Re: NT 4 server firewall?

From: Bas Keur (bas.keur_at_dmrt.net)
Date: 01/15/05 

Date: Sat, 15 Jan 2005 04:09:50 +0100

> Software firewalls do not give security.

Oh really ?
Ever seen a CP-FW1 running on Trusted solaris ?

But i guess you are talking about appliances here ?
(Little secret, these things run software as well)

>> Are there any
>> quality freeware server firewall products for NT 4?

NT4 is known for it's WEAK design.
You can add an iron fence in a wooden house, it simply doesn't add
security. Changes are, it breaks down even more.

I suggest you run a `bridged` server next to your NT4 (transparent firewall)
Layer 2 [OpenBSD PF/Iptables]
Layer 7 [Pix/FW1/Symantec SGS/Raptor]
(www.OpenBSD.org is easy to manage and known for it's tight security record)

Please note tha NT4 is END OF LIFE. Excpect no more updates for it.
If you ain't bount to 4 (by the oracly licence?) upgrade.

> No. Lock down the box and use safe implementations
> of the service(s) the box is running. Done.

Now what if someone decides to SYN-ACK your server from a
simple 256kb line ? Those out of bound packets will bring NT4 to it's knees.

-Bas

Relevant Pages

  • RE: Failed to create a trust relationship between NT4 and 2003 AD
    ... I have no idea how to set the NT4 registries on below. ... the exact words in my NT4 server's registry. ... security policy in Administrative tools, go to local policies / security ... For Windows 2000 and 2003 these settings may be applied/configured via ...
    (microsoft.public.windows.server.migration)
  • Re: OT: BBC drama spooks Macs galore
    ... Loads of changes to restrict access etc. ... We had to do NT4 Workstations as well. ... Since your knowledge of computers is in a different league to most users is OSX or Windows the best for security. ...
    (uk.comp.sys.mac)
  • RE: firewall question/confusion
    ... security on that site, cool feature.. ... If you need the router and want a firewall too ... I purchased a D-link 604 wired ... and that running two software firewalls is not a good ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Zone Alarm & Wireless Access Point Security
    ... I have removed the software firewalls that ... I am now so happy that I have the router. ... security software and apps and just use some common sense and keep the ... they must be running 2 dozen security apps. ...
    (comp.security.firewalls)
  • ACLs and permissions viewed after Migrating from NT 4 domain... The twilight zone?
    ... The security on resources does not need to be translated before the source ... resource domain to Windows 2000, Windows 2000 will be able to detect the SID ... AD DC to a NT4 domain user, if this NT4 user has been migrated keeping ... if we view the permissions of these file then the permissions ...
    (microsoft.public.win2000.security)