Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


IIS Server and firewalling Port 80

Posted on 2006-04-12
Medium Priority
Last Modified: 2013-11-16
This fall we will be converting our primary database application to a new version that uses a web server as the front end. I have setup the server using Windows Server 2003 Web Edition.
The server exists on my network and has an internal Class C address.
My Cisco 2600 router has a route in it that points any requests to this web server's domain name to the internal Ip address.
I can ping the domain name and run a tracert to it.  The web server has Ports 80 & 443 open. The new application requires Port 80
to be open.

My question:
Until this time we have not had a firewall in place.  We have relied on NAT to protect us. If I put a firewall in place, what method will it use to determine a valid
attempt to access this web server vs an invalid attempt?

Question by:krlseidl
  • 2
LVL 32

Assisted Solution

rsivanandan earned 375 total points
ID: 16442024
A firewall would work for Layer3 and Layer4 network traffic. But if you are concerned only about the port opening, I believe you already have the solution on the 2600 utilizing Nat's and access-lists, don't you?

All it takes is to find out the protocol and port it uses to connect and use the ACL.

access-list 100 permit <tcp/udp> any host <Webserver> eq <PortNo.>

and apply it to the interface.

LVL 51

Accepted Solution

Keith Alabaster earned 375 total points
ID: 16465147
This really depends on the firewall that you choose. different firewalls will do different jobs. ISA server for example is an application-layer firewall which means it protects right up to layer 7 of the OSI model. Some firewalls only perform as Rajesh states to layer 3 & 4 (TCP/IP - IPX/SPX etc)

NAT in itself, is not always sufficient as it simply masks addresses from one interface to another. The control mechanism is down to your own planning and the capabilities of the firewall.

For example,
trapping on the source address of the call to an allowed set of clients.
SSL ceriticates and switching the port to port 443 instead of 80.
Using the firewall to prompt for additional username/password authentication such as RADIUS requests.
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16509152
Thank you

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month10 days, 11 hours left to enroll

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question