Firewall software for web server


Our server and a bunch of others at our hosting provider have been very recently used for an outbound DOS network attack.

We're trying to figure out everything we can do to protect ourselves in the future. We now have anti-virus software running and are going to be more vigilant about installing MS critical update patches.

We've been told we should install some Firewall software and maybe even an IDS.

Can you recommend a very user-friendly firewall software package for a Win2K Web server?

Would you also recommend we install an IDS?



Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
Hi skbohler,
Firewalls (Hardware or Software?)

Software Firewalls

The basic version is still free!;jsessionid=10lfaHFKttIAMkUvvZm1xhWKVLKHVeYPMJpXB1I1UxUpAC2ZioSE!1284415661!-1062696903!7551!7552!1822958594!-1062696904!7551!7552?lid=home_zainfo
Zone Labs offers a complete range of firewall products, from the free ZoneAlarm, to the comprehensive protection of ZoneAlarm Plus, to the ultimate privacy and security tools in ZoneAlarm Pro.

Black Ice Defender
BlackICE teams a personal firewall with an advanced intrusion detection system to constantly watch your Internet connections for suspicious behavior.

Symantec's Norton™ Personal Firewall
Keeps hackers out and personal data in. It makes robust firewall protection easy by automatically hiding your PC on the Internet and blocking suspicious connections. Norton Personal Firewall also protects your privacy by preventing confidential information from being sent out without your knowledge.

McAfee Personal Firewall
Personal Firewall places a barrier between the Internet and your PC, helping to block hackers from accessing your computer and allowing you to digitally 'fingerprint' trusted applications. Every time your computer is probed or attacked, you get detailed reports and clear follow-up options.

HardWare Firewalls

Cisco PIX
The world-leading Cisco PIX® Security Appliance Series provides robust, enterprise-class, integrated network security services including stateful inspection firewalling, protocol and application inspection, virtual private networking (VPN), in-line intrusion protection, and rich multimedia and voice security-in cost-effective, easy-to-deploy solutions.

SonicWALL Internet firewall/VPN security appliances support an array of security applications and deliver powerful firewall and VPN performance. SonicWALL appliances are built on stateful inspection firewall technology, and a dedicated security ASIC designed to ensure maximum performance for VPN enabled applications.

3Com perimeter firewalls and website filters cost-efficiently secure Internet access and give IT managers a critical first line of defense against network attacks and unauthorized access. For protecting the perimeter of your network, choose the 3Com® SuperStack® 3 Firewall for enterprise


Check security section here

skbohlerAuthor Commented:
Thanks for posting some good options.

Because this is a web server (and not a client PC) should that affect our choice?

Would we need an IDS as well?

Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

Pete LongTechnical ConsultantCommented:
>>web server (and not a client PC) should that affect our choice

NOt really Firewalls are just a FILTERING Mechanism, and it depends on your budget I wouldnt have anything in a business enviroment but a cisco PIX but there not cheap (approx 4k Sterling)

Pete LongTechnical ConsultantCommented:
An intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.
There are several ways to categorize an IDS:

misuse detection vs. anomaly detection: in misuse detection, the IDS analyzes the information it gathers and compares it to large databases of attack signatures. Essentially, the IDS looks for a specific attack that has already been documented. Like a virus detection system, misuse detection software is only as good as the database of attack signatures that it uses to compare packets against. In anomaly detection, the system administrator defines the baseline, or normal, state of the network’s traffic load, breakdown, protocol, and typical packet size. The anomaly detector monitors network segments to compare their state to the normal baseline and look for anomalies.
network-based vs. host-based systems: in a network-based system, or NIDS, the individual packets flowing through a network are analyzed. The NIDS can detect malicious packets that are designed to be overlooked by a firewall’s simplistic filtering rules. In a host-based system, the IDS examines at the activity on each individual computer or host.
passive system vs. reactive system: in a passive system, the IDS detects a potential security breach, logs the information and signals an alert. In a reactive system, the IDS responds to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source.
Though they both relate to network security, an IDS differs from a firewall in that a firewall looks out for intrusions in order to stop them from happening. The firewall limits the access between networks in order to prevent intrusion and does not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system.
Above FRom Webopedia

Most business class Firewalls eg PIX will do this for you and a lot of software ones like Zone ALarm and BLack Ice Defender


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial

sorry to rhyme, but i love this firewall. it's 100% for IIS and Windows 2000 and 2003. it's kinda like urlscan but with ALOT more options. but it doesn't come cheap. but i do still suggest it as a must have for a truly secure iis server.

also, if you want more security using "microsoft recommended" ways. you can install isa server 2000 on a win2k server and use the urlscan from feature pack 1 along with the web publishing features to secure your web server behind a firewall.

this will basically make your web server be behind 4 firewalls. first isa server, then the feature pack 1 url scan, then secureiis, then urlscan for iis. plus the usual layers of security that iis and ntfs have on a win2k server.
for ultimate extra security you can also use the symantec or trend virus scanner addon to isa server 2000 which scans http and other protocols in real-time for viruses. and if you are planning to have a web server, symantec and isa server 2000 have a combo of features that can be put together to protect smtp servers and exchange 2000 servers.

all kinda expensive for the small company. but if you deal with microsoft software, and got the money for it. it's a sure system. secure, update-able, and if configured right, VERY hard to get around.

a a little trick i use: install pgp desktop 7.03 on the web server and bind your iis server to its virtual network card. then use it when publishing or port mapping your server. this is because pgp also has it's own personal firewall which added with ids features gaurds against some other attacks. but since it's old software, only use it as a last defence. if they get around all the other stuff, this will only slow them down. not stop them!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.