Re: hardware firewall

From: Leythos (void_at_nowhere.com)
Date: 01/06/04

• Next message: \: "Re: sick of Linux bias"
• Previous message: Ginny: "Re: Installed Zone Alarm - can no longer use cam in Yahoo Chat - Help!"
• In reply to: Stephen: "Re: hardware firewall"
• Next in thread: Stephen: "Re: hardware firewall"
• Reply: Stephen: "Re: hardware firewall"
• Reply:(deleted message) \: "Re: hardware firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 05 Jan 2004 23:06:14 GMT

In article <YxlKb.3347$HR.7707@news.indigo.ie>, triple_des@hotmail.com
says...
>
> "Leythos" <void@nowhere.com> wrote in message
> news:MPG.1a63a76e1619da1298a039@news-server.columbus.rr.com...
> > In article <HOkKb.3342$HR.7602@news.indigo.ie>, triple_des@hotmail.com
> > says...
> > > I think IPSec Filters are a better option, you just have more control.
> > >
> > > ""Crash" Dummy" <dvader@deathstar.mil> wrote in message
> > > news:vviro7ag8uko66@corp.supernews.com...
> > > > >Most Web Server software (including MS IIS) has an ALLOW / BLOCK list
> > > > >already built into them - just add the IP in the site configuration.
> > > >
> > > > Where is the Allow/Block list in IIS? I use firewall rules to allow a
> few
> > > > specific users to access my IIS. (I just have the "lite" version that
> > > comes with
> > > > W2K Pro.) The only way I see to restrict access in IIS is with
> > > > username/password, not by IP.
> >
> > How about showing us how one would configure IPSec filters for a IIS box
> > that appears to still have to let the user work with it on the existing
> > network? (please bottom post)
> >
> > --
> > --
> > spamfree999@rrohio.com
> > (Remove 999 to reply to me)
>
> Hi Leythos
>
> You simple need to include rules for the local subnet or what ever subnet
> that allow tcp 135,139,445 and UDP 135,137,138,445 there may alos be
> additional port but that is the common port for Microsoft Networking. Oh
> and of course TCP 80 for local web access. BUT BUT BUT. if this is a web
> server it shouldn't have MS networking and should be hardening and in a DMZ,
> hence should only be fulfilling web needs. After all we don't want to be
> putting are Internal Network on the Internet (dont mean to sound sarcastic)
>
> Hope this is the reponse you where looking for

Thanks for the response, but the poster has said he's running Windows
2000 Prof and this is his workstation acting as a part-time test server
for IIS, so I don't think that it's a good solution.

I would suggest that he purchase the full server version for testing -
can be purchased cheap (free if you don't mind the 120 day demo) and
design on that platform.

As for securing it - a router with NAT and then IP security (for server
version) will cover what he needs... As long as he takes the proper
steps to SECURE the OS as outlined in MS articles.

-- 
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

• Next message: \: "Re: sick of Linux bias"
• Previous message: Ginny: "Re: Installed Zone Alarm - can no longer use cam in Yahoo Chat - Help!"
• In reply to: Stephen: "Re: hardware firewall"
• Next in thread: Stephen: "Re: hardware firewall"
• Reply: Stephen: "Re: hardware firewall"
• Reply:(deleted message) \: "Re: hardware firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint