Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Firewall software for web server

Posted on 2003-11-04
Medium Priority
Last Modified: 2013-11-16

Our server and a bunch of others at our hosting provider have been very recently used for an outbound DOS network attack.

We're trying to figure out everything we can do to protect ourselves in the future. We now have anti-virus software running and are going to be more vigilant about installing MS critical update patches.

We've been told we should install some Firewall software and maybe even an IDS.

Can you recommend a very user-friendly firewall software package for a Win2K Web server?

Would you also recommend we install an IDS?



Question by:skbohler
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 57

Expert Comment

by:Pete Long
ID: 9679851
Hi skbohler,
Firewalls (Hardware or Software?)

Software Firewalls

The basic version is still free!
Zone Labs offers a complete range of firewall products, from the free ZoneAlarm, to the comprehensive protection of ZoneAlarm Plus, to the ultimate privacy and security tools in ZoneAlarm Pro.

Black Ice Defender
BlackICE teams a personal firewall with an advanced intrusion detection system to constantly watch your Internet connections for suspicious behavior.

Symantec's Norton™ Personal Firewall
Keeps hackers out and personal data in. It makes robust firewall protection easy by automatically hiding your PC on the Internet and blocking suspicious connections. Norton Personal Firewall also protects your privacy by preventing confidential information from being sent out without your knowledge.

McAfee Personal Firewall
Personal Firewall places a barrier between the Internet and your PC, helping to block hackers from accessing your computer and allowing you to digitally 'fingerprint' trusted applications. Every time your computer is probed or attacked, you get detailed reports and clear follow-up options.

HardWare Firewalls

Cisco PIX
The world-leading Cisco PIX® Security Appliance Series provides robust, enterprise-class, integrated network security services including stateful inspection firewalling, protocol and application inspection, virtual private networking (VPN), in-line intrusion protection, and rich multimedia and voice security-in cost-effective, easy-to-deploy solutions.

SonicWALL Internet firewall/VPN security appliances support an array of security applications and deliver powerful firewall and VPN performance. SonicWALL appliances are built on stateful inspection firewall technology, and a dedicated security ASIC designed to ensure maximum performance for VPN enabled applications.

3Com perimeter firewalls and website filters cost-efficiently secure Internet access and give IT managers a critical first line of defense against network attacks and unauthorized access. For protecting the perimeter of your network, choose the 3Com® SuperStack® 3 Firewall for enterprise


LVL 49

Expert Comment

ID: 9679856
Check security section here



Author Comment

ID: 9680210
Thanks for posting some good options.

Because this is a web server (and not a client PC) should that affect our choice?

Would we need an IDS as well?

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

LVL 57

Expert Comment

by:Pete Long
ID: 9680832
>>web server (and not a client PC) should that affect our choice

NOt really Firewalls are just a FILTERING Mechanism, and it depends on your budget I wouldnt have anything in a business enviroment but a cisco PIX but there not cheap (approx 4k Sterling)

LVL 57

Accepted Solution

Pete Long earned 750 total points
ID: 9680859
An intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.
There are several ways to categorize an IDS:

misuse detection vs. anomaly detection: in misuse detection, the IDS analyzes the information it gathers and compares it to large databases of attack signatures. Essentially, the IDS looks for a specific attack that has already been documented. Like a virus detection system, misuse detection software is only as good as the database of attack signatures that it uses to compare packets against. In anomaly detection, the system administrator defines the baseline, or normal, state of the network’s traffic load, breakdown, protocol, and typical packet size. The anomaly detector monitors network segments to compare their state to the normal baseline and look for anomalies.
network-based vs. host-based systems: in a network-based system, or NIDS, the individual packets flowing through a network are analyzed. The NIDS can detect malicious packets that are designed to be overlooked by a firewall’s simplistic filtering rules. In a host-based system, the IDS examines at the activity on each individual computer or host.
passive system vs. reactive system: in a passive system, the IDS detects a potential security breach, logs the information and signals an alert. In a reactive system, the IDS responds to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source.
Though they both relate to network security, an IDS differs from a firewall in that a firewall looks out for intrusions in order to stop them from happening. The firewall limits the access between networks in order to prevent intrusion and does not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system.
Above FRom Webopedia

Most business class Firewalls eg PIX will do this for you and a lot of software ones like Zone ALarm and BLack Ice Defender


Expert Comment

ID: 9721686
FORGET THE REST.........THIS IS THE BEST! http://www.eeye.com/html/Products/SecureIIS/

sorry to rhyme, but i love this firewall. it's 100% for IIS and Windows 2000 and 2003. it's kinda like urlscan but with ALOT more options. but it doesn't come cheap. but i do still suggest it as a must have for a truly secure iis server.

also, if you want more security using "microsoft recommended" ways. you can install isa server 2000 on a win2k server and use the urlscan from feature pack 1 along with the web publishing features to secure your web server behind a firewall.

this will basically make your web server be behind 4 firewalls. first isa server, then the feature pack 1 url scan, then secureiis, then urlscan for iis. plus the usual layers of security that iis and ntfs have on a win2k server.
for ultimate extra security you can also use the symantec or trend virus scanner addon to isa server 2000 which scans http and other protocols in real-time for viruses. and if you are planning to have a web server, symantec and isa server 2000 have a combo of features that can be put together to protect smtp servers and exchange 2000 servers.

all kinda expensive for the small company. but if you deal with microsoft software, and got the money for it. it's a sure system. secure, update-able, and if configured right, VERY hard to get around.

a a little trick i use: install pgp desktop 7.03 on the web server and bind your iis server to its virtual network card. then use it when publishing or port mapping your server. this is because pgp also has it's own personal firewall which added with ids features gaurds against some other attacks. but since it's old software, only use it as a last defence. if they get around all the other stuff, this will only slow them down. not stop them!

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question