> > I have to say, I agree with Robert here, in that if you > > want to control traffic at your server itself (host security), > > rather than or in addition to controlling traffic at the > > router and firewall, the OS provides all the tools you need. > > Windows NT 4 and higher allow you to block incoming traffic > > on all ports except those you explicitly list, using the > > TCP/IP Filtering dialog, and Windows 2000 gives you even > > greater control using IP security policies. In some respects, > > this is better than using something like BlackICE, in my > > opinion, because it's free, and if you manage multiple Win2K > > servers you can even use the same policies on all of them. > > I don't remember the ability to do statefull filtering in any > of these tools.
Nope. That's what external firewalls are for. My approach to host-based security is generally just to disallow as much traffic as I can; I don't know what kind of performance hit you'd take with doing that on each host, and I don't want to find out. I guess I shouldn't have said "the OS provides all the tools you need" if you're not going to use an external firewall, though. If you do want that functionality, though, and you don't want to pay for it, you might look at Snort: http://www.snort.org/ Securityfocus has a good article on using Snort on IIS servers, but I can't find the URL to save my life. So instead, I'll post this: http://www.snort.org/docs/snort-win2k.htm Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
