Re: ICF problems win Win2003

From: S. Pidgorny (slavickp_at_yahoo.com)
Date: 11/22/03

  • Next message: S. Pidgorny : "Re: routing and remote access don't generate firewall connection logs ?!?"
    Date: Sat, 22 Nov 2003 10:16:07 +1100
    
    

    Vincent,

    It's interesting to know why your ISP reckons you need another firewall.
    Have they actually proven that your Netgear has a vulnerability that opens
    your network to attack, or they just know your requirements better than you?

    Anyway, you have so many options: you can implements something Linux/BSD
    based on cheap PC hardware - iptables/Netfiler for purists, or
    free/inexpensive stuff like Openwall or Smoothwall; you can use inexpensive
    yetfully featured firewall appliances, or you can install firewall like
    Microsoft ISA Server on your Windows server. I use the latter, but it's up
    to you to decide. Again, don't take your ISP word about your Netgear as
    authoritative - ask questions.

    More info in the FAQ:

    http://securityadmin.info/faq.htm#firewall

    -- 
    Svyatoslav Pidgorny, MVP, MCSE
    -= F1 is the key =-
    "Vincent Haakmat" <vhaakmat@ipx.nagicosus.com> wrote in message
    news:#57cXyDsDHA.2360@TK2MSFTNGP09.phx.gbl...
    > Ok... makes sense... We have a firewall from Netgear, but according to my
    > ISP, I need to get a better one. They recommended CISCO, but it is too
    > expensive for  our business (only 50 PCs).
    > Can anyone recommend something better that won't break our wallet?
    > Thanks
    >
    > Vincent
    >
    > "David Wang [Msft]" <someone@online.microsoft.com> wrote in message
    > news:uY0OHGBsDHA.1196@TK2MSFTNGP12.phx.gbl...
    > > If this server is multi-homed, then just enable ICF on the Public NIC
    and
    > > not on the Private NIC
    > >
    > > If this server has only one NIC and both the server and LAN are not
    behind
    > a
    > > firewall from the Router/Gateway, what you are trying to do is pretty
    > > insecure and defeats running a firewall on the server.
    > >
    > > There are two general topologies that you can consider for small-time
    > > servers.
    > > 1. The server is dual-homed (i.e. "Gateway") on the broadband connection
    > and
    > > LAN, with a firewall running either on the server's external NIC or on
    any
    > > local router-device upstream from the web server
    > > 2. The web server is an internal LAN server, and the Gateway must have
    > logic
    > > to either forward requests based on ports, host header, or IP address to
    > and
    > > from this internal LAN server
    > >
    > > Both topologies allow unrestricted access by your LAN clients to the LAN
    > > server's interface, and highly restricted external access to your
    server's
    > > public interface.
    > >
    > > -- 
    > > //David
    > > IIS
    > > This posting is provided "AS IS" with no warranties, and confers no
    > rights.
    > > //
    > > "Vincent Haakmat [393242]" <vhaakmat@nagico.com> wrote in message
    > > news:ewIqSrrrDHA.560@TK2MSFTNGP11.phx.gbl...
    > > I have an exchange server 2003 running on my win2003 server. Because it
    is
    > > directly connected to the net i wanted to use ICF. But if I do, the
    other
    > > computers on the LAN can't connect to it. WHich ports (UDP-IP) do I need
    > to
    > > enable so that the can still access normal file and print services from
    > it?
    > >
    > >
    > >
    >
    >
    

  • Next message: S. Pidgorny : "Re: routing and remote access don't generate firewall connection logs ?!?"

    Relevant Pages

    • Re: SMTP will not connect
      ... This webserver is outside of my office LAN. ... I have no idea how to see what's in the firewall, ... The server allows email sending and it receives emails. ... > That doesn't mean Exchange isn't being a mail server. ...
      (microsoft.public.exchange2000.admin)
    • Re: Security, Distributed firewalling application...long ;-)
      ... > redirected to internal IP space DMZ server running web-apps ... Do note that that's a lot of services to offer inside the LAN (instead ... firewall configuration, can be used to 'persuade' it to). ... Running an IDS on the local network. ...
      (Focus-Linux)
    • Re: Dual NIC Default Gateway Configuration
      ... This firewall opens ports for e-mail, ... The workstations on the LAN, ... The Windows 2003 SBS in question serves multiple ... mail server will bind to that IP address and that IP ...
      (microsoft.public.windows.server.sbs)
    • Re: Remote Desktop
      ... I have recently added a second windows 2003 std server to ... were setup with names longer then 15-characters. ... >If you can't connect on LAN then it's not VPN problem. ... >firewall settings on clients e.g. disable firewall for a ...
      (microsoft.public.windowsxp.general)
    • Sonicwall XPRS2 & SOHO3
      ... SOHO3 (LAN 2, since last friday) firewall rispectively. ... Users may connect from LAN 2 to LAN 1 a UNIX server (by telnet session), ...
      (comp.security.firewalls)