Hello all! I am a web developer (which tells you how qualified I am to make decisions on security ;-) ) and I am currently trying to ensure that my client's new dedicated server solution is properly secured. They run a coldfusion 5.0 application. They have their own email application. The os will be windows 2003 with IIS. It will be providing hosting for many different sites - all generated by that coldfusion application with some customization here and there.
We are hosting with rackspace and they are providing a Cisco PIX 501 firewall for the server. My main question is whether or not we need or want a software firewall. From what I read, software firewalls are a must in addition to the hardware. But I am hearing from some of the security folks I have spoken with that a software firewall is not desirable for a server setup. Can you help me clear up the confusion? Thanks for your time!