Re: About utility of a firewall with win2000 server

From: S. Pidgorny [MVP] (slavickp@yahoo.com)
Date: 09/03/02 

From: "S. Pidgorny [MVP]" <slavickp@yahoo.com>
Date: Tue, 3 Sep 2002 20:57:58 +1000

For a standalone computer, you don't need to use a firewall: just stop all
unnecessary services, close all ports that shouldn't be available to general
public (hint: use Terminal Serrvices for remote admin). This type of setup
is generally refered to as bastion host. Sample is at
http://people.hp.se/stnor/hpntbast13.pdf 

--
Svyatoslav Pidgorny, MS MVP, MCSE
-= F1 is the key =-
"Jean-Paul Bihin" <jean-paul.bihin@easynet.be> wrote in message
news:3d7455af$0$30456$afc38c87@sisyphus.news.be.easynet.net...
> Hi,
> I'm configuring a webserver (win2000 server). His destination is a
> datacenter.
>
> It will be used exclusively for web services (http and ftp). Some ports
will
> of course be opened on each webfolder. The machine will have is own IP
> adress (for remote control) and each Webfolder as well.
> The access to all the other folders will be limited with NT-2000
> administration tools.
>
> Everybody says : "You must install a firewall" . I'm of course ready to do
> it but I don't really understand why...?
> For me, the utility of a firewall is clear when a PC  has a gateway
function
> but is it the case for a server exclusively used for web server tasks ?
>
> What's the rule in NT-2000 ?
> All the ports are opened as soon as an IP adress is affected ?
> All the ports are closed exepted those opened while configuring
webservices
> ?
>
> Thanks,
>
> Jean-Paul
>
>
> Bonjour,
>
> Je configure un serveur Web sous Win2000 Server qui est destiné à être
logé
> dans un datacenter .
> Il ne servira qu'à cela. Les ports ouverts seront limités à ceux que je
> voudrai bien ouvrir sur chaque dossier "Web" ou "FTP"  et chaque dossier
Web
> aura son adresse IP tout comme la machine elle-même bien sûr. Tous les
> autres dossiers seront verrouillés par le système d'administration
2000-NT.
> Tout le monde me dit "il faut un firewall" et je m'interroge...
> Je crois bien comprendre l'utité d'un firewall dans le cas d'un serveur
qui
> fait "passerelle" ou qui fait du partage de connexion Internet mais QUID
> dans ce cas ?
> Est-ce que je ne peux pas faire aussi bien en utilisant toutes les
> fonctionnalités de mon OS ?
>
> Merci pour vos éclairages avisés...
>
> Jean-Paul
>
>
>
>

Relevant Pages

  • Re: Interesting webserver intrusion (apache 1.3.31, mod_ssl 2.8.18, php 4.3.7)
    ... > fairly tight(only allowing 4 ports in), but perhaps I could tighten it ... The host systems firewall rules govern the access to the jailed system. ... What connections does your server need to ... Perhaps there is a 0-day for your ftp server out there. ...
    (Incidents)
  • Re: Add 2nd NIC after intial install?
    ... My biggest question with 1 NIC is: even if workstations are protected with individual firewall products, what is protecting the SBS server itself if ports are open for remote access through the Linksys firewall? ...
    (microsoft.public.windows.server.sbs)
  • Re: Source Code to Filter out WindowsMessenger POP-UPS
    ... Zone Alarm does NOT support 'server'. ... Very few ports are open, ... >What you are asking for amounts to a firewall. ... I would NOT search for source code to compile ...
    (microsoft.public.inetserver.iis.security)
  • Re: Using Office Outlook with exchange server behind windows firewall
    ... On our network I have windows firewall turned on, on both my small business server and my windows xp workstations. ... Based on an article I read about all the ports that exhange may use I also tried making exceptions for ports ...
    (microsoft.public.windows.server.sbs)
  • Re: NETFW.INF, Preconfigured Firewall settings and dialogs
    ... it is Windows Server 2003 SP1 firewall that i'm using. ... Using the document '832017 Port Requirements for the Microsoft Windows ... > to achieve the following goal: some ports are open by default and others ...
    (microsoft.public.windows.server.networking)