Security Basics mailing list archives
RE: win2k firewall
From: "Zimin, Alex" <alex () towerrecords com>
Date: Wed, 8 Jan 2003 11:21:43 -0800
In some cases UNIX box or Cisco firewall is not an option. I had deal with the Satellite ISP, where only a Windows box can be connected to the Internet. Kerio makes a firewall product which is free for personal use. http://www.kerio.com/us/kpf_download.html I'm not sure how good it is compare to other windows firewalls, but it's free for personal use. Alex. -----Original Message----- From: Mark S. Searle [mailto:Mark.Searle () lon ipalliance net] Sent: Tuesday, January 07, 2003 9:14 AM To: H C; Rick Darsey; security-basics () securityfocus com Subject: RE: win2k firewall I would purchase an inexpensive firewall, say a PIX 506 or something from eBay and take the need for a software based firewall away from the web server. This would impact performance anyway and slow things down if you have a high hit volume. I would address the server privately and carry out NAT on the PIX to a public global address. In addition I would only open ports 80 (http) and 443 (https) and make sure that there are not static entries in the PIX for the internal network. This will prevent the web server from being used as a hop point into the Internet. The web server should be placed in a DMZ with a lower security rating than the LAN. Hopefully this will maintain good server performance and represent a reasonably cost effective solution.
Current thread:
- RE: win2k firewall, (continued)
- RE: win2k firewall H C (Jan 08)
- RE: win2k firewall Daniel R. Miessler (Jan 08)
- RE: win2k firewall Jimmy Sansi (Jan 09)
- RE: win2k firewall Jason Dixon (Jan 11)
- RE: win2k firewall David Gillett (Jan 13)
- RE: win2k firewall Richard H. Cotterell (Jan 21)