Configure windows 2003 firewall as a web server

Hi,

I need to increase the security on my server, i'm using a dedicated Fasthosts machine, with the standart windows firewall running,

I need someone to advice me on a firewall and respective setup of it. I was thinking on tiny server firewall 2005 professional, i've worked with it before but never got the chance to correctly set it up, but i'm open to advice on the software to use.

The server is currently "serving", WWW, FTP, and Mail.

Regards,
LVL 3
JunkManAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ComputronCommented:
You want to replace the software firewall you are using now with another software firewall ?
What kind of security are you trying to increase ?
Using WWW, if you use SSL at all, you'll want access to port 443(SSL) and port 80
Using FTP, you'll want access to port 21
Using mail, you may want a variety of ports depending on the services offered.
POP3 uses port 110
SMTP uses port 25
IMAP uses port 143
If you're using SSL on the email server, let me know and I can include those ports as well.
These are general guidelines, your services could be setup to use different ports.
JunkManAuthor Commented:
Computron: I don't have any firewall at the moment, just the standard windows one, the server was recently set up. and i need to install a firewall.

I no longer want Tiny, they were bought by Computer Associates, and support, updates were discontinued for any Tiny range of software.

So question still stands witch Firewall should i use, i need one that is effecient and simple to use and also help configuring it. The port list is helpfull but for my Tiny Firewall experience (on another server) there's more to it then just allowing/disallowing ports!



masnrockCommented:
You're right... ports aren't the total picture... you also want something that does stateful packet inspection to prevent certain types of attacks (i.e. SYN flood). I'm not saying Tiny didn't do that, but I'm not really familiar with the product either.

Zone Alarm Pro is a pretty good one. Used it a couple versions ago for a similar purpose.
http://www.zonelabs.com

BlackICE has always been a pretty good firewall, but I don't think you want to pay the money of the server version of it. http://www.iss.net

You might also try BitDefender - http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html#

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JunkManAuthor Commented:
masnroc: thanks but all these seem a bit to "personal" more oriented to home users...

Isn't there a "proper" keep to the basics firewall? e.g. i don't necessarely need an email scanner for the server!!

And none of them seems to work on Windows 2003... Even the Pro or Server versions..

Regards,



masnrockCommented:
I wanted to recommend a hardware firewall, but it didn't really seem to be an option for you. Another major factor is what's your budget? A lot of vendors have been trying to bundle as much as they can together though.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.