Security Basics mailing list archives
RE: win2k firewall
From: "Mahoney, Paul" <paul () fiberstarr com>
Date: Sat, 11 Jan 2003 12:50:37 -0800
Quite simply, can you afford the licence for Borderware for this? Netscreen have some smaller products that are not much more expensive than a small router. Paul Mahoney FiberStarr Systems www.fiberstarr.com -----Original Message----- From: H.Hamza [mailto:consult () ftem com] Sent: Friday, January 10, 2003 7:21 PM To: 'Mahoney, Paul' Subject: RE: win2k firewall What you said is fine. But I would ask you to reconsider your recommendations about Netscreen only. Look for borderware firewall, more secure that Netscreen and amazing features as well, borderware technologies even make mail firewalls. More details www.borderware.com . Kind Regards, Habib -----Original Message----- From: Mahoney, Paul [mailto:paul () fiberstarr com] Sent: Thursday, January 09, 2003 11:13 AM To: security-basics () securityfocus com Subject: FW: win2k firewall Ok guys, I have to add my pennyworths here. I have for many years run web servers live on the Internet in environments with and without any type of firewall. I would not recommend this way to an individual, but the benefits seen through increased performance, lack of admin, reduced costing etc are easily identifiable. Additionally I have had experience with using BlackIce on W2k Web servers; I have not found this software reliable enough to be used in production environments, although it is a great product for workstations or on an 'as needed' basis for servers. Good design and thought to security policies is fundamental to the security of data. We should start not with the device, but the 'wire security' to it. Firstly I would recommend allowing, in a simple access list on a Cisco router to allow only port 80 and 443 inbound. Secondly it is imperative to harden that server in any way possible, without the addition of 3rd party software (Microsoft's website is a great starting point for this). Only once that is complete you should be asking yourself about Firewalls and IDS systems. With processing power and memory available, people are less concerned with shoehorning as many resources as possible from these machines; therefore it IS common place to see the likes of BlackIce etc on production servers. People have recommended the Cisco PIX firewall, a great device, a great price. However I feel that as this post is based upon WIN2K firewalls, I believe we need to look at something more like a GUI configuration. My advice would be to look at the Netscreen range of products, competitively priced, easy to configure and yes a top performer. Regards, Paul Mahoney FiberStarr Systems www.fiberstarr.com
Current thread:
- re: win2k firewall, (continued)
- re: win2k firewall Theo Spears (Jan 08)
- RE: win2k firewall Mark S. Searle (Jan 06)
- RE: win2k firewall Paul Carroll (Jan 07)
- RE: win2k firewall H C (Jan 07)
- RE: win2k firewall Mark S. Searle (Jan 08)
- RE: win2k firewall Zimin, Alex (Jan 09)
- RE: win2k firewall Richard H. Cotterell (Jan 21)
- FW: win2k firewall Mahoney, Paul (Jan 09)
- RE: win2k firewall Zimin, Alex (Jan 11)
- Re: win2k firewall alexanderdelarge (Jan 11)
- RE: win2k firewall Mahoney, Paul (Jan 15)
- win2k firewall Eric Griffin (Jan 21)