lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: cheekypeople at sec33.com (Lee) Subject: Firewall solution for Windows 2003 Server Are you suggesting that the win2003 server will be the point of contact for the Internet? is this a wise choice or just a product of your setup? I dont like application layer firewalls, they fill me with dread, yes the displays are nice , but that doesnt mean it cant be acheived elsewhere. I would prefer to point you in the direction of Smoothwall, and IPCOP (both are free) they run on small Pentium boxes , seperate to the win2003 server and offer excellent protection and performance. You can even just setup a nice FreeBSD box with simple ipchains packet filtering if needs be, but those two suggested would be a nice set in the right direction. Any ideas on amounts you have to spend? that obviously sways a decision somewhat, but I still like to stay away from desktop application layer firewalls. Hope that helps. Kind Regards Lee @ STS http://www.seethrusec.co.uk Building Knowledge and Security.. ----- Original Message ----- From: "Irwan Hadi" <irwanhadi@...by.com> To: "Ondrej Krajicek" <krajicek@....muni.cz> Cc: <full-disclosure@...ts.netsys.com> Sent: Saturday, April 24, 2004 8:44 PM Subject: Re: [Full-Disclosure] Firewall solution for Windows 2003 Server > On Sat, Apr 24, 2004 at 06:18:50PM +0200, Ondrej Krajicek wrote: > > > Greetings to all disclosers ;), > > > > I would like to see your opinion on currently available firewall > > products for Windows Server 2003. I am looking for simple > > firewall solution as an _additional_ protection measure > > for our servers. > > > > We all surely know about poor Windows logging (when it comes > > to information coverage). I want a simple packet filter > > running as a service logging everything. I was happy with > > Kerio Personal Firewall, but Kerio no longer supports > > Windows servers with this product. > > > > I do not need router capabilities, just local packet filter. > > > > Could someone recommend me something? Preferably without, > > nice overcomplicated GUI is not a requirement > > (and I hope it could be avoided :). > > I'm using Visnetic Firewall (from deerfield.com) on all of my Windows > servers, and probably on all of my Windows clients pretty soon. One thing I > like from Visnetic is: > - It is just a packet filter. Doesn't do any application level filtering, > which is a good thing for a server. Who would keep watching the console of > the server for popup generated by a firewall asking "do you want to allow > this application to send packets to that destination" > - As far as I know, since it is simple, it hasn't had any security issues, > like Zone Alarm did, Kerio did, and the funniest one was Blackice, which was > exploited by witty worm. My principle is, a firewall suppose to protect the > system it's protecting. If a firewall since it is made quite complex, with > all kind of unnecessary features, then have some vulnerabilities in it, which > instead protecting its host now is threatening its host then what good does > it have? > - It is now configurable both by GUI and command line > - Has sequence number hardening and tarpit > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists