Re: SBS 2003 / Software Firewall?
From: Frank McCallister SBS MVP (anonymous)
Date: 10/29/04
- Next message: Dano: "Re: Cannot Access RWW or OWA from the Internet"
- Previous message: DonDinCT: "Re: SBS 2003 / Software Firewall?"
- In reply to: DonDinCT: "Re: SBS 2003 / Software Firewall?"
- Next in thread: DonDinCT: "Re: SBS 2003 / Software Firewall?"
- Reply: DonDinCT: "Re: SBS 2003 / Software Firewall?"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 29 Oct 2004 13:04:44 -0500
The server is protected in Single NIC installs. It is the Workstations that
are not. And workstations are where your security problems are.
-- Frank McCallister SBS MVP COMPUMAC "DonDinCT" <DonDinCT@discussions.microsoft.com> wrote in message news:E5F3A05A-208E-4E6E-A9AF-AFAEBF553253@microsoft.com... > Joe > Your eloquent answer to "How the heck should any machine be able to use a > basic firewall with just one nic", is exactly how I feel about the topic. > SBS2003 Standard edition SHOULD be able to run it's own firewall on a > single > NIC, to protect it from an internal LAN attack. The code is already > there... > they should turn on the capability. > > "Joe" wrote: > >> In message <uKbVkrOvEHA.3272@TK2MSFTNGP12.phx.gbl>, "Marina Roos >> [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> writes >> >Hi Don, >> > >> >Don't blame MS for that! ? Get a second nic, and there you have it >> >all. >> > >> It can't possibly function as a bastion firewall, of course, but it >> could protect itself to some degree. Any additional security at a >> reasonable price (especially free) is worth having. Make the cracker >> work harder, and take longer, and you increase the chances that he'll go >> away and look for easier prey. You greatly increase the odds against >> automated attacks being successful. >> >> It's not often that DSL router/firewalls get compromised, but some have >> been, and others have allowed admin access from outside (!) by default. >> The router itself should be seen as a possible, though low-risk, avenue >> of attack. The server should not generally offer most services to the >> outside world, and therefore doesn't need to expose them to anything but >> its own workstations. A 'personal' firewall on the server could block >> most access to it from the router, and an invader would then have to >> crack one of the workstations to get access to those services. >> >> Other lines of attack are laptops physically connected, and wireless >> encryption cracked. Domain security offers some protection, but >> reinforcing it with packet filtering is worth doing if the technology is >> there but is just left turned off. Presumably all the IIS servers >> cracked in recent years have been domain members. >> >> Bastion firewalls are essential, but if at all possible they should not >> offer a single point of failure of network security. XP workstations now >> have their personal firewalls enabled by default, why not the much more >> important servers? My client's pop3 download machine currently runs no >> other network services, but offers powerful spam/virus/attack >> capabilities if cracked, so the only port it opens *even to its own >> network* is a secure admin shell. If the bad guys do get in the door, we >> need to make them struggle to get any further. >> -- >> Joe >>
- Next message: Dano: "Re: Cannot Access RWW or OWA from the Internet"
- Previous message: DonDinCT: "Re: SBS 2003 / Software Firewall?"
- In reply to: DonDinCT: "Re: SBS 2003 / Software Firewall?"
- Next in thread: DonDinCT: "Re: SBS 2003 / Software Firewall?"
- Reply: DonDinCT: "Re: SBS 2003 / Software Firewall?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
