Solved

Software Firewall for Windows Server 2012

Posted on 2016-07-27
15
24 Views
Last Modified: 2016-10-07
I am looking for a software firewall for WIndow Server 2012 that is easy to manage, effective and affordable.

Does anyone have any suggestions and experience with software firewalls for Windows Server 2012?
0
Comment
Question by:benc007
  • 6
  • 4
  • 2
  • +1
15 Comments
 
LVL 13

Expert Comment

by:Rizzle
Comment Utility
What about the built in Windows Firewall? Maybe look into something like pfSense.
0
 
LVL 17

Expert Comment

by:pjam
Comment Utility
What is your Anti-Virus application.  Good enterprise AV's usually have their own firewall.
0
 

Author Comment

by:benc007
Comment Utility
Roshan Ejaz - Is Windows built in firewall more reliable than a third party software firewall?
https://www.pfsense.org appears to sell only hardware firewalls, but I am looking for a software firewall.

pjam - I haven't installed an anti-virus software yet.  Do you have any anti-virus / firewall software suggestions for Windows Server 2012?
0
 
LVL 13

Expert Comment

by:Rizzle
Comment Utility
I would definitely try Windows Firewall, we have many customers who use it.
0
 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
Use the windows firewall. Third party software firewalls are almost unilaterally garbage (Either they are buggy and prone to false positive blocking, or they are buggy and use up too many resources). Windows Firewall works very well from Server 2008 on (Server 2003's baked in Firewall was a giant ball of dumb). It's fairly easy to use and doesn't waste resources or cause a lot of false positives, nor is it incredibly buggy. That said, logging and diagnostics in it are sub-par at best, so you do need to be able to troubleshoot without much information.
0
 
LVL 17

Expert Comment

by:pjam
Comment Utility
Trend Micro enterprise for AV & firewall should do the trick.  windows firewall is excellent also
0
 

Author Comment

by:benc007
Comment Utility
Roshan Ejaz and acbrown2010 - the problem with using Windows firewall is that hackers can see which OS the server is running, and target firewall bugs easily since they know the default Windows firewall is likely used.

pjam - Which version of Trend Micro Enterprise AV / Firewall have you used?  What is the price?
I coudn't find pricing for Windows Server 2012 at http://store.trendmicro.com/store/tmamer/Content/pbPage.SMB?cm_sp=Lightbox-_-Where+To+Buy-_-Small+Business:Store
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
Roshan Ejaz and acbrown2010 - the problem with using Windows firewall is that hackers can see which OS the server is running, and target firewall bugs easily since they know the default Windows firewall is likely used.

Do you know this from experience or are you just making an assumption that that is possible? Firewalls generally give no response at all when blocking traffic, so I have serious doubts that one could feasibly determine firewall manufacturer from the outside as easily as you suggest. Then there's the fact that OS  can be easily determined by querying the services that are offered through the firewall. If a web server is giving IIS responses, it's on a Windows server.

Aside from that, choosing a firewall solely on the basis of making it harder to determine which firewall software you're using is nothing more than a security through obscurity tactic, and not an effective security practice. Any security software should be chosen based on features, performance, and usability. And frankly, I've yet to find any software firewall that isn't incredibly bulky, difficult to configure properly, or just plain useless.

From every bit of experience I've had with Trend Micro...look elsewhere. Trying to get support from them in the event of a breach or major emergency is a futile effort.
0
 

Author Comment

by:benc007
Comment Utility
acbrown - I appreciate your feedback on Trend Micro!  Thank you.

I know this from experience.  It is easy to see the OS that is on a server, and hackers first target the default firewall by looking for bugs / breaches in the firewall which is public information as Microsoft publishes their bugs and patch fixes.  Although it isn't an effective security practice, if a different firewall is used, it offers a little more security or at least a piece of mind.  

Do you have other suggestions for software firewalls from companies that offer some support in the event of a breach?
0
 
LVL 38

Assisted Solution

by:Adam Brown
Adam Brown earned 500 total points
Comment Utility
Sophos has some pretty good support, but I don't yet have any experience with their Software Firewall. Their AV is quite capable and has good controls, so I assume the Firewall software does as well. Their support is top notch, too. All of their partners/distributors have dedicated support engineers. I haven't had to go through them for breach investigations yet, but what support I have gotten from them has been timely and precise.

Trend, on the other hand, has never responded to requests for false-positive investigations on AV in anything less than 4 weeks, at which point they demand an updated copy of whatever files we send them. And considering the fact that we have over 1000 licenses with them on a monthly payment system, that just isn't acceptable to me in any way.
0
 

Author Comment

by:benc007
Comment Utility
acbrown2010 - do you usually just use Windows Firewall in Windows Server 2012?  How is support from Microsoft?

How much does Sophos AV cost?  Which other AV software do you like for Windows servers?
0
 
LVL 38

Accepted Solution

by:
Adam Brown earned 500 total points
Comment Utility
Most of the environments I work with are low security and run without software firewalls in place. The time/cost of tuning them to work with everything and build the rules isn't generally worth it for most small businesses that don't fall under heavy regulations, and the users tend to throw hissy fits if things suddenly stop communicating. We deal with Cisco, SonicWALL, and similar for our Edge devices, and they're pretty good to average for support. Our clients are low quality/priority targets that have never been hit with anything beyond general malware issues, so I haven't had to test the firewall support of anyone in a really long time. Well, those reasons and Perimeter defense hasn't been part of my job description in years. But I have to deal with AV regularly, and zero-day response is important.

For pricing, Sophos has a couple different versions of their endpoint protection package, which is managed through the cloud (Called Sophos Central). They start at $34 dollars a year for the standard license, which includes AV, HIPS, and Real-time protection. Advanced endpoint adds Device control (block unknown devices when plugged in, etc), Web Content filtering, traffic inspection. That costs $64 a year per user. The price drops for a longer purchase term (up to 3 years) and for larger numbers of users.

I haven't found a lot of really good AV for servers yet...most companies just throw their desktop AV solution into a "Server" package without changing much. I can't tell you how much *not* fun it is to have McAfee's "Enterprise" solution blow away the Exchange mail queue and database because someone receives an email with a virus attached. SCCM's AV package is pretty good for servers, though, particularly in a full MS environment, and Sophos, again, has a good Server package that *isn't* just a rehash of the desktop suite. It's designed to handle most server solutions without breaking them, which is helpful. If you want, shoot me a PM with your email and I can spin up a 30 day trial that should let you try out the AV and Software firewall to see if they meet your needs (The company I work for is a partner with them and a few other vendors).
0
 

Author Comment

by:benc007
Comment Utility
Adam Brown - thank you for your detailed answer.  I sent you a PM.
0
 

Author Comment

by:benc007
Comment Utility
Hi Adam,

I am using Windows Firewall.  How can I test if I have everything set up right and that my server is secure?
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

My GPO's made for 2008 R2 servers were not allowing me to RDP into a new 2012 server by default.  That’s why I tried to allow RDP via Powershell, because I could log into a remote shell without further configuration. Below I will describe how I wen…
If, like me, you have a lot of Dell servers in the estate you manage this article should save you a little time. When attempting to login to iDrac on any server I would be presented with two errors. The first reads "Do you want to run this applicati…
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now