Re: NT 4 server firewall?
From: zn (zn_at_zn122.edu.invalid)
Date: 01/15/05
- Next message: Bas Keur: "Re: NT 4 server firewall?"
- Previous message: Lars M. Hansen: "Re: NT 4 server firewall?"
- In reply to: Lars M. Hansen: "Re: NT 4 server firewall?"
- Next in thread: Michael J. Pelletier: "Re: NT 4 server firewall?"
- Reply: Michael J. Pelletier: "Re: NT 4 server firewall?"
- Reply: Wolfgang Kueter: "Re: NT 4 server firewall?"
- Reply: Greg Hennessy: "Re: NT 4 server firewall?"
- Reply: Lars M. Hansen: "Re: NT 4 server firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 14 Jan 2005 20:58:22 -0600
Lars M. Hansen <badnews@hansenonline.net> wrote in
news:i80hu0dl8iekorufpjvei44sd1ncepm13d@4ax.com:
> On Fri, 14 Jan 2005 19:28:23 -0600, zn spoketh
>
>>
>>This isn't a home network that we're talking about. There is an
>>institution with a hardware firewall, routers, and switches between
>>the Internet and this server. I'm looking for a software firewall as
>>just another way to protect the server and protect against network
>>security misconfigurations and internal threats.
>
> Yes, and Wolfgang's answer still applies.
>
> * Disable the services that are not necessary to the operation of the
> server to reduce avenues of attack.
> * Restrict access to the server on existing routers/firewalls.
>
> You cannot attack what isn't there.
> You cannot hide what needs to be visible.
> Don't try to fix what isn't broken.
And what happens when another Microsoft worm breaks out and starts
exploiting some bug in the OS. How many times has that happened during
the last several years? There is always a window where the virus is
breaking out but new definitions either haven't been prepared or haven't
made it to the clients yet. A software firewall would help protect
against this.
> There are no software you can put on a SQL server that will protected
> it more than it already should be by employing the "best practices"
> available for securing said server.
>
> There's nothing worse than upper management second-guessing the
> security measures put in place by competent administrators. If you
> really don't trust the administrator, then have someone come in to
> audit the server and the firewall/routers.
You guys have an inferiority complex. Just because you are competent sure
doesn't mean that every network administrator is.
Have you ever dealt with large campus, multiprotocol networking hardware?
Problems happen -- ports get left open accidentally, firmware may not get
updated quickly, leaving potential exploits.
> Just because your senior management read an interesting article in
> some magazine about "software firewalls" in some know-it-all business
> magazine doesn't mean that it'll do anything for you...
That's just a silly comment. There is no problem running packet filtering
software on Unix and it's very commonplace. All that I asked about was
software for doing the same on Windows. Software firewalls are just
another level of security.
- Next message: Bas Keur: "Re: NT 4 server firewall?"
- Previous message: Lars M. Hansen: "Re: NT 4 server firewall?"
- In reply to: Lars M. Hansen: "Re: NT 4 server firewall?"
- Next in thread: Michael J. Pelletier: "Re: NT 4 server firewall?"
- Reply: Michael J. Pelletier: "Re: NT 4 server firewall?"
- Reply: Wolfgang Kueter: "Re: NT 4 server firewall?"
- Reply: Greg Hennessy: "Re: NT 4 server firewall?"
- Reply: Lars M. Hansen: "Re: NT 4 server firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
