Firewall software for web server

Posted on 2003-11-04
Last Modified: 2013-11-16

Our server and a bunch of others at our hosting provider have been very recently used for an outbound DOS network attack.

We're trying to figure out everything we can do to protect ourselves in the future. We now have anti-virus software running and are going to be more vigilant about installing MS critical update patches.

We've been told we should install some Firewall software and maybe even an IDS.

Can you recommend a very user-friendly firewall software package for a Win2K Web server?

Would you also recommend we install an IDS?



Question by:skbohler
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 57

Expert Comment

by:Pete Long
ID: 9679851
Hi skbohler,
Firewalls (Hardware or Software?)

Software Firewalls

The basic version is still free!;jsessionid=10lfaHFKttIAMkUvvZm1xhWKVLKHVeYPMJpXB1I1UxUpAC2ZioSE!1284415661!-1062696903!7551!7552!1822958594!-1062696904!7551!7552?lid=home_zainfo
Zone Labs offers a complete range of firewall products, from the free ZoneAlarm, to the comprehensive protection of ZoneAlarm Plus, to the ultimate privacy and security tools in ZoneAlarm Pro.

Black Ice Defender
BlackICE teams a personal firewall with an advanced intrusion detection system to constantly watch your Internet connections for suspicious behavior.

Symantec's Norton™ Personal Firewall
Keeps hackers out and personal data in. It makes robust firewall protection easy by automatically hiding your PC on the Internet and blocking suspicious connections. Norton Personal Firewall also protects your privacy by preventing confidential information from being sent out without your knowledge.

McAfee Personal Firewall
Personal Firewall places a barrier between the Internet and your PC, helping to block hackers from accessing your computer and allowing you to digitally 'fingerprint' trusted applications. Every time your computer is probed or attacked, you get detailed reports and clear follow-up options.

HardWare Firewalls

Cisco PIX
The world-leading Cisco PIX® Security Appliance Series provides robust, enterprise-class, integrated network security services including stateful inspection firewalling, protocol and application inspection, virtual private networking (VPN), in-line intrusion protection, and rich multimedia and voice security-in cost-effective, easy-to-deploy solutions.

SonicWALL Internet firewall/VPN security appliances support an array of security applications and deliver powerful firewall and VPN performance. SonicWALL appliances are built on stateful inspection firewall technology, and a dedicated security ASIC designed to ensure maximum performance for VPN enabled applications.

3Com perimeter firewalls and website filters cost-efficiently secure Internet access and give IT managers a critical first line of defense against network attacks and unauthorized access. For protecting the perimeter of your network, choose the 3Com® SuperStack® 3 Firewall for enterprise


LVL 49

Expert Comment

ID: 9679856
Check security section here


Author Comment

ID: 9680210
Thanks for posting some good options.

Because this is a web server (and not a client PC) should that affect our choice?

Would we need an IDS as well?

The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

LVL 57

Expert Comment

by:Pete Long
ID: 9680832
>>web server (and not a client PC) should that affect our choice

NOt really Firewalls are just a FILTERING Mechanism, and it depends on your budget I wouldnt have anything in a business enviroment but a cisco PIX but there not cheap (approx 4k Sterling)

LVL 57

Accepted Solution

Pete Long earned 250 total points
ID: 9680859
An intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.
There are several ways to categorize an IDS:

misuse detection vs. anomaly detection: in misuse detection, the IDS analyzes the information it gathers and compares it to large databases of attack signatures. Essentially, the IDS looks for a specific attack that has already been documented. Like a virus detection system, misuse detection software is only as good as the database of attack signatures that it uses to compare packets against. In anomaly detection, the system administrator defines the baseline, or normal, state of the network’s traffic load, breakdown, protocol, and typical packet size. The anomaly detector monitors network segments to compare their state to the normal baseline and look for anomalies.
network-based vs. host-based systems: in a network-based system, or NIDS, the individual packets flowing through a network are analyzed. The NIDS can detect malicious packets that are designed to be overlooked by a firewall’s simplistic filtering rules. In a host-based system, the IDS examines at the activity on each individual computer or host.
passive system vs. reactive system: in a passive system, the IDS detects a potential security breach, logs the information and signals an alert. In a reactive system, the IDS responds to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source.
Though they both relate to network security, an IDS differs from a firewall in that a firewall looks out for intrusions in order to stop them from happening. The firewall limits the access between networks in order to prevent intrusion and does not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system.
Above FRom Webopedia

Most business class Firewalls eg PIX will do this for you and a lot of software ones like Zone ALarm and BLack Ice Defender


Expert Comment

ID: 9721686

sorry to rhyme, but i love this firewall. it's 100% for IIS and Windows 2000 and 2003. it's kinda like urlscan but with ALOT more options. but it doesn't come cheap. but i do still suggest it as a must have for a truly secure iis server.

also, if you want more security using "microsoft recommended" ways. you can install isa server 2000 on a win2k server and use the urlscan from feature pack 1 along with the web publishing features to secure your web server behind a firewall.

this will basically make your web server be behind 4 firewalls. first isa server, then the feature pack 1 url scan, then secureiis, then urlscan for iis. plus the usual layers of security that iis and ntfs have on a win2k server.
for ultimate extra security you can also use the symantec or trend virus scanner addon to isa server 2000 which scans http and other protocols in real-time for viruses. and if you are planning to have a web server, symantec and isa server 2000 have a combo of features that can be put together to protect smtp servers and exchange 2000 servers.

all kinda expensive for the small company. but if you deal with microsoft software, and got the money for it. it's a sure system. secure, update-able, and if configured right, VERY hard to get around.

a a little trick i use: install pgp desktop 7.03 on the web server and bind your iis server to its virtual network card. then use it when publishing or port mapping your server. this is because pgp also has it's own personal firewall which added with ids features gaurds against some other attacks. but since it's old software, only use it as a last defence. if they get around all the other stuff, this will only slow them down. not stop them!

Featured Post

Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question