Firewall software for web server

Posted on 2003-11-04
Medium Priority
Last Modified: 2013-11-16

Our server and a bunch of others at our hosting provider have been very recently used for an outbound DOS network attack.

We're trying to figure out everything we can do to protect ourselves in the future. We now have anti-virus software running and are going to be more vigilant about installing MS critical update patches.

We've been told we should install some Firewall software and maybe even an IDS.

Can you recommend a very user-friendly firewall software package for a Win2K Web server?

Would you also recommend we install an IDS?



Question by:skbohler
LVL 57

Expert Comment

by:Pete Long
ID: 9679851
Hi skbohler,
Firewalls (Hardware or Software?)

Software Firewalls

The basic version is still free!
Zone Labs offers a complete range of firewall products, from the free ZoneAlarm, to the comprehensive protection of ZoneAlarm Plus, to the ultimate privacy and security tools in ZoneAlarm Pro.

Black Ice Defender
BlackICE teams a personal firewall with an advanced intrusion detection system to constantly watch your Internet connections for suspicious behavior.

Symantec's Norton™ Personal Firewall
Keeps hackers out and personal data in. It makes robust firewall protection easy by automatically hiding your PC on the Internet and blocking suspicious connections. Norton Personal Firewall also protects your privacy by preventing confidential information from being sent out without your knowledge.

McAfee Personal Firewall
Personal Firewall places a barrier between the Internet and your PC, helping to block hackers from accessing your computer and allowing you to digitally 'fingerprint' trusted applications. Every time your computer is probed or attacked, you get detailed reports and clear follow-up options.

HardWare Firewalls

Cisco PIX
The world-leading Cisco PIX® Security Appliance Series provides robust, enterprise-class, integrated network security services including stateful inspection firewalling, protocol and application inspection, virtual private networking (VPN), in-line intrusion protection, and rich multimedia and voice security-in cost-effective, easy-to-deploy solutions.

SonicWALL Internet firewall/VPN security appliances support an array of security applications and deliver powerful firewall and VPN performance. SonicWALL appliances are built on stateful inspection firewall technology, and a dedicated security ASIC designed to ensure maximum performance for VPN enabled applications.

3Com perimeter firewalls and website filters cost-efficiently secure Internet access and give IT managers a critical first line of defense against network attacks and unauthorized access. For protecting the perimeter of your network, choose the 3Com® SuperStack® 3 Firewall for enterprise


LVL 49

Expert Comment

ID: 9679856
Check security section here



Author Comment

ID: 9680210
Thanks for posting some good options.

Because this is a web server (and not a client PC) should that affect our choice?

Would we need an IDS as well?

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

LVL 57

Expert Comment

by:Pete Long
ID: 9680832
>>web server (and not a client PC) should that affect our choice

NOt really Firewalls are just a FILTERING Mechanism, and it depends on your budget I wouldnt have anything in a business enviroment but a cisco PIX but there not cheap (approx 4k Sterling)

LVL 57

Accepted Solution

Pete Long earned 750 total points
ID: 9680859
An intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.
There are several ways to categorize an IDS:

misuse detection vs. anomaly detection: in misuse detection, the IDS analyzes the information it gathers and compares it to large databases of attack signatures. Essentially, the IDS looks for a specific attack that has already been documented. Like a virus detection system, misuse detection software is only as good as the database of attack signatures that it uses to compare packets against. In anomaly detection, the system administrator defines the baseline, or normal, state of the network’s traffic load, breakdown, protocol, and typical packet size. The anomaly detector monitors network segments to compare their state to the normal baseline and look for anomalies.
network-based vs. host-based systems: in a network-based system, or NIDS, the individual packets flowing through a network are analyzed. The NIDS can detect malicious packets that are designed to be overlooked by a firewall’s simplistic filtering rules. In a host-based system, the IDS examines at the activity on each individual computer or host.
passive system vs. reactive system: in a passive system, the IDS detects a potential security breach, logs the information and signals an alert. In a reactive system, the IDS responds to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source.
Though they both relate to network security, an IDS differs from a firewall in that a firewall looks out for intrusions in order to stop them from happening. The firewall limits the access between networks in order to prevent intrusion and does not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system.
Above FRom Webopedia

Most business class Firewalls eg PIX will do this for you and a lot of software ones like Zone ALarm and BLack Ice Defender


Expert Comment

ID: 9721686
FORGET THE REST.........THIS IS THE BEST! http://www.eeye.com/html/Products/SecureIIS/

sorry to rhyme, but i love this firewall. it's 100% for IIS and Windows 2000 and 2003. it's kinda like urlscan but with ALOT more options. but it doesn't come cheap. but i do still suggest it as a must have for a truly secure iis server.

also, if you want more security using "microsoft recommended" ways. you can install isa server 2000 on a win2k server and use the urlscan from feature pack 1 along with the web publishing features to secure your web server behind a firewall.

this will basically make your web server be behind 4 firewalls. first isa server, then the feature pack 1 url scan, then secureiis, then urlscan for iis. plus the usual layers of security that iis and ntfs have on a win2k server.
for ultimate extra security you can also use the symantec or trend virus scanner addon to isa server 2000 which scans http and other protocols in real-time for viruses. and if you are planning to have a web server, symantec and isa server 2000 have a combo of features that can be put together to protect smtp servers and exchange 2000 servers.

all kinda expensive for the small company. but if you deal with microsoft software, and got the money for it. it's a sure system. secure, update-able, and if configured right, VERY hard to get around.

a a little trick i use: install pgp desktop 7.03 on the web server and bind your iis server to its virtual network card. then use it when publishing or port mapping your server. this is because pgp also has it's own personal firewall which added with ids features gaurds against some other attacks. but since it's old software, only use it as a last defence. if they get around all the other stuff, this will only slow them down. not stop them!

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question