Re: Do I need a firewall
From: Leythos (void@nowhere.com)
Date: 02/05/03
- Next message: Lars M. Hansen: "Re: Open Ports"
- Previous message: Dan: "Re: Flooded with calls to port 1900"
- In reply to: Brett: "Re: Do I need a firewall"
- Next in thread: Brett: "Re: Do I need a firewall"
- Reply: Brett: "Re: Do I need a firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Leythos <void@nowhere.com> Date: Wed, 05 Feb 2003 12:04:29 GMT
In article <IdZ%9.2115$V32.633@news.bellsouth.net>,
bbsouth@bellsouth.net says...
>
> "Leythos" <void@nowhere.com> wrote in message
> news:MPG.18aa26357866c9b989991@news-server.columbus.rr.com...
> > In article <CnT%9.214$eH1.80@news.bellsouth.net>, bbsouth@bellsouth.net
> > says...
> > [snip]
> > >
> > > Ok on the Tracker troll.
> > >
> > > CF Sever and SQL Server are on the same box right now. I do reference
> the
> > > box's IP address. I suppose I could just reference 127.0.0.1 and that
> would
> > > keep my connection local correct?
> > >
> > > Still, if I am able to reference the box's Internet IP address, the port
> is
> > > open. I'll need to read more on how to shut it off to external
> connections
> > > while allow it to be connected via 127.0.01.
> > >
> > > I'm still confused on what it means for SQL Server to be open to the
> > > Internet. grc.com says 1433 is not open. What does that mean?
> >
> > Brett,
> >
> > If you can reference the SQL server port using the internet address it
> > means your entire server must be exposed to the internet - Assuming that
> > you have a broadband or DSL connection, can you purchase a cable modem
> > router to protect your network and server - this would mean that you
> > would only forward port 80/443 inbound for your web server and the
> > router would block all other inbound ports.
> >
> > One way to see if your SQL server is exposed is to open the Query
> > Analyzer, enter the internet IP address of the server and the user/pwd
> > an see if it connects. If you can connect, so can I from my home :)
> >
> > If you get a router then you will be a heck of a lot better off - it
> > will block inbound ports unless you forward them to a local (internal)
> > IP address. pointing to 127.0.0.1 will do nothing to protect you.
> >
> > --
> > --
> > Leythos999@columbus.rr.com
> > (Remove 999 to reply to me)
>
> Thanks. After running unixcircle.com, I see quite a few ports are open.
> Some I need to be open. Will a software firewall such as Zone Alarm help
> anything? It's a funding issue.
>
> Brett
Brett, a software firewall is the base minimum you can start with, but
$70(US) for a router at CompUSA or BestBuy is the better solution.
Software firewalls will consume CPU cycles and memory as the port probes
increase, if you get the router it will block the probes and you
firewall will only report on things that actually get IN to the
computer.
The only ports you need open are 80/443 and possibly FTP. The rest
should be closed for any CF server. I manage a group of CF developers in
another state, they do fine with 80/443 open only. They VPN into the
firewall and then get access to the servers if they need anything else.
-- -- Leythos999@columbus.rr.com (Remove 999 to reply to me)
- Next message: Lars M. Hansen: "Re: Open Ports"
- Previous message: Dan: "Re: Flooded with calls to port 1900"
- In reply to: Brett: "Re: Do I need a firewall"
- Next in thread: Brett: "Re: Do I need a firewall"
- Reply: Brett: "Re: Do I need a firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
