Solved

Software Firewall for Windows Server 2012

Posted on 2016-07-27
15
66 Views
Last Modified: 2016-10-07
I am looking for a software firewall for WIndow Server 2012 that is easy to manage, effective and affordable.

Does anyone have any suggestions and experience with software firewalls for Windows Server 2012?
0
Comment
Question by:benc007
  • 6
  • 4
  • 2
  • +1
15 Comments
 
LVL 13

Expert Comment

by:Rizzle
ID: 41731756
What about the built in Windows Firewall? Maybe look into something like pfSense.
0
 
LVL 17

Expert Comment

by:pjam
ID: 41731776
What is your Anti-Virus application.  Good enterprise AV's usually have their own firewall.
0
 

Author Comment

by:benc007
ID: 41731790
Roshan Ejaz - Is Windows built in firewall more reliable than a third party software firewall?
https://www.pfsense.org appears to sell only hardware firewalls, but I am looking for a software firewall.

pjam - I haven't installed an anti-virus software yet.  Do you have any anti-virus / firewall software suggestions for Windows Server 2012?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 13

Expert Comment

by:Rizzle
ID: 41731829
I would definitely try Windows Firewall, we have many customers who use it.
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 41731842
Use the windows firewall. Third party software firewalls are almost unilaterally garbage (Either they are buggy and prone to false positive blocking, or they are buggy and use up too many resources). Windows Firewall works very well from Server 2008 on (Server 2003's baked in Firewall was a giant ball of dumb). It's fairly easy to use and doesn't waste resources or cause a lot of false positives, nor is it incredibly buggy. That said, logging and diagnostics in it are sub-par at best, so you do need to be able to troubleshoot without much information.
0
 
LVL 17

Expert Comment

by:pjam
ID: 41731872
Trend Micro enterprise for AV & firewall should do the trick.  windows firewall is excellent also
0
 

Author Comment

by:benc007
ID: 41732202
Roshan Ejaz and acbrown2010 - the problem with using Windows firewall is that hackers can see which OS the server is running, and target firewall bugs easily since they know the default Windows firewall is likely used.

pjam - Which version of Trend Micro Enterprise AV / Firewall have you used?  What is the price?
I coudn't find pricing for Windows Server 2012 at http://store.trendmicro.com/store/tmamer/Content/pbPage.SMB?cm_sp=Lightbox-_-Where+To+Buy-_-Small+Business:Store
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 41732210
Roshan Ejaz and acbrown2010 - the problem with using Windows firewall is that hackers can see which OS the server is running, and target firewall bugs easily since they know the default Windows firewall is likely used.

Do you know this from experience or are you just making an assumption that that is possible? Firewalls generally give no response at all when blocking traffic, so I have serious doubts that one could feasibly determine firewall manufacturer from the outside as easily as you suggest. Then there's the fact that OS  can be easily determined by querying the services that are offered through the firewall. If a web server is giving IIS responses, it's on a Windows server.

Aside from that, choosing a firewall solely on the basis of making it harder to determine which firewall software you're using is nothing more than a security through obscurity tactic, and not an effective security practice. Any security software should be chosen based on features, performance, and usability. And frankly, I've yet to find any software firewall that isn't incredibly bulky, difficult to configure properly, or just plain useless.

From every bit of experience I've had with Trend Micro...look elsewhere. Trying to get support from them in the event of a breach or major emergency is a futile effort.
0
 

Author Comment

by:benc007
ID: 41732231
acbrown - I appreciate your feedback on Trend Micro!  Thank you.

I know this from experience.  It is easy to see the OS that is on a server, and hackers first target the default firewall by looking for bugs / breaches in the firewall which is public information as Microsoft publishes their bugs and patch fixes.  Although it isn't an effective security practice, if a different firewall is used, it offers a little more security or at least a piece of mind.  

Do you have other suggestions for software firewalls from companies that offer some support in the event of a breach?
0
 
LVL 39

Assisted Solution

by:Adam Brown
Adam Brown earned 500 total points
ID: 41732281
Sophos has some pretty good support, but I don't yet have any experience with their Software Firewall. Their AV is quite capable and has good controls, so I assume the Firewall software does as well. Their support is top notch, too. All of their partners/distributors have dedicated support engineers. I haven't had to go through them for breach investigations yet, but what support I have gotten from them has been timely and precise.

Trend, on the other hand, has never responded to requests for false-positive investigations on AV in anything less than 4 weeks, at which point they demand an updated copy of whatever files we send them. And considering the fact that we have over 1000 licenses with them on a monthly payment system, that just isn't acceptable to me in any way.
0
 

Author Comment

by:benc007
ID: 41734063
acbrown2010 - do you usually just use Windows Firewall in Windows Server 2012?  How is support from Microsoft?

How much does Sophos AV cost?  Which other AV software do you like for Windows servers?
0
 
LVL 39

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 41734102
Most of the environments I work with are low security and run without software firewalls in place. The time/cost of tuning them to work with everything and build the rules isn't generally worth it for most small businesses that don't fall under heavy regulations, and the users tend to throw hissy fits if things suddenly stop communicating. We deal with Cisco, SonicWALL, and similar for our Edge devices, and they're pretty good to average for support. Our clients are low quality/priority targets that have never been hit with anything beyond general malware issues, so I haven't had to test the firewall support of anyone in a really long time. Well, those reasons and Perimeter defense hasn't been part of my job description in years. But I have to deal with AV regularly, and zero-day response is important.

For pricing, Sophos has a couple different versions of their endpoint protection package, which is managed through the cloud (Called Sophos Central). They start at $34 dollars a year for the standard license, which includes AV, HIPS, and Real-time protection. Advanced endpoint adds Device control (block unknown devices when plugged in, etc), Web Content filtering, traffic inspection. That costs $64 a year per user. The price drops for a longer purchase term (up to 3 years) and for larger numbers of users.

I haven't found a lot of really good AV for servers yet...most companies just throw their desktop AV solution into a "Server" package without changing much. I can't tell you how much *not* fun it is to have McAfee's "Enterprise" solution blow away the Exchange mail queue and database because someone receives an email with a virus attached. SCCM's AV package is pretty good for servers, though, particularly in a full MS environment, and Sophos, again, has a good Server package that *isn't* just a rehash of the desktop suite. It's designed to handle most server solutions without breaking them, which is helpful. If you want, shoot me a PM with your email and I can spin up a 30 day trial that should let you try out the AV and Software firewall to see if they meet your needs (The company I work for is a partner with them and a few other vendors).
0
 

Author Comment

by:benc007
ID: 41735986
Adam Brown - thank you for your detailed answer.  I sent you a PM.
0
 

Author Comment

by:benc007
ID: 41825803
Hi Adam,

I am using Windows Firewall.  How can I test if I have everything set up right and that my server is secure?
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now