whats a good firewall for win2k3?

Dark Atheist

OSNN Veteran Addict
Political Access
Joined
8 Apr 2003
Messages
6,376
have been asked this by a friend who has win2k3...seeing as i don't use win2k3 i cant really say
 
thanks :)

edit: seems he forgot to tell me hes using x64 2k3 :/
 
Hardware firewall all the way
 
is he actually using it as a 2k3 server (dns/ad/dhcp/smtp etc) ?
 
yes - web ftp mail, he has an 8 port linksys router in the office
 
if the router is set in nat mode that should cover most of the inbound protection, if any ports are forwarded, try to limit them to specific IP's within the router.
outpost 4.x runs on win2k3 (and have a 64bit version) although i wouldnt recomend it, he would do better to tighten up & configure the server properly, rather than trying to cover up open holes

i run a 2k3 std server but am confident in my config & routers inbound protection.
just make sure he disables any un-needed services/roles and keeps it up to date.

also its worth installing and configuring the Security Configuration Wizard
http://www.windowsecurity.com/articles/Security-Configuration-Wizard-Windows-Server-2003-SP1.html

is he actually using the pc as a workstation aswel? (browsing on it etc)?
 
Last edited:
from what i understand he wants to do is, is what i have done with my BSD box (thanks to lord geffy and X) using PF, but he wants to do this on windows, server will sit there and be used as ftp, web, and storage, all other connections to the router will mainly be internal (some inet use) but they want to lock it down so that only the server can be reached, and only for web/ftp - port 80 and 21 (poss pasv for ftp).

For the ftp he would like to use per ip restriction. - i am looking at ftp serve progs for him - may settle on gene6
 
then he doesnt need a software firewall to lock that down. just configure the server properly
raidenftpd is about the best ftpd i have used. highly configurable, very secure
 
I prefer to block out potential threats at the firewall level rather than at the service level. Relying on the service to block out IP's makes it to easy to leave a hole accessible because of misconfiguration or because of a hole in the service itself. If it is blocked before it even reaches that level, there is no further worries.
 
the router & the xp firewall can do a great job of inbound protection. couple that with a well configured/up to date OS and there is no need for a separate (software) firewall.
the only reason you would really need a 3rd party firewall is for outgoing application control.

3rd party firewalls can cause conflicts with drivers & slow down your network, steer clear on a 2k3 machine.

windows firewall can limit apps/ports to ip's/range's or even just limit to local subnet only , but the best place for that is within the router.
dont just forward ports, forward ports and lock down the ip's within the router.

windows firewall gets a LOT of flak, usually because people let their pc's get infected with spyware/virus's and the firewall getse asily bypass'd/disabled.
however on an up to date/configured server, spyware/virus's wont be an issue (unless a user logs in and browses on the server) so it would be pretty hard to get disabled.
 
I've been running Untangle for a bit now. It wouldn't run as a Windows app. Ideally you'd run it on a separate PC. You can run it as a virtual machine with VMware server (completely free solution). The VM method will require system resources. Untangle offers a good deal of security. Firewall functions, anti-virus, anti-spam, anti-phishing, etc. It's a pretty nice little package. Check it out.
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back