Solved

Firewall for Web Server

Posted on 2013-01-08
4
359 Views
Last Modified: 2013-02-18
I looking for an inexpensive firewall.. That will run on Windows 2008 R2 Web server... I need to stay outside my ISA 2006 firewall (my internal network)... I like to have something better than just the Windows firewall thats on the there... Like to see activity, intrusion etc... And possible anti-virus (inexpensive) server based...
0
Comment
Question by:Clint Jones
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 13

Expert Comment

by:upalakshitha
ID: 38757458
Do you like to play with kaspersky which has a great firewall in new version for servers called small office security 2 (KOSS2). Not sure price will match you. There are all things you need
If you go with it do not check price in website, check with authorized dealer in your country area
0
 
LVL 5

Expert Comment

by:Harsem
ID: 38798221
Hello,

Windows firewall can be configured to log all activity. YOu can manage this via group policy and replicate these settings to all of your domain. I have used this multiple times before in various offices and Datacentres.

A Firewall cannot log intrusions, it can only log what has been allowed and/or what has been denied.

I like the Windows Firewall as it can intregrate tightly with the applicaiton, so rather than saying "Allow TCP 80 inbound" you can state this that TCP 80 inbound has to be available to WebServer.exe (or whatever web server software you use).

For Anti-Virus you can use Microsoft's own - as I personally don't like any that are out there. All the majors seem to be signature based, and if you go for heuristics or "advanced Threat Prevention" they tend to eat CPU like nothing else.

Side note: YOu can go a lot further and start using Software Restriction Policies in Windows which are more tedious to set up - but give great protection.


Jens
0
 
LVL 4

Expert Comment

by:Ben Vrijsen
ID: 38884236
Have a look at Astaro! (recently taken over by Sophos)
You can get it as a complete package (hardware & software) or as only software.  (The only thing you then is get a pc with 2 nics and enough RAM in it)
Astaro also has "home" editions available.  This is the complete package, but limited to about 50 IP's on the LAN side.
It's a really appliance with very nice reporting tools.
0
 
LVL 5

Accepted Solution

by:
Harsem earned 500 total points
ID: 38885349
Hello,

one little follow-up post. You can also purchase Intrusion Detection/Prevention Mudules for Cisco ASA Firewalls making this a Firewall + IPS. But this is Cisco - and they charge quite a bit for this. I won't go into what IPS is better than the other, but there are a lot of good resources out there.

You wil lalso find that some IPS vendors are now starting to include Firewall capabilities in their products (such as SourceFire). Further, F5 is now also offering Firewall capabilities, and they also have good application level monitoring. Just a matter of what features you want and how much money you want to spend.

Jens
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question