1. What do you think about the security on a 2003 server with only packet filtering firewall, like 8signs, installed and coexisting with someting like ProcessGuard. 2. Is there a better security solution for an application server that is also a small network DHCP server?
Hi joter ... and welcome to Wilders That would be a good combination if actual application specific rules are not a concern for you. You will have to assess the security needs for your entire network as well as the server. Any hardware in place? Is that all the server is actually being used for? Regards, CrazyM
CrazyM, Thanks for your reply. Yes. The server running Windows 2003 is just an application (Lotus Domino) server but also would like to be a DHCP server to some workstations, connecting to Internet by a broadband DSL connection. My main need is securing the most the server. There is no hardware firewall.
Hi joter A little more info on the network setup would help. Is this a home or business network? How is the network currently connecting to the Internet? Is this server also your gateway to the Internet? You may need to consider an appropriate hardware solution to protect the network as well. Regards, CrazyM
Hi CrazyM It is a business network and the server, having 2 network interface cards, is also the only gateway to the Internet. Thanks, Joter
8Signs Firewall Server Version would be a viable software solution. However, I think you should also consider a hardware solution for a business network. A business class router/firewall would provide a secure gateway that is independent of any systems on the network. Regards, CrazyM
A lot of you security level depends on the configuration of your server. Windows 2003 Server track record is very good, unless you let it slip. Default settings are quite secure, just remember to not activate any process until you really need it. And, since it is connected to the internet: access control, both logically and physically is very important. And please, never ever log in as administrator and have domino run as a low privilege account.
Thanks a lot for your answers. I think I'll give 8signs firewall a try but I would like also to test Outpost firewall on a testing virtual-server cause it is more familiar to me. I have Outpost installed on my xp workstation and I like it a lot. Any thoughts about the second solution? Thanks joter
I like Outpost, a lot, but I don't know if it's viable as a server firewall. It will protect the server, but you'll have to address all client pc's too, because you do allow incoming traffic. Protecting a system is not the same as protecting a network. I don't know if OP can handle the traffic. You'll have to test that yourself.
Agreed - Outpost can run on a server but extra configuration will be necessary (e.g. you may find features that generate frequent popups like Component Control impractical and remote administration rules will need to be created). Traffic can certainly be an issue but the CPU Utilisation FAQ at the Outpost forum can offer some help there. Also using Outpost with software like VirtualPC can raise another set of problems (try a search at the Outpost forums for more details).
