Re: Is a firewall required...

From: Lars M. Hansen (badnews_at_hansenonline.net)
Date: 05/03/05


Date: Mon, 02 May 2005 18:47:49 -0400

On Mon, 2 May 2005 17:09:05 -0400, Junkyard Engineer spoketh

>yes, I'm doing port forwarding
>
>I'm trying to lower my programs overhead and ZA+ is probably slowding down
>the system somewhat although I'm not entirely sure of that.
>
>Would MS Firewall would have a faster response thant ZA+ ?
>

No packet filter will protect your web server if you choose to make it
public (which you have by forwarding the port).

A packet filter simply drops packets based on source and destination
address and port information, it doesn't look at the content of the
packet itself.

The only firewall that will help with this, would be an application
proxy which validates HTTP requests and drops connections that doesn't
smell like a proper HTTP request.

And, of course, you should make sure your IIS server is secured and
patched to reduce the chances of your IIS box getting hacked.

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)



Relevant Pages

  • Re: software/hardware Firewall tradeoff
    ... just there are two options (Firewall: ... ZA is not a FW it's just a machine level packet filter. ... The NAT router for home usage is not a FW either. ... If the other program needs ports open on the router, ...
    (comp.security.firewalls)
  • Re: Firewall etc
    ... I look at the log on a FW or personal packet filter to view unsolicited inbound packets that have been blocked and outbound packets being send out due to a solicitation or no solicitation. ... company's firewall offers me better protection and an opportunity to ... I can do the same thing with the Vista packet filter, that is, to create filtering rules for inbound or outbound packets, based on port, protocol, IP or subnet. ... so they can benefit from the higher forms of protections these ...
    (microsoft.public.windows.vista.security)
  • Re: software/hardware Firewall tradeoff
    ... just there are two options (Firewall: ... ZA is not a FW it's just a machine level packet filter. ... The NAT router for home usage is not a FW either. ... If the other program needs ports open on the router, ...
    (comp.security.firewalls)
  • Re: software/hardware Firewall tradeoff
    ... just there are two options (Firewall: ... The NAT router for home usage is not a FW either. ... Many NAT home routers have a packet filter function, ... If the other program needs ports open on the router, ...
    (comp.security.firewalls)
  • Re: Iptables log analysis tool, not reporting tool?
    ... Absolutely normal and nothing to worry about. ... > from these I can see all hits on the firewall, source address, source ... > network name, ports, hit counts etc. etc. ... iptables is a packet filter and thus - as any packet filter - knows ...
    (comp.security.firewalls)