Hi, I'm installing an IIS webserver on server 2003. (standalone server is placed in datacentre, remote access is therfore needed) what is a good firewall to use? I tried Sygate firewall pro but the interface isnt working with remote desktop any suggestions? Thanks otto
Hello, Didn't know if I should revive this post or start a new one, since I'm in the same boat as ojl66, it would be nice if we both got to see the suggestions. Appologies if this should have been a new thread. I'm kind of interested in this answer as well. What would you recommend a good firewall for Windows Server 2003, can't really afford the bigger firewalls (probably could not even configure it correctly) but I don't mind spending a few dollars for a firewall that works well with Windows Server 2003. I tried some of the personal firewalls that are available, but they just seem not to work as well as on the Windows XP machines. I have a small web server and a small mail server on this machine that I would like protected but it doesn't get many visitors in a day, so I don't really feel the need for a firewall that is on the heavy traffic servers. Right now I have the firewall that came with Server 2003 sp1, don't know if that is enough, what do you think? I would like some application control if that is possible but I guess the server is not really used as a work station, so nothing really gets downloaded on it unless I download it on the XP machines and scan them there. My setup is as follows: Windows Server 2003 Standard sp1, Nod32 Administrator version, Router LinkSYS, Server 2003 sp1 firewall activated with the following services activated; web, ftp, mail. Thanks for any and all replies.
some firewalls that work on windows 2003 include: filseclab personal firewall injoy firewall NeT Firewall (not 100% sure) 8signs firewall (server version) tiny server firewall
If you are not subject to heavy traffic, are you seeing anything suspicious or of concern at all in the logs? That should afford you good basic protection. It is just as important to make sure your web, ftp and mail servers are up to date with patches and configured securely. You are permitting traffic to them anyways, so they are what may be subject to exploit attempts. Regards, CrazyM
Thanks for the info, I'm now trying a few that WSFuser suggested in vmware to see how it goes. I kind of like and feel comfortable with Net Firewall, anyone know if this firewall is any good? Haven't heard anything on it. CrazyM, I'm not seeing anything in the logs that is causing me any concern, at the moment, just want to prevent and protect it as best as possible. The software is always current with all the latest patches and updates. Thanks
If you're going to be in a data center, with a public IP, I'd want to be behind a hardware firewall. A decent SOHO or higher grade NAT router, that can handle lots of concurrent connections...a home grade router won't do well under those loads, not designed for it.
If you large enough to have a "data center" already shouldn't you likewise have a good hardened FW as well? Even a very basic 1U Cisco 501 should cost less than $500.00 and isn't THAT difficult to install by any means. Other lower end/smaller featured firewalls that are very easy to install: SonicWall http://www.cdw.com/shop/products/default.aspx?ProductID=534677 WatchGuard: http://www.cdw.com/shop/products/default.aspx?ProductID=404686 Both very reasonable. The other thing to look at would be your router settings. Many routers have some kind of basic firewalling and or Ingress/Egress filtering for common attacks like port 137, 138, 139 and 445. Eliminating those while leaving 3389 (remote access protocol) from specific (static address(es)) will go along way to protecting IIS. Just be sure to set the ACLs to include both source and destination of the above ports. That will generally drop about 80% of your junk traffic alone depending on the name of the website. Websites with names like: Allmywildestdreamscometrue.com are more likely to be attacked than say: Steveshorseshoecollection.com You get the idea, or at least I hope you do - lol. Enjoy! - beads
Hello all and thanks for the tips but where is everyone getting that I have a "data center". I have a simple home server with a simple mail and ftp server that I would like to protect. Trialing the Net Firewall right now and seems to be a good packet filter firewall.
it was the original poster who had mentioned a datacenter. btw im glad net firewall is working for u.
ooops, my bad Thanks for pointing that out WSFuser. For now Net Firewall is really what I was looking for, might just install it on the main server instead of leaving it on the virtual server.