Re: properly configured windows 2003 server OK without a hardwre firewall?

In article <eCHWcs#LIHA.2208@xxxxxxxxxxxxxxxxxxxx>, mvpNoSpam@xxxxxxx
says...
Sorry Leythos, but I have to take exception with that . . .
While I do believe that the more layers of protection the better,
Windows Server, even at 2000 version, can be place directly
on the world network and not just survive but remain in the as
deployed state. It only takes some informed configuration work.
How do I know this? First hand experience from lack of any
alternative. Would I recommend not using a separate firewall?
No, at least not if that firewall is going to be effectively config'd.
But would I say it is absolutely necessary, by no means; it does
however make things easier for people that cannot take the time
to comb a Windows server config clean for an outward facing
deployment.

And we all know there are exceptions to everything, but in this case the
exception is that a Win server will remain uncompromised.

Normally, if you are going to properly configure and lock down a Windows
server for direct connect to the internet, it's not going to be doing
much or providing much. There are few reasons to have a server directly
connected to the internet - ISA/Firewall solution would be the only I
can think of off the top of my head.

While I've read about the IIS boxes connected in tests/contests, I would
never connect a Win web server directly to the public internet without a
firewall.

Again, yes, it can be done, yes, you can lock it down enough to keep it
from being exploited, but, how many people hitting Usenet do you think
will actually be able to do that and get it serving what they wanted,
without exposing an exploit path.....

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)
.

Relevant Pages

  • Re: login attempts
    ... > Every day i have on my win2000 iternet server a lots of wrong login ... Windows by default allows ... You also need a firewall. ... the internet, except for those ports you know you're using. ...
    (microsoft.public.win2000.security)
  • Re: Firewall on a single NIC SBS2003 Standard edition
    ... Frank McCallister SBS MVP ... > " Well, if you're wanting to run the firewall on a single NIC, you aren't ... Don't ask the server to do *everything*, ... > internet traffic from the workstations don't have to go through the SBS. ...
    (microsoft.public.windows.server.sbs)
  • Re: Internet on nodes
    ... I stopped the Firewall in SBS and could upload ... print' from both the server and a WS. ... Was not able to connect to the internet on the WS. ...
    (microsoft.public.windows.server.sbs)
  • Re: 2 NICs Configuration Problem
    ... the server as Paul envisaged it. ... gateway (to the Internet through the NIC connected to the Sonicwall DMZ ... NICs should not have default gateways configured for both. ... DMZ ports of any firewall, is an alternative path that cause great ...
    (microsoft.public.windows.server.networking)
  • Re: Collection of email
    ... server 2003), and FTP support, and a few other things as well. ... I think you are using ISA as your firewall. ... I don't think you have that option, though is your internet connection ...
    (microsoft.public.inetserver.iis.smtp_nntp)