Re: Win 2003 integrated firewall enough?

From: Herb Martin (news_at_LearnQuick.com)
Date: 12/30/04


Date: Thu, 30 Dec 2004 12:48:41 -0600


"Jéjé" <willgart@BBBhotmailAAA.com> wrote in message
news:efiB96p7EHA.2124@TK2MSFTNGP14.phx.gbl...
> Hi,
>
> I want to kown if the Win 2003 server integrated firewall is enough to
> protected a standalone web server.

No, nothing is "enough". Firewalls never provide
(permanent) protection -- the slow down and limit
attacks to certain ports, addresses or other specifics.

The above may (at first) seem pedantic but it is a key
psychological approach to understanding firewalls
and securing systems.

Firewalls by design, focus and control, i.e., slow down,
attacks they do not prevent them.

How safe do you wish to be?

The built in firewall offers virtually no extra security
over just not running unnecessary services or using the
already built-in (to Win2000) IPSec filters.

> This server will be configured to authorize Remote desktop access (for
> remote administration) + VPN access to access other resources on the
> computer.

The firewall can help or you could just BLOCK
all connections on other ports with IPSec filters.

Then you might want to consider filtering the source
or even content of messages on the OPEN ports, i.e.,
VPN and HTTP.

> For the moment this server is behind my ISA Server and I use some web and
> server publishing rules to allow external users to access it.

Now we are talking defense in depth.

You real danger now is those messages you CHOOSE to
let into your network and server....

IISLockdown tool can help.

Other content filters (on the ISA or the server) might also
be worthwhile.

Remember your virus and other protections.

-- 
Herb Martin
>
> thanks for your feed back.
>
> Jerome.
>
>


Relevant Pages

  • Re: CEICW fails at firewall config
    ... Do you or do you not have ISA 2000 or ISA 2004 installed on the SBS server? ... Do you have 2 NICs in the SBS? ... CEICW fails on firewall configuration every time. ... >>> Call to Creating the protected networks access rule returned ok. ...
    (microsoft.public.windows.server.sbs)
  • Re: Recycler security issues on IIS server
    ... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ...
    (microsoft.public.inetserver.iis.security)
  • SMTP and OWA communications failures after installing Windows 2003
    ... There is nothing in the server logs to indicate that a problem had occurred. ... The SP1 firewall looks to be ... The firewall settings were checked and looked OK but we disabled firewall ... Firewall log at times when attempts were made to access OWA - but protection ...
    (microsoft.public.exchange.connectivity)
  • Re: ISA SERVER NOT STARTING
    ... I delete the nat/basic firewall and stop and started the RRAS an tried to ... There were no critical events in the DNS Server Log in the last 24 hours. ... An error occurred during logon ... Caller User Name: - ...
    (microsoft.public.windows.server.sbs)
  • Re: For Microsoft Partners and Customers Who Cant Download or Access
    ... to reconfigure the firewall, but to use a static IP on your client ... and to make sure that the DNS server entries on the client are ... Microsoft for msdn2.microsoft.com. ... use a static IP and set the DNS server addresses to the DNS ...
    (microsoft.public.dotnet.general)