Re: TCP/IP Filtering
From: Karl Levinson [x y] mvp (levinson_k_at_despammed.com)
Date: 09/09/04
- Next message: Karl Levinson [x y] mvp: "Re: DOA, DIW, lifeless, sprawled and wasted."
- Previous message: Derek: "Detailed Listing of SACLs"
- In reply to: Sam Kong: "TCP/IP Filtering"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 8 Sep 2004 22:21:01 -0400
Some people do this, and there's also IPSec filtering. However, Microsoft
says that neither of these are really meant as firewalls. For one thing,
there's no logging, alerting or intrusion detection. The lack of logging
causes a problem not only when you suspect you may have been hacked or
flooded with a DoS, but also when something goes wrong during the initial
setup. And, I would always be concerned that the filtering could become
enabled by an idiot administrator, a future patch or service pack
installation, a network card replacement, a spontaneous software glitch,
etc. Also, firewalls have gotten fairly cheap. www.netscreen.com offers
hardware firewall devices starting around $600 US, possibly cheaper if you
search ebay.com for firewalls.
Information on setting up IPSec or TCP/IP filtering:
http://securityadmin.info/faq.asp#firewall
http://securityadmin.info/faq.asp#ipsec
www.nsa.gov/snac
"Sam Kong" <ssk@chol.net> wrote in message
news:f0667546.0409081100.785c6ab9@posting.google.com...
> In Windows 2000, there's no built-in firewall.
> Can I use TCP/IP Filtering on the network adapter property instead of
firewall?
> It's webserver and I want to open only 80 port.
>
> Thanks.
>
> Sam
- Next message: Karl Levinson [x y] mvp: "Re: DOA, DIW, lifeless, sprawled and wasted."
- Previous message: Derek: "Detailed Listing of SACLs"
- In reply to: Sam Kong: "TCP/IP Filtering"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
