Re: SBS 2003 / Software Firewall?
From: DonDinCT (DonDinCT_at_discussions.microsoft.com)
Date: 10/29/04
- Next message: Bishop: "Re: Looking for SBS migration tool"
- Previous message: Javier Gomez [SBS MVP]: "Re: Question about Windows Small Buisness Server 2003 Licensing"
- In reply to: Frank McCallister SBS MVP: "Re: SBS 2003 / Software Firewall?"
- Next in thread: Frank McCallister SBS MVP: "Re: SBS 2003 / Software Firewall?"
- Reply: Frank McCallister SBS MVP: "Re: SBS 2003 / Software Firewall?"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 29 Oct 2004 11:53:02 -0700
Frank
I have a single NIC install with SBS2003 Standard edition. The firewall
does not get intsalled with a single NIC. When you go through the
internet/email wizard, you get a Microsoft warning that the firewall will not
be installed since there is only one NIC. The warning goes on to say that you
are at risk and need a hardware firewall. I'd have to say that the server is
not protected.
"Frank McCallister SBS MVP" wrote:
> The server is protected in Single NIC installs. It is the Workstations that
> are not. And workstations are where your security problems are.
>
> --
> Frank McCallister SBS MVP
> COMPUMAC
> "DonDinCT" <DonDinCT@discussions.microsoft.com> wrote in message
> news:E5F3A05A-208E-4E6E-A9AF-AFAEBF553253@microsoft.com...
> > Joe
> > Your eloquent answer to "How the heck should any machine be able to use a
> > basic firewall with just one nic", is exactly how I feel about the topic.
> > SBS2003 Standard edition SHOULD be able to run it's own firewall on a
> > single
> > NIC, to protect it from an internal LAN attack. The code is already
> > there...
> > they should turn on the capability.
> >
> > "Joe" wrote:
> >
> >> In message <uKbVkrOvEHA.3272@TK2MSFTNGP12.phx.gbl>, "Marina Roos
> >> [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> writes
> >> >Hi Don,
> >> >
> >> >Don't blame MS for that! ? Get a second nic, and there you have it
> >> >all.
> >> >
> >> It can't possibly function as a bastion firewall, of course, but it
> >> could protect itself to some degree. Any additional security at a
> >> reasonable price (especially free) is worth having. Make the cracker
> >> work harder, and take longer, and you increase the chances that he'll go
> >> away and look for easier prey. You greatly increase the odds against
> >> automated attacks being successful.
> >>
> >> It's not often that DSL router/firewalls get compromised, but some have
> >> been, and others have allowed admin access from outside (!) by default.
> >> The router itself should be seen as a possible, though low-risk, avenue
> >> of attack. The server should not generally offer most services to the
> >> outside world, and therefore doesn't need to expose them to anything but
> >> its own workstations. A 'personal' firewall on the server could block
> >> most access to it from the router, and an invader would then have to
> >> crack one of the workstations to get access to those services.
> >>
> >> Other lines of attack are laptops physically connected, and wireless
> >> encryption cracked. Domain security offers some protection, but
> >> reinforcing it with packet filtering is worth doing if the technology is
> >> there but is just left turned off. Presumably all the IIS servers
> >> cracked in recent years have been domain members.
> >>
> >> Bastion firewalls are essential, but if at all possible they should not
> >> offer a single point of failure of network security. XP workstations now
> >> have their personal firewalls enabled by default, why not the much more
> >> important servers? My client's pop3 download machine currently runs no
> >> other network services, but offers powerful spam/virus/attack
> >> capabilities if cracked, so the only port it opens *even to its own
> >> network* is a secure admin shell. If the bad guys do get in the door, we
> >> need to make them struggle to get any further.
> >> --
> >> Joe
> >>
>
>
>
- Next message: Bishop: "Re: Looking for SBS migration tool"
- Previous message: Javier Gomez [SBS MVP]: "Re: Question about Windows Small Buisness Server 2003 Licensing"
- In reply to: Frank McCallister SBS MVP: "Re: SBS 2003 / Software Firewall?"
- Next in thread: Frank McCallister SBS MVP: "Re: SBS 2003 / Software Firewall?"
- Reply: Frank McCallister SBS MVP: "Re: SBS 2003 / Software Firewall?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
