Server Firewall Software Recommendation

I've got a Windows Server 2003 hosted server experiencing what appears to be brute force SQL attacks.  The firewall provided by the hosting service sucks and I need another option.  I don't have the ability to use an appliance and need to do some sort of virtual firewall or software firewall.

Many of the IP addresses attacking me originate in China.  I would love to be able to block by country.  

I am extremely familiar with SonicWall products, but they don't appear to make anything like this.

Any suggestions?
SupermanTBAsked:
Who is Participating?
 
cdfsConnect With a Mentor Commented:
The built-in firewall is quite robust, in many cases more robust than any third-party desktop-firewalls. What exact functionality are you looking for? Blocking IPs and IP-ranges is described here: http://www.network-security.co/Pages/DocumentManager/Knowledge%20Base/Block%20IP%20addresses%20using%20Windows%20Firewall.pdf
I have also found a script for blocking whole countries: http://www.sans.org/windows-security/2011/10/25/windows-firewall-script-block-addresses-network-ranges
This one applies for Windows 2008 server, but maybe it can also work on 2003. At least with the first link you could block manually the ranges for china in your case.
0
 
SjizzelCommented:
I found this:

http://community.spiceworks.com/topic/149633-best-free-fiewall-with-country-ip-blocking

and it links to pfsense:
==
I use pfSense and the Country Block extension for this. It's as easy as ticking boxes of countries that you wish to block. I'm not sure how accurate it is, but it has worked well for me.

http://doc.pfsense.org/index.php/Country_Block
==
0
 
TymetwisterCommented:
Take a look at ZoneAlarm
0
IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

 
SupermanTBAuthor Commented:
I see the pfSenese and it's ability to block by country.  Very cool.

Tymetwister, do you have any experience with ZoneAlarm running on a server?
0
 
SupermanTBAuthor Commented:
I downloaded the free version of ZoneAlarm and the firewall appears to be pretty basic.  As I look at the paid versions, they seem to just include other features, but keep the same firewall?
0
 
cdfsCommented:
Forget about ZoneAlarm, this is something for desktop use, not servers. pfSense is a stable firewall with lots of options. Keep in mind, you need to install it onto a second server, this is not a kind of software you install into windows.
0
 
SupermanTBAuthor Commented:
Can you elaborate about the need to install onto a second server?
0
 
cdfsCommented:
pfSense is a complete firewall-distribution based on freeBSD. It comes as ISO that you have to install on a server. It runs its own operating-system (freeBSD) and provides a webinterface for configuration.
0
 
SupermanTBAuthor Commented:
I didn't mention this directly in my post, but the server in question is hosted offsite with a hosting company.  Paying for a second server to run this software wouldn't be economical.  

Do you have any other suggestions?
0
 
cdfsCommented:
Running a software-firewall on the server that should be protected is not really the best idea, to be honest. The traffic will hit your server and even if you configure your firewall properly, there is still a change that someone can hack your server through a vulnerable in windows. With a dedicated firewall there so much more protection. For pfSense you don't need that much resources, so the smallest server your provider can offer should satisfy your needs. Just go to http://www.pfsense.org/ and read about the minimum hardware-requirements.
0
 
SupermanTBAuthor Commented:
I completely agree with  what you're saying, but unfortunately I just don't have that option.  I only have this server to work with to solve this problem
0
 
cdfsCommented:
In this case I would advise you to use the built-in firewall. There should be some advanced options to configure in 2003, at least they are in 2008. Make sure to only open necessary ports. I assume that you need SQL only on the server, so the SQL-ports should be closed or at least, if you need external access to it, restricted to only a few IPs. Installing a software-firewall will only add another level of complexity and another attackpoint.
0
 
SupermanTBAuthor Commented:
I was just hoping for a solution more robust than the built-in Windows firewall.  It definitely serves a purpose, but is lacking in functionality.
0
 
SupermanTBAuthor Commented:
Thanks for all your help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.