Solved

Firewall software for web server

Posted on 2003-11-04
6
662 Views
Last Modified: 2013-11-16
Hello,

Our server and a bunch of others at our hosting provider have been very recently used for an outbound DOS network attack.

We're trying to figure out everything we can do to protect ourselves in the future. We now have anti-virus software running and are going to be more vigilant about installing MS critical update patches.

We've been told we should install some Firewall software and maybe even an IDS.

Can you recommend a very user-friendly firewall software package for a Win2K Web server?

Would you also recommend we install an IDS?

Thanks!

Steve

0
Comment
Question by:skbohler
6 Comments
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
Hi skbohler,
Firewalls (Hardware or Software?)

Software Firewalls

ZoneAlarm
The basic version is still free!
http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp;jsessionid=10lfaHFKttIAMkUvvZm1xhWKVLKHVeYPMJpXB1I1UxUpAC2ZioSE!1284415661!-1062696903!7551!7552!1822958594!-1062696904!7551!7552?lid=home_zainfo
Zone Labs offers a complete range of firewall products, from the free ZoneAlarm, to the comprehensive protection of ZoneAlarm Plus, to the ultimate privacy and security tools in ZoneAlarm Pro.

Black Ice Defender
http://blackice.iss.net/
BlackICE teams a personal firewall with an advanced intrusion detection system to constantly watch your Internet connections for suspicious behavior.

Symantec's Norton™ Personal Firewall
http://www.symantec.com/sabu/nis/npf/
Keeps hackers out and personal data in. It makes robust firewall protection easy by automatically hiding your PC on the Internet and blocking suspicious connections. Norton Personal Firewall also protects your privacy by preventing confidential information from being sent out without your knowledge.

McAfee Personal Firewall
http://us.mcafee.com/root/package.asp?pkgid=101&WWW_URL=www.mcafee.com/myapps/firewall/ov_firewall.asp
Personal Firewall places a barrier between the Internet and your PC, helping to block hackers from accessing your computer and allowing you to digitally 'fingerprint' trusted applications. Every time your computer is probed or attacked, you get detailed reports and clear follow-up options.



HardWare Firewalls

Cisco PIX
http://www.cisco.com/go/pix
The world-leading Cisco PIX® Security Appliance Series provides robust, enterprise-class, integrated network security services including stateful inspection firewalling, protocol and application inspection, virtual private networking (VPN), in-line intrusion protection, and rich multimedia and voice security-in cost-effective, easy-to-deploy solutions.

SonicWall
http://www.sonicwall.com/
SonicWALL Internet firewall/VPN security appliances support an array of security applications and deliver powerful firewall and VPN performance. SonicWALL appliances are built on stateful inspection firewall technology, and a dedicated security ASIC designed to ensure maximum performance for VPN enabled applications.

3Com
http://www.3com.com/prod/en_EU_EMEA/prodlist.jsp?tab=cat&cat=134482&subcat=134490
3Com perimeter firewalls and website filters cost-efficiently secure Internet access and give IT managers a critical first line of defense against network attacks and unauthorized access. For protecting the perimeter of your network, choose the 3Com® SuperStack® 3 Firewall for enterprise

NetGear
http://www.netgear.com/products/routers/firewallvpn.asp

Cheers!
0
 
LVL 49

Expert Comment

by:sunray_2003
Comment Utility
Check security section here

http://www.windowsecurity.com/

Sunray
0
 

Author Comment

by:skbohler
Comment Utility
Thanks for posting some good options.

Because this is a web server (and not a client PC) should that affect our choice?

Would we need an IDS as well?

~Steve
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
>>web server (and not a client PC) should that affect our choice

NOt really Firewalls are just a FILTERING Mechanism, and it depends on your budget I wouldnt have anything in a business enviroment but a cisco PIX but there not cheap (approx 4k Sterling)

Pete
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 250 total points
Comment Utility
An intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.
There are several ways to categorize an IDS:

misuse detection vs. anomaly detection: in misuse detection, the IDS analyzes the information it gathers and compares it to large databases of attack signatures. Essentially, the IDS looks for a specific attack that has already been documented. Like a virus detection system, misuse detection software is only as good as the database of attack signatures that it uses to compare packets against. In anomaly detection, the system administrator defines the baseline, or normal, state of the network’s traffic load, breakdown, protocol, and typical packet size. The anomaly detector monitors network segments to compare their state to the normal baseline and look for anomalies.
network-based vs. host-based systems: in a network-based system, or NIDS, the individual packets flowing through a network are analyzed. The NIDS can detect malicious packets that are designed to be overlooked by a firewall’s simplistic filtering rules. In a host-based system, the IDS examines at the activity on each individual computer or host.
passive system vs. reactive system: in a passive system, the IDS detects a potential security breach, logs the information and signals an alert. In a reactive system, the IDS responds to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source.
Though they both relate to network security, an IDS differs from a firewall in that a firewall looks out for intrusions in order to stop them from happening. The firewall limits the access between networks in order to prevent intrusion and does not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system.
Above FRom Webopedia


Most business class Firewalls eg PIX will do this for you and a lot of software ones like Zone ALarm and BLack Ice Defender


Pete
0
 
LVL 3

Expert Comment

by:nonsence
Comment Utility
FORGET THE REST.........THIS IS THE BEST! http://www.eeye.com/html/Products/SecureIIS/

sorry to rhyme, but i love this firewall. it's 100% for IIS and Windows 2000 and 2003. it's kinda like urlscan but with ALOT more options. but it doesn't come cheap. but i do still suggest it as a must have for a truly secure iis server.

also, if you want more security using "microsoft recommended" ways. you can install isa server 2000 on a win2k server and use the urlscan from feature pack 1 along with the web publishing features to secure your web server behind a firewall.

this will basically make your web server be behind 4 firewalls. first isa server, then the feature pack 1 url scan, then secureiis, then urlscan for iis. plus the usual layers of security that iis and ntfs have on a win2k server.
for ultimate extra security you can also use the symantec or trend virus scanner addon to isa server 2000 which scans http and other protocols in real-time for viruses. and if you are planning to have a web server, symantec and isa server 2000 have a combo of features that can be put together to protect smtp servers and exchange 2000 servers.

all kinda expensive for the small company. but if you deal with microsoft software, and got the money for it. it's a sure system. secure, update-able, and if configured right, VERY hard to get around.

a a little trick i use: install pgp desktop 7.03 on the web server and bind your iis server to its virtual network card. then use it when publishing or port mapping your server. this is because pgp also has it's own personal firewall which added with ids features gaurds against some other attacks. but since it's old software, only use it as a last defence. if they get around all the other stuff, this will only slow them down. not stop them!
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

Suggested Solutions

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now