Re: which firewall

From: Berk S. Daemon (someone@somewhere.com)
Date: 05/27/02


From: "Berk S. Daemon" <someone@somewhere.com>
Date: Mon, 27 May 2002 19:32:39 GMT


<chris@nospam.com> wrote in message
news:n7s4fucubaspiak5kco9mpognahnnr3kkt@4ax.com...
> On Mon, 27 May 2002 08:28:44 +0200, Peter Larsen
> <plarsen@mail.tele.dk> wrote:
>
> >chris@nospam.com wrote:
> >
> >> Big problem everyone here is missing is that a firewall is
> >> useless to protect IIS.
> >
> >Which is why I suggested putting it on the inside of the webserver! -
> >but perhaps it was too subtle to skip explaining why.
>
> Then you're talking about IDS and inspecting the packets, not just
> firewalling ports. Note the subtle difference :}.
>
> Last time I checked, Norton Personal Firewall and IP Chains didn't
> inspect the contents of http packets. Black Ice Pro might, I've
> never used it to protect an IIS server.
>
> Even if you use a software package that catches malformed or giant
> http get requests, you still have to worry about all of the other IIS
> bugs and constantly maintain the softwares definitions to catch those
> special cases.
>
> If I had a choice, I would highly recommend using Apache, and have it
> configured/maintained by someone who knows what they are doing.
> Unfortunately, I find that most IIS website managers barely know
> enough to get the site online, much less secure it and keep it
> secured. On the other hand they do have that shiny MCSE on the
> wall....

The soloution:

OpenBSD and Snort.

www.openbsd.org
www.snort.org



Relevant Pages

  • Re: How to secure IIS?
    ... XP as well, because even if you don't install IIS, there are still a number ... If you think Windows 98 is secure, ... easy to attack, if there's no firewall... ... IIS security checklists] 3) install firewall and antivirus, ...
    (microsoft.public.inetserver.iis.security)
  • Re: which firewall
    ... >> useless to protect IIS. ... Norton Personal Firewall and IP Chains didn't ... never used it to protect an IIS server. ... enough to get the site online, much less secure it and keep it ...
    (comp.security.firewalls)
  • Re: which firewall
    ... >> useless to protect IIS. ... Norton Personal Firewall and IP Chains didn't ... never used it to protect an IIS server. ... enough to get the site online, much less secure it and keep it ...
    (comp.security.firewalls)
  • Re: which firewall
    ... >> useless to protect IIS. ... Norton Personal Firewall and IP Chains didn't ... never used it to protect an IIS server. ... enough to get the site online, much less secure it and keep it ...
    (comp.os.ms-windows.nt.admin.security)
  • Re: which firewall
    ... >> useless to protect IIS. ... Norton Personal Firewall and IP Chains didn't ... never used it to protect an IIS server. ... enough to get the site online, much less secure it and keep it ...
    (comp.os.ms-windows.nt.admin.security)