Re: which firewall

From: chris@nospam.com
Date: 05/27/02

Next message: Berk S. Daemon: "Re: which firewall"
Previous message: Bruce Chambers: "Re: quick question"
In reply to: Peter Larsen: "Re: which firewall"
Next in thread: Berk S. Daemon: "Re: which firewall"
Reply: Berk S. Daemon: "Re: which firewall"
Reply: Brian: "Re: which firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: chris@nospam.com
Date: Mon, 27 May 2002 10:53:57 -0700

On Mon, 27 May 2002 08:28:44 +0200, Peter Larsen
<plarsen@mail.tele.dk> wrote:

>chris@nospam.com wrote:
>
>> Big problem everyone here is missing is that a firewall is
>> useless to protect IIS.
>
>Which is why I suggested putting it on the inside of the webserver! -
>but perhaps it was too subtle to skip explaining why.

Then you're talking about IDS and inspecting the packets, not just
firewalling ports. Note the subtle difference :}.

Last time I checked, Norton Personal Firewall and IP Chains didn't
inspect the contents of http packets. Black Ice Pro might, I've
never used it to protect an IIS server.

Even if you use a software package that catches malformed or giant
http get requests, you still have to worry about all of the other IIS
bugs and constantly maintain the softwares definitions to catch those
special cases.

If I had a choice, I would highly recommend using Apache, and have it
configured/maintained by someone who knows what they are doing.
Unfortunately, I find that most IIS website managers barely know
enough to get the site online, much less secure it and keep it
secured. On the other hand they do have that shiny MCSE on the
wall....

Next message: Berk S. Daemon: "Re: which firewall"
Previous message: Bruce Chambers: "Re: quick question"
In reply to: Peter Larsen: "Re: which firewall"
Next in thread: Berk S. Daemon: "Re: which firewall"
Reply: Berk S. Daemon: "Re: which firewall"
Reply: Brian: "Re: which firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: How to secure IIS?
... XP as well, because even if you don't install IIS, there are still a number ... If you think Windows 98 is secure, ... easy to attack, if there's no firewall... ... IIS security checklists] 3) install firewall and antivirus, ...
(microsoft.public.inetserver.iis.security)
Re: which firewall
... >> useless to protect IIS. ... Norton Personal Firewall and IP Chains didn't ... never used it to protect an IIS server. ... enough to get the site online, much less secure it and keep it ...
(comp.security.firewalls)
Re: which firewall
... >> useless to protect IIS. ... Norton Personal Firewall and IP Chains didn't ... never used it to protect an IIS server. ... enough to get the site online, much less secure it and keep it ...
(comp.security.firewalls)
Re: which firewall
... >> useless to protect IIS. ... Norton Personal Firewall and IP Chains didn't ... never used it to protect an IIS server. ... enough to get the site online, much less secure it and keep it ...
(comp.os.ms-windows.nt.admin.security)
Re: I was hacked
... Only me noticing that the requests seemed to come from a LAN? ... To secure IIS somewhat, remove all the virtual directories even if they are ... > Do you have some kind of application level firewall on this machine? ... a series of attempts to attack IIS that the IIS log claimed were coming ...
(microsoft.public.inetserver.iis.security)