Security Basics mailing list archives
RE: win2k firewall
From: "Rick Darsey" <rdarsey () aims1 com>
Date: Tue, 7 Jan 2003 07:55:58 -0600
I would have to disagree with HC's comments on this. First, there should always be some sort of protection between your LAN and the Internet. A physical firewall that will do NAT is the best. This will allow the traffic you want to reach the appropriate machine, but block anything else. It also allows you to use several different systems for different functions, ie FTP, SMTP, POP, HTTP, adding another level of security. Second, if you start shutting down services on the W2K machine, then you are restricting access from within the LAN, making Administration and updating the system much harder, as it cannot be dont remotely. If you follow this path, and turn off all the services you can think of, and miss one, then you are open to an attack. With a physical firewall, you specify what to allow, not what to disallow, making it much harder to miss something critical. Most, if not all, firewalls have an explicit deny all statement that covers you in the event that you forget something in you access lists. Rick -----Original Message----- From: H C [mailto:keydet89 () yahoo com] Sent: Monday, January 06, 2003 2:27 PM To: security-basics () securityfocus com Subject: re: win2k firewall
anyone can recommend software firewall for win2k
adv.
server ? it is planed to be used as web server
Web servers, even those on Win2K, shouldn't need or have a firewall. This is true for several reasons... 1. What is the purpose of running a web server on a firewall? Does that make sense? No, of course not. 2. If you're concerned about restricting ports, why not simply disable or remove all unnecessary services? You're going to configure the firewall to allow port 80 (and maybe 443) anyway, right? So why not simply save yourself some hard drive space, memory, as well as admin and management headaches by simply turning off everything else? There's no reason you need to have the Server service running, for example, on a web server. In fact, you don't even need NetBIOS/NetBEUI installed. So...if you turn off all the services that you don't need, and you only have ports 80 (and 443, maybe) open, then what would be the point of the firewall? __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
Current thread:
- RE: win2k firewall Piacquadio, Juan (Jan 06)
- <Possible follow-ups>
- re: win2k firewall H C (Jan 06)
- RE: win2k firewall Rick Darsey (Jan 07)
- RE: win2k firewall H C (Jan 07)
- RE: win2k firewall Daniel R. Miessler (Jan 07)
- RE: win2k firewall josh (Jan 08)
- RE: win2k firewall Daniel R. Miessler (Jan 08)
- RE: win2k firewall H C (Jan 08)
- RE: win2k firewall Daniel R. Miessler (Jan 08)
- RE: win2k firewall H C (Jan 08)
- RE: win2k firewall Daniel R. Miessler (Jan 08)
- RE: win2k firewall Jimmy Sansi (Jan 09)
- RE: win2k firewall Rick Darsey (Jan 07)
- RE: win2k firewall Jason Dixon (Jan 11)