Educause Security Discussion mailing list archives
Re: Windows server host based firewalls?
From: Cal Frye <cjf () CALFRYE COM>
Date: Fri, 21 Mar 2008 18:01:55 -0400
Aaron Cayard-Roberts wrote:
Hello all, We're primarily a *nix shop but we've been getting more and more windows 2003 servers as time goes on. I've taken over supporting these and many of them aren't in a true DMZ. Currently we don't have a standard method for firewalling them which I'd like to change. I'm wondering what others are using for host level firewalls. Do you use the built in windows firewall or a 3rd party product? Any recommendations or what to stay away from?
Hi, Aaron, Here we rely on the Windows firewall (I think most host-based firewalls are intended for the desktop and too chatty for unattended server consoles, but I'm open to suggestions). More important, we have "ringed around" our core router with firewalls, isolating most major network segments, including central servers, from the rest and implementing firewall rules as appropriate. Not a traditional DMZ, but layers of trust and access. If you use some form of NAC, you could there implement role-based access controls, as well. Hope this helps. BTW, I expect to learn a bit more about your network soon, as my daughter will likely be enrolling this fall... ;-) -- Regards, -- Cal Frye, Network Administrator, Oberlin College www.calfrye.com, www.pitalabs.com "A quart of ale is a dish for a king." --- William Shakespeare, A Winter's Tale.
Current thread:
- Windows server host based firewalls? Aaron Cayard-Roberts (Mar 21)
- <Possible follow-ups>
- Re: Windows server host based firewalls? Cal Frye (Mar 21)