Re: What to use for a Firewall device?

BTW ...look around... how do we get nailed in SBSland?

SBS 2000 they came through the open port 80 with Code red nimda..now how would a firewall help unless that was specifically set to look for those tracks? Back in those days even servers with external firewalls with oepn port 80's were getting nailed.

SBS 2003? sucky password on the Administrator account getting auth attack on port 25.

Now if you can state that your firewalls protect the admin account from being brute force attacked..then you have a winner and my utmost respect.

Heck I even have a RRAS firewall at home and don't get nailed.

I'll show you a bunch of SBSers with ISA on the box and when something bad has occurred it's because we get stupid...we don't get hacked. We get stupid because we don't patch.

Having a box on the outside doesn't help that problem.

[and keep in mind that many times the conversations and arguments are for the benefit of the community..please don't take it personally and nor do I... but I'd like to get people away from the "Oh I have a Cisco ...it's secure" and realize ...how long has it been since you've check it too... is it set up properly?... I've seen folks with the entire SBS box sitting in the DMZ which kinda defeats the purpose ya know :-)

Leythos wrote:
In article <eW1F8ucgFHA.2472@xxxxxxxxxxxxxxxxxxxx>, sbradcpa@xxxxxxxxxxx says...

Watchguard is software too you know. Which also needs patching...


I'm not some kid fresh out of MCSE school, it's not anywhere near the same thing as ISA running on a Windows server. Please don't play that game with me.

The appliances are dedicated machines, stripped of all other functions, hardened to perform that single function, with few (if any) exploits. Most of the "firmware" updates over the last 3 years have been enhancements and not security patches.


ISA rides so low in the tcp/ip stack to be able to protect the server just fine.

[as per Protecting your Windows network .. Steve Riley, Dr. Jesper Johansson on sale now...]

Secunia - Vulnerability Report - WatchGuard Firebox III series:
http://secunia.com/product/1286/


Vendor Statement
All WatchGuard firewalls are impacted to some extent by Gont's findings. TCP sessions which terminate on or pass through the firewall are vulnerable to reset attacks when the attacker can guess the source and destination address and port combinations for that session. WatchGuard plans to address the issues raised by Gont's paper for all products in software releases currently scheduled for the Q2-Q3 2005 time frame. If you have further questions about this or any other security concern with WatchGuard products, please contact:

So, you found 2 advisories, 1 patched, one unpatched - but it requires a lot of work in many cases to exploit. A total of 5 are listed on their site since their tracking started.

Now, for ISA, we find 7 advisories that they list for ISA2000 and several others when you take into account third-party add-ons.

http://secunia.com/search/?search=ISA+server&w=1

Now, tell me where you're going to place your money.

The Firebox X series and version 8 firmware are not listed anywhere on the site.

This is not a b1tch session, it's about real security and how people look at it and now they protect their networks, and ISA is not a option at this time.

Can you honestly say that you've never had a customer/home compromised while using your security methods? I can, and I've been working it the computer field since the late 70's.

How about you also consider the MTBF on the appliance vs server, then administrative costs, cost of purchase and maintenance....


.

Relevant Pages

  • Re: firewall question
    ... > I posted this to the security basics list but nobody answered the ... > answer since they are the ones who have to get around firewalls. ... > connection to me via netcat with a destination port of 80, ... > SecurityFocus' SIA service which automatically alerts you to the ...
    (Pen-Test)
  • Re: Getting Data from behind a firewall.
    ... 1434 port is the port used in the Slammer worm. ... Any open port, even yes, a VPN connection can be a security risk. ... Just because you've only opened up the firewall for traffic from only that IP ... Security Baselines for setting up a server? ...
    (microsoft.public.sqlserver.security)
  • Re: Getting Data from behind a firewall.
    ... 1434 port is the port used in the Slammer worm. ... Any open port, even yes, a VPN connection can be a security risk. ... Just because you've only opened up the firewall for traffic from only that IP ... Security Baselines for setting up a server? ...
    (microsoft.public.security)
  • Re: sbs 2008 - no Internet access possible to 2nd server
    ... IIS can have security flaws and if your webserver gets compromised, it is better to have that server on its own network so the baddies don't get back to your LAN. ... I have had clients, in the past insist that I use the 'free' port forwarding setup. ... Agree with Larry that it is not a good practice to publish web site in the ...
    (microsoft.public.windows.server.sbs)
  • Re: group opinion requested
    ... If you are not hosting your own website, you can close port 80 inbound. ... I and PSS didn't think it was copromised prior ... >> If you suspect a security issue, you can call the MS Security Team. ... They will check your server thoroughly. ...
    (microsoft.public.windows.server.sbs)