what to stay away from?

Hi, Aaron,
Here we rely on the Windows firewall (I think most host-based firewalls
are intended for the desktop and too chatty for unattended server
consoles, but I'm open to suggestions). More important, we have "ringed
around" our core router with firewalls, isolating most major network
segments, including central servers, from the rest and implementing
firewall rules as appropriate. Not a traditional DMZ, but layers of
trust and access.

If you use some form of NAC, you could there implement role-based access
controls, as well. Hope this helps. BTW, I expect to learn a bit more
about your network soon, as my daughter will likely be enrolling this
fall...  ;-)

--
Regards,
-- Cal Frye, Network Administrator, Oberlin College

   www.calfrye.com,  www.pitalabs.com

"A quart of ale is a dish for a king." --- William Shakespeare, A
Winter's Tale.