[thelist] Best SERVER Software Firewall

Ken Schaefer ken at adOpenStatic.com
Sun Nov 16 20:34:59 CST 2003 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: "Joshua Olson" <joshua at waetech.com>
Subject: Re: [thelist] Best SERVER Software Firewall


: > IPSec, for example, is supported in Windows 2000 and
: > Windows 2003, and can give you very good protection
: > (barring possible vulnerabilities in the implementation), so
: > whoever told you that there's "no good way" is either
: > qualifying their comments, or doesn't know what they're
: > talking about (an example of a qualification would be that
: > IPSec isn't a firewall in a literal sense).
:
: IPSec is used for encryption of the IP Packet and is used primary for
: tunnelling, is it not?  If I'm right and IPSec is for encryption, then
it's
: not applicable in this case.  If I'm misunderstanding IPSec, then I'd love
: to see a quick'n'dirty reference for what its all about.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You can create IPSec filtering rules, and store them in the local policy.
These can include rules to permit unsecured traffic, require secured
traffic, or block traffic completely.

Here's a step-by-step guide to setting up such a policy to permit inbound
port 80 from all IP addresses, and deny all other traffic:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutions/network/maintain/security/ipsecld.asp

There are more articles on IPSec here:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/network/default.asp

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
: > You need to look at the more sophisticated products (though still
: > "Personal" products), such as Sygate's product (www.sygate.com),
: > Kerio's Personal Firewall product (not supported on Windows 2003
: > Server yet) (www.kerio.com) or Tiny Software's (www.tinysoftware.com/)
: > firewall product. Each of these allows you to nominate an
: > application/executable, and which IP addresses/subnets can
: > access (or are barred access) to which local and
: > remote ports, for which protocol (UDP/TCP/ICMP) inbound
: > and or outbound.
:
: Thank you for the list.  Any experiences with
them?~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

All are fairly solid from what I can tell. Currently I use Kerio's product
on my development server (I personally wouldn't use something like this on a
commercial production machine, so I can't tell you about how that'd work!).

A while back I used to use Tiny's product. I'll send you some screenshots
offlist.

Cheers
Ken

More information about the thelist mailing list