Re: About utility of a firewall with win2000 server

From: karl [x y] (jamescagney90210@excite.com)
Date: 09/04/02 

From: "karl [x y]" <jamescagney90210@excite.com>
Date: Wed, 4 Sep 2002 11:26:35 -0400

Not necessarily. Firewalls can be had as cheaply as US $70 [or free, for
linux/BSD firewalls]. If you are ever hacked, you will want the traffic
logging that does not come native with Windows 2000, and this requires a
firewall. Additionally, closing all services on the host does nothing to
help when the host becomes compromised... all outbound ports are then
available for use and the use of these ports is unlogged and undetected.
Services and .dlls that are disabled can and do become reenabled, sometimes
by Microsoft service packs and patches. A firewall on a separate device is
a part of defense in depth.

"S. Pidgorny [MVP]" <slavickp@yahoo.com> wrote in message
news:ePMJ3b$UCHA.2648@tkmsftngp13...
> Aye, everything is subject to risk assessment etc. - but installing a
> firewall on a separate box to protect TCP/IP stack on the bastion host is
> overkill in most cases.
>
> --
> Svyatoslav Pidgorny, MS MVP, MCSE
> -= F1 is the key =-
>
> <jcochran at naplesgov dot com (Jeff Cochran)> wrote in message
> news:3d7df39d.21979605@news.supernews.com...
> >
> > There are a lot of attcaks a bastion host has to withstand, using
> > server resources, that a firewall would protect against. SYN floods,
> > DOS attacks and so on can bring a bastion host down where a good
> > firewall will stand.
> >
> > Bastion hosts are putting all your eggs in one basket. Once they're
> > in, they're in.
> >
> > Jeff
>
>

Relevant Pages