silver00x00
asked on
Windows Server 2003 Firewall; Will it protect a small network if the server is a bastion host?
I have a Windows Server 2003 box with two NICs. Windows Firewall is enabled on the public NIC. Is that actually protecting the private network? I am running RRAS if that has anything to do with it.
public network-------------(NIC 1 Firewalled(W2K3 Server)NIC 2)--------private network
I would like to use the Windows firewall because it is easy to use for me and I can still edit the ACLs easy. Also no pop-ups.
public network-------------(NIC 1 Firewalled(W2K3 Server)NIC 2)--------private network
I would like to use the Windows firewall because it is easy to use for me and I can still edit the ACLs easy. Also no pop-ups.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
sciwriter,
Yes the IP's are different. On the untrusted side, it has a public IP. On the private side, it uses a class A, 10.x.x.x
Jon...
What would you suggest? I have used Black ICE Server and had nothing but problems with it. I searched all over the support website of Black ICE and had no luck. This is a home network and I am setting it up for learning reasons. So please don't recommend some expensive standalone device such as a PIX firewall even though it may be one of the best. Also since you talked about history, recommend me one that hasn't ever been compromised. This is going on a server, so please don’t recommend one that has pop-ups constantly.
Silver
Yes the IP's are different. On the untrusted side, it has a public IP. On the private side, it uses a class A, 10.x.x.x
Jon...
What would you suggest? I have used Black ICE Server and had nothing but problems with it. I searched all over the support website of Black ICE and had no luck. This is a home network and I am setting it up for learning reasons. So please don't recommend some expensive standalone device such as a PIX firewall even though it may be one of the best. Also since you talked about history, recommend me one that hasn't ever been compromised. This is going on a server, so please don’t recommend one that has pop-ups constantly.
Silver
I disagree completely that IP segmentation and different protocol binding CANNOT be used to protect an internal network from outside intrusion. I set it up all the time for major clients with big networks, and it works reliably, and as long as it is done right, is a robust, long-term solution. However, I am not going to argue here with downers of the technology. Using hackers' tools like Black Ice is utterly ridiculous for a serious business network.
Silver, your original request was fine, the tools like Windows Firewall that you suggested were fine, and the IP segmentation I discussed were not only workable, but a robust solution. I would keep your 2003 business server completely clean of all back-door, intrusion-type software, and do what I suggested. However, I don't know how much farther this thread can go, or if it has been derailed.
Silver, your original request was fine, the tools like Windows Firewall that you suggested were fine, and the IP segmentation I discussed were not only workable, but a robust solution. I would keep your 2003 business server completely clean of all back-door, intrusion-type software, and do what I suggested. However, I don't know how much farther this thread can go, or if it has been derailed.
ASKER
My systems have been up and running for awhile now and everything seems to be fine. No worms or virii and everything is happy...Thank you sciwriter for your help. The question was; does the windows firewall protect a network if a box is setup as a bastion host. The answer is YES. Now you know, Jon, the Windows firewall works much better then none at all. I agree that you shouldn't implement things just because they may be easy, but hey... It really is.
<< does the windows firewall protect a network if a box is setup as a bastion host. The answer is YES. Now you know, Jon, the Windows firewall works much better then none at all. >>
Thanks silver, and just to let you know -- that windows "firewall" took a lot of effort for MS to admit they have a problem and to find a fix. And my experience is -- it does just as good as the rest of them.
To test any firewall -- go to www.grc.com -- wade through his verbal diaharrea to find the place to "TEST YOUR PORTS" -- keep going, and eventually you will find a page to test windows firewall.
Gofer it -- you willl find that windows firewall puts about all your ports in stealth mode -- which is as good as you can get from any cable/DSL router with firewall -- so, as a person who has no love for MS software, it did impress me that MS finally got something right ....
:)))))))
Good luck !!
Thanks silver, and just to let you know -- that windows "firewall" took a lot of effort for MS to admit they have a problem and to find a fix. And my experience is -- it does just as good as the rest of them.
To test any firewall -- go to www.grc.com -- wade through his verbal diaharrea to find the place to "TEST YOUR PORTS" -- keep going, and eventually you will find a page to test windows firewall.
Gofer it -- you willl find that windows firewall puts about all your ports in stealth mode -- which is as good as you can get from any cable/DSL router with firewall -- so, as a person who has no love for MS software, it did impress me that MS finally got something right ....
:)))))))
Good luck !!
I think history speaks for itself here, so the answer is no, windows can never be trusted to secure your network.
>I would like to use the Windows firewall because it is easy to use for me and I can still edit the ACLs easy
Wouldn't it just be easier to use no firewall at all? You'd have almost as much security, and you could save yourself the time spent configuring.
My point is, network security is not supposed to be easy - using a product simply because you find it easy to use and disregarding it's security history is the completely wrong way to approach things.
Cheers,
-Jon