| Author |
Message |
Jéjé
Guest
|
 Posted:
Fri Dec 31, 2004 12:38 am Post subject:
Win 2003 integrated firewall enough? |
|
|
Hi,
I want to kown if the Win 2003 server integrated firewall is enough to
protected a standalone web server.
This server will be configured to authorize Remote desktop access (for
remote administration) + VPN access to access other resources on the
computer.
For the moment this server is behind my ISA Server and I use some web and
server publishing rules to allow external users to access it.
thanks for your feed back.
Jerome. |
|
| Back to top |
|
 |
Herb Martin
Guest
|
| Posted:
Fri Dec 31, 2004 12:48 am Post subject:
Re: Win 2003 integrated firewall enough? |
|
|
"Jéjé" <willgart@BBBhotmailAAA.com> wrote in message
news:efiB96p7EHA.2124@TK2MSFTNGP14.phx.gbl...
| Quote: | Hi,
I want to kown if the Win 2003 server integrated firewall is enough to
protected a standalone web server.
|
No, nothing is "enough". Firewalls never provide
(permanent) protection -- the slow down and limit
attacks to certain ports, addresses or other specifics.
The above may (at first) seem pedantic but it is a key
psychological approach to understanding firewalls
and securing systems.
Firewalls by design, focus and control, i.e., slow down,
attacks they do not prevent them.
How safe do you wish to be?
The built in firewall offers virtually no extra security
over just not running unnecessary services or using the
already built-in (to Win2000) IPSec filters.
| Quote: | This server will be configured to authorize Remote desktop access (for
remote administration) + VPN access to access other resources on the
computer.
|
The firewall can help or you could just BLOCK
all connections on other ports with IPSec filters.
Then you might want to consider filtering the source
or even content of messages on the OPEN ports, i.e.,
VPN and HTTP.
| Quote: | For the moment this server is behind my ISA Server and I use some web and
server publishing rules to allow external users to access it.
|
Now we are talking defense in depth.
You real danger now is those messages you CHOOSE to
let into your network and server....
IISLockdown tool can help.
Other content filters (on the ISA or the server) might also
be worthwhile.
Remember your virus and other protections.
--
Herb Martin
| Quote: |
thanks for your feed back.
Jerome.
|
|
|
| Back to top |
|
|
Jéjé
Guest
|
| Posted:
Fri Dec 31, 2004 1:26 am Post subject:
Re: Win 2003 integrated firewall enough? |
|
|
so you recommend to keep the server behind my isa server.
Ok, I'll do this.
"Herb Martin" <news@LearnQuick.com> wrote in message
news:O%23QBfEq7EHA.4028@TK2MSFTNGP15.phx.gbl...
| Quote: | "Jéjé" <willgart@BBBhotmailAAA.com> wrote in message
news:efiB96p7EHA.2124@TK2MSFTNGP14.phx.gbl...
Hi,
I want to kown if the Win 2003 server integrated firewall is enough to
protected a standalone web server.
No, nothing is "enough". Firewalls never provide
(permanent) protection -- the slow down and limit
attacks to certain ports, addresses or other specifics.
The above may (at first) seem pedantic but it is a key
psychological approach to understanding firewalls
and securing systems.
Firewalls by design, focus and control, i.e., slow down,
attacks they do not prevent them.
How safe do you wish to be?
The built in firewall offers virtually no extra security
over just not running unnecessary services or using the
already built-in (to Win2000) IPSec filters.
This server will be configured to authorize Remote desktop access (for
remote administration) + VPN access to access other resources on the
computer.
The firewall can help or you could just BLOCK
all connections on other ports with IPSec filters.
Then you might want to consider filtering the source
or even content of messages on the OPEN ports, i.e.,
VPN and HTTP.
For the moment this server is behind my ISA Server and I use some web and
server publishing rules to allow external users to access it.
Now we are talking defense in depth.
You real danger now is those messages you CHOOSE to
let into your network and server....
IISLockdown tool can help.
Other content filters (on the ISA or the server) might also
be worthwhile.
Remember your virus and other protections.
--
Herb Martin
thanks for your feed back.
Jerome.
|
|
|
| Back to top |
|
|
Herb Martin
Guest
|
| Posted:
Fri Dec 31, 2004 2:49 am Post subject:
Re: Win 2003 integrated firewall enough? |
|
|
"Jéjé" <willgart@BBBhotmailAAA.com> wrote in message
news:eBFZ9Vq7EHA.3696@TK2MSFTNGP10.phx.gbl...
| Quote: | so you recommend to keep the server behind my isa server.
Ok, I'll do this.
|
Yes.
That is one of the DESIGNED features of ISA.
i.e., Server Proxying and such.
--
Herb Martin
| Quote: | "Herb Martin" <news@LearnQuick.com> wrote in message
news:O%23QBfEq7EHA.4028@TK2MSFTNGP15.phx.gbl...
"Jéjé" <willgart@BBBhotmailAAA.com> wrote in message
news:efiB96p7EHA.2124@TK2MSFTNGP14.phx.gbl...
Hi,
I want to kown if the Win 2003 server integrated firewall is enough to
protected a standalone web server.
No, nothing is "enough". Firewalls never provide
(permanent) protection -- the slow down and limit
attacks to certain ports, addresses or other specifics.
The above may (at first) seem pedantic but it is a key
psychological approach to understanding firewalls
and securing systems.
Firewalls by design, focus and control, i.e., slow down,
attacks they do not prevent them.
How safe do you wish to be?
The built in firewall offers virtually no extra security
over just not running unnecessary services or using the
already built-in (to Win2000) IPSec filters.
This server will be configured to authorize Remote desktop access (for
remote administration) + VPN access to access other resources on the
computer.
The firewall can help or you could just BLOCK
all connections on other ports with IPSec filters.
Then you might want to consider filtering the source
or even content of messages on the OPEN ports, i.e.,
VPN and HTTP.
For the moment this server is behind my ISA Server and I use some web
and
server publishing rules to allow external users to access it.
Now we are talking defense in depth.
You real danger now is those messages you CHOOSE to
let into your network and server....
IISLockdown tool can help.
Other content filters (on the ISA or the server) might also
be worthwhile.
Remember your virus and other protections.
--
Herb Martin
thanks for your feed back.
Jerome.
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in