Re: About utility of a firewall with win2000 server
From: Charlie Tame (charlie@tames.net)
Date: 09/06/02
- Next message: Klaus Poulsen: "Deny acces to cdrom and floppy."
- Previous message: Charlie Tame: "Re: 9x cant access W2KPro"
- In reply to: Jean-Paul Bihin: "About utility of a firewall with win2000 server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Charlie Tame" <charlie@tames.net> Date: Fri, 6 Sep 2002 04:49:29 -0500
Hi Jean Paul,
I think one of the benefits of a software firewall is that it avoids having
ports accidentally opened for services like UPnP and even if you have such
things disabled a minor configuration error during upgrades can leave
something exposed. It's a second layer. The well known personal firewalls
trap outgoing stuff as well, that is also useful from time to time as
someone else has pointed out. If something "Should" get on the machine you
have more chance of finding out what it is.
I am currently playing with the beta of Kerio Personal FW and can't
recommend the beta yet but the previous stable version provided some quite
useful insight as to what's going on. Since you have a very simple
requirement the rules should be very easy to set. In any case it has a
learning mode.
The rules operate top down so in very simple terms
Permit 127.0.0.1
Permit port 80
Permit 21
Deny everything else
Hope this helps, it's just an opinion of course but it helps cover mistakes.
Charlie
"Jean-Paul Bihin" <jean-paul.bihin@easynet.be> wrote in message
news:3d7455af$0$30456$afc38c87@sisyphus.news.be.easynet.net...
> Hi,
> I'm configuring a webserver (win2000 server). His destination is a
> datacenter.
>
> It will be used exclusively for web services (http and ftp). Some ports
will
> of course be opened on each webfolder. The machine will have is own IP
> adress (for remote control) and each Webfolder as well.
> The access to all the other folders will be limited with NT-2000
> administration tools.
>
> Everybody says : "You must install a firewall" . I'm of course ready to do
> it but I don't really understand why...?
> For me, the utility of a firewall is clear when a PC has a gateway
function
> but is it the case for a server exclusively used for web server tasks ?
>
> What's the rule in NT-2000 ?
> All the ports are opened as soon as an IP adress is affected ?
> All the ports are closed exepted those opened while configuring
webservices
> ?
>
> Thanks,
>
> Jean-Paul
>
>
> Bonjour,
>
> Je configure un serveur Web sous Win2000 Server qui est destiné à être
logé
> dans un datacenter .
> Il ne servira qu'à cela. Les ports ouverts seront limités à ceux que je
> voudrai bien ouvrir sur chaque dossier "Web" ou "FTP" et chaque dossier
Web
> aura son adresse IP tout comme la machine elle-même bien sûr. Tous les
> autres dossiers seront verrouillés par le système d'administration
2000-NT.
> Tout le monde me dit "il faut un firewall" et je m'interroge...
> Je crois bien comprendre l'utité d'un firewall dans le cas d'un serveur
qui
> fait "passerelle" ou qui fait du partage de connexion Internet mais QUID
> dans ce cas ?
> Est-ce que je ne peux pas faire aussi bien en utilisant toutes les
> fonctionnalités de mon OS ?
>
> Merci pour vos éclairages avisés...
>
> Jean-Paul
>
>
>
>
- Next message: Klaus Poulsen: "Deny acces to cdrom and floppy."
- Previous message: Charlie Tame: "Re: 9x cant access W2KPro"
- In reply to: Jean-Paul Bihin: "About utility of a firewall with win2000 server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
