First, a router is PART of a firewall solution. Don't know what model your LinkSys routers are, but chances are you are doing IP filtering/routing with them - not true firewalling. (Haven't looked at the capabilities of the LinkSys stuff in some time, but I remember them being pretty basic.)
If your routers are capable of it, prevent traffic on ALL ports that aren't needed, and prevent ICMP EchoReply - this makes your IP address look unresponsive. Next, on your CF Server, lock down everything you don't need - uninstall/stop any unused services. If the server is live, do not install the documentation or samples. Use Windows file permissions to minimize what access users have to the system. Even then, hackers can still get through, using port 80 and SQL Injection. Make sure your code is written to prevent this. All the above would be considered your "firewall", and should be basic info to anyone who has to maintain/configure servers. If you are looking for an out of the box solution (which should only be one part of the solution), investigate the various Linux/FreeBSD/OpenBSD solutions - Linux can offer you high levels of firewall capabilities for next to nothing. IIRC, there was a package out there called Coyote Linux which gave you a firewall that ran from a single floppy disk, and yet was rather configurable. HTH Shawn Grover -----Original Message----- From: Andy Lynch [mailto:[EMAIL PROTECTED]] Sent: Monday, June 24, 2002 1:24 PM To: CF-Talk Subject: RE: CF Server Firewall I just ment a good server firewall, for my cf server. We have linksys routers but my boss seems to think hackers are getting past those which I suppose is possible... So he wanted my to find a software firewall to run inaddition to our routers firewall. Thanks for all of your suggestions. Andy Lynch Applications Developer WebPort, Inc >From: "Robert Bailey" <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: CF-Talk <[EMAIL PROTECTED]> >Subject: RE: CF Server Firewall >Date: Mon, 24 Jun 2002 12:09:07 -0700 > >A firewall for CF? Not sure what you are talking about there, but a good >firewall for under 1k you may want to look at is Gnatbox. Gets better >the more money you can spend. If you are using IIS, check out the IIS >lockdown tool from MS that sets up and configures URLScan as well as a >host of other options. > >Robert Bailey > > >-----Original Message----- >From: Andy Lynch [mailto:[EMAIL PROTECTED]] >Sent: Monday, June 24, 2002 12:00 PM >To: CF-Talk >Subject: OT: CF Server Firewall > >Sorry for the Off Topic but does anyone know of a good server firewall >program for Cold Fusion servers? It's seems as if some hackers are >getting >past our routers and I want to look into all options to lock it down >more. >My boss said I have to keep it under $1,000. > >Thanks, >Andy Lynch >Applications Developer >WebPort, Inc. > > > > > ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
