Solved

Server Firewall Software Recommendation

Posted on 2012-03-30
14
393 Views
Last Modified: 2012-04-04
I've got a Windows Server 2003 hosted server experiencing what appears to be brute force SQL attacks.  The firewall provided by the hosting service sucks and I need another option.  I don't have the ability to use an appliance and need to do some sort of virtual firewall or software firewall.

Many of the IP addresses attacking me originate in China.  I would love to be able to block by country.  

I am extremely familiar with SonicWall products, but they don't appear to make anything like this.

Any suggestions?
0
Comment
Question by:SupermanTB
14 Comments
 
LVL 5

Expert Comment

by:Sjizzel
ID: 37787015
I found this:

http://community.spiceworks.com/topic/149633-best-free-fiewall-with-country-ip-blocking

and it links to pfsense:
==
I use pfSense and the Country Block extension for this. It's as easy as ticking boxes of countries that you wish to block. I'm not sure how accurate it is, but it has worked well for me.

http://doc.pfsense.org/index.php/Country_Block
==
0
 
LVL 8

Expert Comment

by:Tymetwister
ID: 37787105
Take a look at ZoneAlarm
0
 

Author Comment

by:SupermanTB
ID: 37787433
I see the pfSenese and it's ability to block by country.  Very cool.

Tymetwister, do you have any experience with ZoneAlarm running on a server?
0
 

Author Comment

by:SupermanTB
ID: 37787463
I downloaded the free version of ZoneAlarm and the firewall appears to be pretty basic.  As I look at the paid versions, they seem to just include other features, but keep the same firewall?
0
 
LVL 5

Expert Comment

by:cdfs
ID: 37787562
Forget about ZoneAlarm, this is something for desktop use, not servers. pfSense is a stable firewall with lots of options. Keep in mind, you need to install it onto a second server, this is not a kind of software you install into windows.
0
 

Author Comment

by:SupermanTB
ID: 37787588
Can you elaborate about the need to install onto a second server?
0
 
LVL 5

Expert Comment

by:cdfs
ID: 37787606
pfSense is a complete firewall-distribution based on freeBSD. It comes as ISO that you have to install on a server. It runs its own operating-system (freeBSD) and provides a webinterface for configuration.
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 

Author Comment

by:SupermanTB
ID: 37787625
I didn't mention this directly in my post, but the server in question is hosted offsite with a hosting company.  Paying for a second server to run this software wouldn't be economical.  

Do you have any other suggestions?
0
 
LVL 5

Expert Comment

by:cdfs
ID: 37787649
Running a software-firewall on the server that should be protected is not really the best idea, to be honest. The traffic will hit your server and even if you configure your firewall properly, there is still a change that someone can hack your server through a vulnerable in windows. With a dedicated firewall there so much more protection. For pfSense you don't need that much resources, so the smallest server your provider can offer should satisfy your needs. Just go to http://www.pfsense.org/ and read about the minimum hardware-requirements.
0
 

Author Comment

by:SupermanTB
ID: 37787667
I completely agree with  what you're saying, but unfortunately I just don't have that option.  I only have this server to work with to solve this problem
0
 
LVL 5

Expert Comment

by:cdfs
ID: 37790140
In this case I would advise you to use the built-in firewall. There should be some advanced options to configure in 2003, at least they are in 2008. Make sure to only open necessary ports. I assume that you need SQL only on the server, so the SQL-ports should be closed or at least, if you need external access to it, restricted to only a few IPs. Installing a software-firewall will only add another level of complexity and another attackpoint.
0
 

Author Comment

by:SupermanTB
ID: 37804219
I was just hoping for a solution more robust than the built-in Windows firewall.  It definitely serves a purpose, but is lacking in functionality.
0
 
LVL 5

Accepted Solution

by:
cdfs earned 500 total points
ID: 37804689
The built-in firewall is quite robust, in many cases more robust than any third-party desktop-firewalls. What exact functionality are you looking for? Blocking IPs and IP-ranges is described here: http://www.network-security.co/Pages/DocumentManager/Knowledge%20Base/Block%20IP%20addresses%20using%20Windows%20Firewall.pdf
I have also found a script for blocking whole countries: http://www.sans.org/windows-security/2011/10/25/windows-firewall-script-block-addresses-network-ranges
This one applies for Windows 2008 server, but maybe it can also work on 2003. At least with the first link you could block manually the ranges for china in your case.
0
 

Author Comment

by:SupermanTB
ID: 37805675
Thanks for all your help.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now