Windows Server 2003 Firewall

Discussion in 'other firewalls' started by cartwright118, Jul 13, 2008.

Thread Status:
Not open for further replies.
  1. cartwright118

    cartwright118 Registered Member

    Joined:
    Jul 13, 2008
    Posts:
    6
    Hi guys/girls,

    Wonder if somebody could give me some advice please.

    I have a XEN VPS running Windows Server 2003, I would like a 'decent' firewall on there just to help with security, there is a built in windows firewall, but I'm not too happy with that, I don't really trust it. There is not many options in the GUI to change also doesn't let you know about attacks.

    I've tried numerous different firewalls on there some of which include Comdo, Zone Alarm, Avira, Eset, Sunbelt, Outpost, Bullguard, F-Secure...I've tried quite a few lol and all of them make the server reboot and give me the blue screen of death. The only firewalls I've found to work so far are Sygate and BlackICE, both of which are discontinued.

    With BlackICE it detected the attacks quite well, I tried a few different security tests, Shields up and NMAP. BlackICE detected the attacks, but did not block them automatically, which is really no good for me as I cannot be looking at Remote Desktop all the time to see the log on the attacks. So I had to scrap that and I came across Sygate which worked perfect and detects and blocks attacks. Only thing thats putting me off with that one is its out of date/discontinued.

    I just wondered if anyone had any ideas/solutions to my problems? Maybe a solution to the two firewalls I have already tried? or another firewall I could try? Literally any advice anyone has to offer I would like to hear it please.

    Kind Regards
    Chris
     
  2. Pseudo

    Pseudo Registered Member

    Joined:
    May 4, 2008
    Posts:
    193
    Look 'n' Stop is Windows Server 2003 compatible.
     
  3. cartwright118

    cartwright118 Registered Member

    Joined:
    Jul 13, 2008
    Posts:
    6
    Thanks for the reply, but I have also already tried this :mad: I'm not sure why I cannot get a firewall to work. It just Blue Screens on me.

    All ideas welcome.

    Regards
    Chris
     
  4. Pseudo

    Pseudo Registered Member

    Joined:
    May 4, 2008
    Posts:
    193
  5. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    For Windows Server.....I'll only support them if behind...
    *A NAT router
    or
    *ISA
     
  6. joter

    joter Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    163
    Location:
    Greece
    ... or Kerio Winroute Firewall ;)

    regards
    joter
     
  7. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Make sure you have a complete removal of the old firewalls. Sometimes LnS leaves behind a driver that will show up on the properties sheet for your NIC. Same goes for PCTools, and the rest are not immune by any means. If that driver is still there nothing will work right.

    By the way, there is nothing wrong with the windows firewall. You do have a router, don't you?
     
  8. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,566
  9. cartwright118

    cartwright118 Registered Member

    Joined:
    Jul 13, 2008
    Posts:
    6
    Hello guys, thanks alot for the replies. Below are my replies.

    Not a clue, Its a server hosted by a company. Ill get in touch and find out.


    It is a server, that I have remote desktop access to. All ports are usable, I have to use a software firewall on the machine to limit access to ports. When I installed my first firewall, there was only the default windows firewall on there. This is the first firewall my server blue screened on. I thought it was just the program so I changed to another firewall and that did the same, and agen and agen lol. Could this be conflicting at all? I've never had this problem to be honest, always just disabled windows firewall and installed another fine. So I'm lost on a solution. Hence why I have came to you guys for help :)

    P.S I always make sure the old firewall is uninstalled 'before' I install another.

    Not possible as its a remote server and I have seen these 'yoggie' products adverting on the T.V. They look pretty cool.

    Thanks alot! Appreciated
    Regards Chris

    P.S Today I am also going to try the firewalls people have said above :)
     
    Last edited: Jul 15, 2008
  10. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Ahh...hosted at a data center....skip ISA suggestion then. Is its NIC on a fully public IP address? Usually a data center can put your hosted boxes behind ACLs...even behind NAT..with only the ports you need available opened/forwarded to it.

    Have you stripped down your services on the server? Unbound server and workstation services, remote registry access, netbios, shut down un-necessary services? There's a TON of things you can do to strip down a server so it's must more secure when it's sitting on a public IP address. Else..with default settings...just sitting there online for a few minutes she's compromised and I'd want to format and reinstall.
     
  11. cartwright118

    cartwright118 Registered Member

    Joined:
    Jul 13, 2008
    Posts:
    6
    All ports are available to use on my server, I have to use a firewall to limit access to only the ports I wish people to have access to. At the minute I'm using windows firewall and also Sygate. I only have necessary things running on there, only things that I NEED are running.

    Remote registry and netbios are off. All I need is a decent reliable firewall...that actually installs and runs.

    Regards
    Chris
     
  12. cartwright118

    cartwright118 Registered Member

    Joined:
    Jul 13, 2008
    Posts:
    6
  13. Pseudo

    Pseudo Registered Member

    Joined:
    May 4, 2008
    Posts:
    193
    Sandbox.sys?
     
  14. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,566
    sandbox.sys is the sandbox driver of outpost.

    If I where you I would reinstall the OS (since you tried many firewalls probably there are too many leftovers to manually cleaning) and then install comodo 3 with the option "firewall only". At least you will be sure that no hips is installed and avoid further BSODs.

    Panagiotis
     
  15. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Have you contacted your host to see if he can drop some ACLs on the box for you? Basically NAT it using their managed switches.
     
  16. cartwright118

    cartwright118 Registered Member

    Joined:
    Jul 13, 2008
    Posts:
    6
    Thanks, and yes, your correct with Comodo. It was the first firewall I tried and then once I had the blue screen from it, I uninstalled and tried with another.
    Today I am doing a complete reinstall of the server. So hopefully that might sort any problems out.

    But doesn't this mean I have to contact them every time I want to update the ACL with new ports? I'm not all clued up on ACL's, so I might even have the concept of them incorrect. From what I understand, an ACL is a list of rules, to accept or deny? if something connects and its not in the ACL accept list. It denys it? Please correct me if I'm wrong, as I'm not 100% on correct meaning.

    Regards
    Chris
     
  17. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England

    You're on the right track. Some data centers will hang their clients hosted servers on full IP addresses...with nothing blocked. Can be scarey if your box is battened down tightly by yourself. Others will at least block the highly exploited ports and vulnerabilities....so for example..a Windows server you have hanging on a public IP address...will be somewhat protected by some very basics.

    Other hosts...are willing to put your server behind NAT if you wish. They usually have high end switches in the data center..able to do routing duties per port. They can plug your server into it..and IP map your public IP address..to a private IP address on your server...NAT it..and open/forward only the ports you wish to be publically available. This is your optimal choice. You'll never know this unless you do your homework and ask them. If they don't....you should at least have the option of placing your own hardware firewall in between your server and the hosts managed switch. And be in charge of your own NAT and protection.

    For a server in a data center....I'd certainly want a hardware firewall of some sort..instead of a software firewall. Software firewalls generally don't perform well under heavy usage. And they can be exploited, the service can fail, etc. Plus..less running on your server...is better for performance and reliability. In no way would I want to be trying to shoehorn some home grade software firewall on a production server running at a data center.
     
Loading...
Thread Status:
Not open for further replies.