Windows Server 2003 Firewall

Hi guys/girls,

Wonder if somebody could give me some advice please.

I have a XEN VPS running Windows Server 2003, I would like a 'decent' firewall on there just to help with security, there is a built in windows firewall, but I'm not too happy with that, I don't really trust it. There is not many options in the GUI to change also doesn't let you know about attacks.

I've tried numerous different firewalls on there some of which include Comdo, Zone Alarm, Avira, Eset, Sunbelt, Outpost, Bullguard, F-Secure...I've tried quite a few lol and all of them make the server reboot and give me the blue screen of death. The only firewalls I've found to work so far are Sygate and BlackICE, both of which are discontinued.

With BlackICE it detected the attacks quite well, I tried a few different security tests, Shields up and NMAP. BlackICE detected the attacks, but did not block them automatically, which is really no good for me as I cannot be looking at Remote Desktop all the time to see the log on the attacks. So I had to scrap that and I came across Sygate which worked perfect and detects and blocks attacks. Only thing thats putting me off with that one is its out of date/discontinued.

I just wondered if anyone had any ideas/solutions to my problems? Maybe a solution to the two firewalls I have already tried? or another firewall I could try? Literally any advice anyone has to offer I would like to hear it please.

Kind Regards
Chris

 

Look 'n' Stop is Windows Server 2003 compatible.

 

Thanks for the reply, but I have also already tried this I'm not sure why I cannot get a firewall to work. It just Blue Screens on me.

All ideas welcome.

Regards
Chris

 

InJoy Firewall: http://www.fx.dk/firewall/
8Signs Firewall: http://www.consealfirewall.com/

 

For Windows Server.....I'll only support them if behind...
*A NAT router
or
*ISA

 

... or Kerio Winroute Firewall

regards
joter

 

Make sure you have a complete removal of the old firewalls. Sometimes LnS leaves behind a driver that will show up on the properties sheet for your NIC. Same goes for PCTools, and the rest are not immune by any means. If that driver is still there nothing will work right.

By the way, there is nothing wrong with the windows firewall. You do have a router, don't you?

 

Use a small pc with IPCop as a gateway or consider something like http://www.yoggie.com/comparison.shtml .


Panagiotis

 

Hello guys, thanks alot for the replies. Below are my replies.

Not a clue, Its a server hosted by a company. Ill get in touch and find out.

It is a server, that I have remote desktop access to. All ports are usable, I have to use a software firewall on the machine to limit access to ports. When I installed my first firewall, there was only the default windows firewall on there. This is the first firewall my server blue screened on. I thought it was just the program so I changed to another firewall and that did the same, and agen and agen lol. Could this be conflicting at all? I've never had this problem to be honest, always just disabled windows firewall and installed another fine. So I'm lost on a solution. Hence why I have came to you guys for help

P.S I always make sure the old firewall is uninstalled 'before' I install another.

Not possible as its a remote server and I have seen these 'yoggie' products adverting on the T.V. They look pretty cool.

Thanks alot! Appreciated
Regards Chris

P.S Today I am also going to try the firewalls people have said above

 

Ahh...hosted at a data center....skip ISA suggestion then. Is its NIC on a fully public IP address? Usually a data center can put your hosted boxes behind ACLs...even behind NAT..with only the ports you need available opened/forwarded to it.

Have you stripped down your services on the server? Unbound server and workstation services, remote registry access, netbios, shut down un-necessary services? There's a TON of things you can do to strip down a server so it's must more secure when it's sitting on a public IP address. Else..with default settings...just sitting there online for a few minutes she's compromised and I'd want to format and reinstall.

 

All ports are available to use on my server, I have to use a firewall to limit access to only the ports I wish people to have access to. At the minute I'm using windows firewall and also Sygate. I only have necessary things running on there, only things that I NEED are running.

Remote registry and netbios are off. All I need is a decent reliable firewall...that actually installs and runs.

Regards
Chris

 

Also if anyone would like to see the BlueScreen error I get after I have installed a firewall then please look at link below.

http://cjcentral.co.uk/vps_error.jpg

Cheers!

 

Sandbox.sys?

 

sandbox.sys is the sandbox driver of outpost.

If I where you I would reinstall the OS (since you tried many firewalls probably there are too many leftovers to manually cleaning) and then install comodo 3 with the option "firewall only". At least you will be sure that no hips is installed and avoid further BSODs.

Panagiotis

 

Have you contacted your host to see if he can drop some ACLs on the box for you? Basically NAT it using their managed switches.

 

Thanks, and yes, your correct with Comodo. It was the first firewall I tried and then once I had the blue screen from it, I uninstalled and tried with another.
Today I am doing a complete reinstall of the server. So hopefully that might sort any problems out.

But doesn't this mean I have to contact them every time I want to update the ACL with new ports? I'm not all clued up on ACL's, so I might even have the concept of them incorrect. From what I understand, an ACL is a list of rules, to accept or deny? if something connects and its not in the ACL accept list. It denys it? Please correct me if I'm wrong, as I'm not 100% on correct meaning.

Regards
Chris

 

You're on the right track. Some data centers will hang their clients hosted servers on full IP addresses...with nothing blocked. Can be scarey if your box is battened down tightly by yourself. Others will at least block the highly exploited ports and vulnerabilities....so for example..a Windows server you have hanging on a public IP address...will be somewhat protected by some very basics.

Other hosts...are willing to put your server behind NAT if you wish. They usually have high end switches in the data center..able to do routing duties per port. They can plug your server into it..and IP map your public IP address..to a private IP address on your server...NAT it..and open/forward only the ports you wish to be publically available. This is your optimal choice. You'll never know this unless you do your homework and ask them. If they don't....you should at least have the option of placing your own hardware firewall in between your server and the hosts managed switch. And be in charge of your own NAT and protection.

For a server in a data center....I'd certainly want a hardware firewall of some sort..instead of a software firewall. Software firewalls generally don't perform well under heavy usage. And they can be exploited, the service can fail, etc. Plus..less running on your server...is better for performance and reliability. In no way would I want to be trying to shoehorn some home grade software firewall on a production server running at a data center.