lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: irwanhadi at phxby.com (Irwan Hadi) Subject: Firewall solution for Windows 2003 Server On Sat, Apr 24, 2004 at 06:18:50PM +0200, Ondrej Krajicek wrote: > Greetings to all disclosers ;), > > I would like to see your opinion on currently available firewall > products for Windows Server 2003. I am looking for simple > firewall solution as an _additional_ protection measure > for our servers. > > We all surely know about poor Windows logging (when it comes > to information coverage). I want a simple packet filter > running as a service logging everything. I was happy with > Kerio Personal Firewall, but Kerio no longer supports > Windows servers with this product. > > I do not need router capabilities, just local packet filter. > > Could someone recommend me something? Preferably without, > nice overcomplicated GUI is not a requirement > (and I hope it could be avoided :). I'm using Visnetic Firewall (from deerfield.com) on all of my Windows servers, and probably on all of my Windows clients pretty soon. One thing I like from Visnetic is: - It is just a packet filter. Doesn't do any application level filtering, which is a good thing for a server. Who would keep watching the console of the server for popup generated by a firewall asking "do you want to allow this application to send packets to that destination" - As far as I know, since it is simple, it hasn't had any security issues, like Zone Alarm did, Kerio did, and the funniest one was Blackice, which was exploited by witty worm. My principle is, a firewall suppose to protect the system it's protecting. If a firewall since it is made quite complex, with all kind of unnecessary features, then have some vulnerabilities in it, which instead protecting its host now is threatening its host then what good does it have? - It is now configurable both by GUI and command line - Has sequence number hardening and tarpit
Powered by blists - more mailing lists