Solved

Best way to block incoming connections using SBS2003 with ISA 2000

Posted on 2004-10-18
6
207 Views
Last Modified: 2013-12-04
I am using Microsoft SBS 2003 Premium with ISA 2000. What is the best way to block incoming traffic to my network? I am receiving port scans from several Asia Pacific and Dutch networks, and would like to just drop the packets at the external interface.
0
Comment
Question by:MasPreguntas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
6 Comments
 
LVL 3

Accepted Solution

by:
Gargantubrain earned 250 total points
ID: 12341406
The best way is with a hardware firewall. This can be done inexpensively or expensively, depending on your needs and performance requirements.

With all of the new security holes discovered regularly, it is not worth the risk of having your server compromised, compared to the under $100 cost of putting a basic but quite capable router in as your firewall.

If you would like suggestions then you can check out a router such as the ever-popular Linksys WRT-54g (just leave the wireless disabled), which also has any number of alternate firmware choices depending on your needs. There is also higher end routing equipment such as the Cisco 1700 series routers. http://www.cisco.com/en/US/products/hw/routers/ps221/index.html

If you would like to detail the incoming and outgoing traffic needs (ports/services, type of Internet connection, bandwidth, VPN, IPSec, etc) then I could make a recommendation based on your requirements and your budget.
0
 
LVL 1

Author Comment

by:MasPreguntas
ID: 12341835
At this time, I would prefer to use ISA instead of a hardware solution. I have used packet filters on *nix in the past to block all traffic from specific IP's, however the PF rules on ISA do not seem to do anything for me.

What I really need is the proper syntax to set up a packet filter against specific incoming traffic.
0
 
LVL 3

Expert Comment

by:Gargantubrain
ID: 12342709
This page has some good information, including how to configure the SBS firewall using the Configure E-Mail and Internet Connection Wizard.

Look at the "Configuring the Basic Firewall section" including the figures for sample pictures.

http://www.win2000mag.com/Article/ArticleID/40830/40830.html

It is not difficult to find articles regarding the risks of exposing your server to the Internet without a properly configured firewall. It is better to start off by blocking everything and open one thing at a time, to ensure that nothing more than required has been opened up.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question