Re: Win2000 server firewall?

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 02/02/05 

Date: Tue, 1 Feb 2005 21:41:30 -0600

The NAT router will provide a lot of protection but I hoped you sprung for
one that also does stateful inspection such as the Netgear ProSafe line that
starts under $100. The problem with firewalls on servers, particularly
domain controllers, is that you have to open it up so much to allow clients
access that it reduces it's ability to protect somewhat. Since you are
behind a perimeter device I would suggest that you implement ipsec filtering
policy on your servers that use permit and block actions to act as a built
in packet filtering firewall. The Windows 2003 Security Guide has explicit
instructions how to do such and would also apply to W2K.

http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspx

Beyond firewalls read other suggestions in the security guide and be sure to
enforce complex passwords on all computers, have an antivirus strategy that
also makes sure all email attachments are scanned, secure Internet Explorer,
have a backup and disaster recovery plan, and keep current with critical
updates at Windows Updates which can be done automatically. The link below
is great for security tips for small businesses. --- Steve

http://www.microsoft.com/smallbusiness/gtm/securityguidance/checklist/default.mspx

"David Sanders" <news@nospam.sandersweb.net> wrote in message
news:%23NhEbRKCFHA.3592@TK2MSFTNGP09.phx.gbl...
>I have a network with two servers and about ten clients. All of this is
>behind a NAT router that provides internet access to the clients. The
>servers run Windows 2000 Server. The clients run personal firewalls (like
>the one in XP SP2). The servers do not have firewalls. My question is
>should they? will that effect their functionality? which firewall is
>appropriate to a server?
> TIA

Relevant Pages

  • Re: Huge security hole in Kerio 2.1.5
    ... Firewalls come in dozens of flavors. ... average home owner great protection at a reasonable price and served me well ... > A NAT router is, first and foremost, a NAT router. ...
    (microsoft.public.security)
  • Re: A firewall wont stop this one
    ... systems should be left without any protection at all? ... A seatbelt doesn't offer complete protection, ... Even hardware firewalls do not offer complete protection, ... >system offers by disabling unwanted system services, ...
    (alt.computer.security)
  • Re: ZoneAlarm backdoor / GRC.com?
    ... >> outbound protecting firewalls by trivial usage of windows messaging ... >> firewall, and as firewalls go, ZA is okay. ... Any hacker who manages to fool you into running a trojan ... > - if no trojan is there, inbound protection is useless. ...
    (comp.security.firewalls)
  • RE: Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.
    ... Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.. ... gateway and filter the access from/to the internal networks to the servers ... > have no website or web services other than Internet access and e-mail. ...
    (Focus-Microsoft)
  • Re: [fw-wiz] Isolating internal servers behind firewalls
    ... having servers on a separate segment controlled by ... firewalls segregating segments also common. ... Control which clients connect to which servers on what ports ... If you have proper change control management, this should not be a problem. ...
    (Firewall-Wizards)