Solved

Server Firewall Software Recommendation

Posted on 2012-03-30
14
399 Views
Last Modified: 2012-04-04
I've got a Windows Server 2003 hosted server experiencing what appears to be brute force SQL attacks.  The firewall provided by the hosting service sucks and I need another option.  I don't have the ability to use an appliance and need to do some sort of virtual firewall or software firewall.

Many of the IP addresses attacking me originate in China.  I would love to be able to block by country.  

I am extremely familiar with SonicWall products, but they don't appear to make anything like this.

Any suggestions?
0
Comment
Question by:SupermanTB
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
14 Comments
 
LVL 5

Expert Comment

by:Sjizzel
ID: 37787015
I found this:

http://community.spiceworks.com/topic/149633-best-free-fiewall-with-country-ip-blocking

and it links to pfsense:
==
I use pfSense and the Country Block extension for this. It's as easy as ticking boxes of countries that you wish to block. I'm not sure how accurate it is, but it has worked well for me.

http://doc.pfsense.org/index.php/Country_Block
==
0
 
LVL 8

Expert Comment

by:Tymetwister
ID: 37787105
Take a look at ZoneAlarm
0
 

Author Comment

by:SupermanTB
ID: 37787433
I see the pfSenese and it's ability to block by country.  Very cool.

Tymetwister, do you have any experience with ZoneAlarm running on a server?
0
Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

 

Author Comment

by:SupermanTB
ID: 37787463
I downloaded the free version of ZoneAlarm and the firewall appears to be pretty basic.  As I look at the paid versions, they seem to just include other features, but keep the same firewall?
0
 
LVL 5

Expert Comment

by:cdfs
ID: 37787562
Forget about ZoneAlarm, this is something for desktop use, not servers. pfSense is a stable firewall with lots of options. Keep in mind, you need to install it onto a second server, this is not a kind of software you install into windows.
0
 

Author Comment

by:SupermanTB
ID: 37787588
Can you elaborate about the need to install onto a second server?
0
 
LVL 5

Expert Comment

by:cdfs
ID: 37787606
pfSense is a complete firewall-distribution based on freeBSD. It comes as ISO that you have to install on a server. It runs its own operating-system (freeBSD) and provides a webinterface for configuration.
0
 

Author Comment

by:SupermanTB
ID: 37787625
I didn't mention this directly in my post, but the server in question is hosted offsite with a hosting company.  Paying for a second server to run this software wouldn't be economical.  

Do you have any other suggestions?
0
 
LVL 5

Expert Comment

by:cdfs
ID: 37787649
Running a software-firewall on the server that should be protected is not really the best idea, to be honest. The traffic will hit your server and even if you configure your firewall properly, there is still a change that someone can hack your server through a vulnerable in windows. With a dedicated firewall there so much more protection. For pfSense you don't need that much resources, so the smallest server your provider can offer should satisfy your needs. Just go to http://www.pfsense.org/ and read about the minimum hardware-requirements.
0
 

Author Comment

by:SupermanTB
ID: 37787667
I completely agree with  what you're saying, but unfortunately I just don't have that option.  I only have this server to work with to solve this problem
0
 
LVL 5

Expert Comment

by:cdfs
ID: 37790140
In this case I would advise you to use the built-in firewall. There should be some advanced options to configure in 2003, at least they are in 2008. Make sure to only open necessary ports. I assume that you need SQL only on the server, so the SQL-ports should be closed or at least, if you need external access to it, restricted to only a few IPs. Installing a software-firewall will only add another level of complexity and another attackpoint.
0
 

Author Comment

by:SupermanTB
ID: 37804219
I was just hoping for a solution more robust than the built-in Windows firewall.  It definitely serves a purpose, but is lacking in functionality.
0
 
LVL 5

Accepted Solution

by:
cdfs earned 500 total points
ID: 37804689
The built-in firewall is quite robust, in many cases more robust than any third-party desktop-firewalls. What exact functionality are you looking for? Blocking IPs and IP-ranges is described here: http://www.network-security.co/Pages/DocumentManager/Knowledge%20Base/Block%20IP%20addresses%20using%20Windows%20Firewall.pdf
I have also found a script for blocking whole countries: http://www.sans.org/windows-security/2011/10/25/windows-firewall-script-block-addresses-network-ranges
This one applies for Windows 2008 server, but maybe it can also work on 2003. At least with the first link you could block manually the ranges for china in your case.
0
 

Author Comment

by:SupermanTB
ID: 37805675
Thanks for all your help.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question