Solved

Server Firewall Software Recommendation

Posted on 2012-03-30
14
396 Views
Last Modified: 2012-04-04
I've got a Windows Server 2003 hosted server experiencing what appears to be brute force SQL attacks.  The firewall provided by the hosting service sucks and I need another option.  I don't have the ability to use an appliance and need to do some sort of virtual firewall or software firewall.

Many of the IP addresses attacking me originate in China.  I would love to be able to block by country.  

I am extremely familiar with SonicWall products, but they don't appear to make anything like this.

Any suggestions?
0
Comment
Question by:SupermanTB
14 Comments
 
LVL 5

Expert Comment

by:Sjizzel
ID: 37787015
I found this:

http://community.spiceworks.com/topic/149633-best-free-fiewall-with-country-ip-blocking

and it links to pfsense:
==
I use pfSense and the Country Block extension for this. It's as easy as ticking boxes of countries that you wish to block. I'm not sure how accurate it is, but it has worked well for me.

http://doc.pfsense.org/index.php/Country_Block
==
0
 
LVL 8

Expert Comment

by:Tymetwister
ID: 37787105
Take a look at ZoneAlarm
0
 

Author Comment

by:SupermanTB
ID: 37787433
I see the pfSenese and it's ability to block by country.  Very cool.

Tymetwister, do you have any experience with ZoneAlarm running on a server?
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:SupermanTB
ID: 37787463
I downloaded the free version of ZoneAlarm and the firewall appears to be pretty basic.  As I look at the paid versions, they seem to just include other features, but keep the same firewall?
0
 
LVL 5

Expert Comment

by:cdfs
ID: 37787562
Forget about ZoneAlarm, this is something for desktop use, not servers. pfSense is a stable firewall with lots of options. Keep in mind, you need to install it onto a second server, this is not a kind of software you install into windows.
0
 

Author Comment

by:SupermanTB
ID: 37787588
Can you elaborate about the need to install onto a second server?
0
 
LVL 5

Expert Comment

by:cdfs
ID: 37787606
pfSense is a complete firewall-distribution based on freeBSD. It comes as ISO that you have to install on a server. It runs its own operating-system (freeBSD) and provides a webinterface for configuration.
0
 

Author Comment

by:SupermanTB
ID: 37787625
I didn't mention this directly in my post, but the server in question is hosted offsite with a hosting company.  Paying for a second server to run this software wouldn't be economical.  

Do you have any other suggestions?
0
 
LVL 5

Expert Comment

by:cdfs
ID: 37787649
Running a software-firewall on the server that should be protected is not really the best idea, to be honest. The traffic will hit your server and even if you configure your firewall properly, there is still a change that someone can hack your server through a vulnerable in windows. With a dedicated firewall there so much more protection. For pfSense you don't need that much resources, so the smallest server your provider can offer should satisfy your needs. Just go to http://www.pfsense.org/ and read about the minimum hardware-requirements.
0
 

Author Comment

by:SupermanTB
ID: 37787667
I completely agree with  what you're saying, but unfortunately I just don't have that option.  I only have this server to work with to solve this problem
0
 
LVL 5

Expert Comment

by:cdfs
ID: 37790140
In this case I would advise you to use the built-in firewall. There should be some advanced options to configure in 2003, at least they are in 2008. Make sure to only open necessary ports. I assume that you need SQL only on the server, so the SQL-ports should be closed or at least, if you need external access to it, restricted to only a few IPs. Installing a software-firewall will only add another level of complexity and another attackpoint.
0
 

Author Comment

by:SupermanTB
ID: 37804219
I was just hoping for a solution more robust than the built-in Windows firewall.  It definitely serves a purpose, but is lacking in functionality.
0
 
LVL 5

Accepted Solution

by:
cdfs earned 500 total points
ID: 37804689
The built-in firewall is quite robust, in many cases more robust than any third-party desktop-firewalls. What exact functionality are you looking for? Blocking IPs and IP-ranges is described here: http://www.network-security.co/Pages/DocumentManager/Knowledge%20Base/Block%20IP%20addresses%20using%20Windows%20Firewall.pdf
I have also found a script for blocking whole countries: http://www.sans.org/windows-security/2011/10/25/windows-firewall-script-block-addresses-network-ranges
This one applies for Windows 2008 server, but maybe it can also work on 2003. At least with the first link you could block manually the ranges for china in your case.
0
 

Author Comment

by:SupermanTB
ID: 37805675
Thanks for all your help.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question