Solved

Server Firewall Software Recommendation

Posted on 2012-03-30
14
394 Views
Last Modified: 2012-04-04
I've got a Windows Server 2003 hosted server experiencing what appears to be brute force SQL attacks.  The firewall provided by the hosting service sucks and I need another option.  I don't have the ability to use an appliance and need to do some sort of virtual firewall or software firewall.

Many of the IP addresses attacking me originate in China.  I would love to be able to block by country.  

I am extremely familiar with SonicWall products, but they don't appear to make anything like this.

Any suggestions?
0
Comment
Question by:SupermanTB
14 Comments
 
LVL 5

Expert Comment

by:Sjizzel
ID: 37787015
I found this:

http://community.spiceworks.com/topic/149633-best-free-fiewall-with-country-ip-blocking

and it links to pfsense:
==
I use pfSense and the Country Block extension for this. It's as easy as ticking boxes of countries that you wish to block. I'm not sure how accurate it is, but it has worked well for me.

http://doc.pfsense.org/index.php/Country_Block
==
0
 
LVL 8

Expert Comment

by:Tymetwister
ID: 37787105
Take a look at ZoneAlarm
0
 

Author Comment

by:SupermanTB
ID: 37787433
I see the pfSenese and it's ability to block by country.  Very cool.

Tymetwister, do you have any experience with ZoneAlarm running on a server?
0
 

Author Comment

by:SupermanTB
ID: 37787463
I downloaded the free version of ZoneAlarm and the firewall appears to be pretty basic.  As I look at the paid versions, they seem to just include other features, but keep the same firewall?
0
 
LVL 5

Expert Comment

by:cdfs
ID: 37787562
Forget about ZoneAlarm, this is something for desktop use, not servers. pfSense is a stable firewall with lots of options. Keep in mind, you need to install it onto a second server, this is not a kind of software you install into windows.
0
 

Author Comment

by:SupermanTB
ID: 37787588
Can you elaborate about the need to install onto a second server?
0
 
LVL 5

Expert Comment

by:cdfs
ID: 37787606
pfSense is a complete firewall-distribution based on freeBSD. It comes as ISO that you have to install on a server. It runs its own operating-system (freeBSD) and provides a webinterface for configuration.
0
New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

 

Author Comment

by:SupermanTB
ID: 37787625
I didn't mention this directly in my post, but the server in question is hosted offsite with a hosting company.  Paying for a second server to run this software wouldn't be economical.  

Do you have any other suggestions?
0
 
LVL 5

Expert Comment

by:cdfs
ID: 37787649
Running a software-firewall on the server that should be protected is not really the best idea, to be honest. The traffic will hit your server and even if you configure your firewall properly, there is still a change that someone can hack your server through a vulnerable in windows. With a dedicated firewall there so much more protection. For pfSense you don't need that much resources, so the smallest server your provider can offer should satisfy your needs. Just go to http://www.pfsense.org/ and read about the minimum hardware-requirements.
0
 

Author Comment

by:SupermanTB
ID: 37787667
I completely agree with  what you're saying, but unfortunately I just don't have that option.  I only have this server to work with to solve this problem
0
 
LVL 5

Expert Comment

by:cdfs
ID: 37790140
In this case I would advise you to use the built-in firewall. There should be some advanced options to configure in 2003, at least they are in 2008. Make sure to only open necessary ports. I assume that you need SQL only on the server, so the SQL-ports should be closed or at least, if you need external access to it, restricted to only a few IPs. Installing a software-firewall will only add another level of complexity and another attackpoint.
0
 

Author Comment

by:SupermanTB
ID: 37804219
I was just hoping for a solution more robust than the built-in Windows firewall.  It definitely serves a purpose, but is lacking in functionality.
0
 
LVL 5

Accepted Solution

by:
cdfs earned 500 total points
ID: 37804689
The built-in firewall is quite robust, in many cases more robust than any third-party desktop-firewalls. What exact functionality are you looking for? Blocking IPs and IP-ranges is described here: http://www.network-security.co/Pages/DocumentManager/Knowledge%20Base/Block%20IP%20addresses%20using%20Windows%20Firewall.pdf
I have also found a script for blocking whole countries: http://www.sans.org/windows-security/2011/10/25/windows-firewall-script-block-addresses-network-ranges
This one applies for Windows 2008 server, but maybe it can also work on 2003. At least with the first link you could block manually the ranges for china in your case.
0
 

Author Comment

by:SupermanTB
ID: 37805675
Thanks for all your help.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now