Snort is rad... but is it a firewall? I use it on my linux machines as an intrusion detection system.
Software firewall-wise, I've been pretty with Zonealarm, but you could investigate using some kind of external router/firewall box with a linux distribution. You don't necessarily want your webserver and your firewall to be the same machine -- if one falls, you're screwed. You can actually run the Linux Router Project firewall off a single floppy disk -- http://www.linuxrouter.org/, which is pretty nice. I think you can even flip the disk to write protected mode and ensure that your settings will go unmessed with. 'Course, that's a little too DIY for most people, but it does work quite well. -- jon -----Original Message----- From: Dave Watts [mailto:[EMAIL PROTECTED]] Sent: Monday, June 24, 2002 6:15 PM To: CF-Talk Subject: RE: CF Server Firewall > > I have to say, I agree with Robert here, in that if you > > want to control traffic at your server itself (host security), > > rather than or in addition to controlling traffic at the > > router and firewall, the OS provides all the tools you need. > > Windows NT 4 and higher allow you to block incoming traffic > > on all ports except those you explicitly list, using the > > TCP/IP Filtering dialog, and Windows 2000 gives you even > > greater control using IP security policies. In some respects, > > this is better than using something like BlackICE, in my > > opinion, because it's free, and if you manage multiple Win2K > > servers you can even use the same policies on all of them. > > I don't remember the ability to do statefull filtering in any > of these tools. Nope. That's what external firewalls are for. My approach to host-based security is generally just to disallow as much traffic as I can; I don't know what kind of performance hit you'd take with doing that on each host, and I don't want to find out. I guess I shouldn't have said "the OS provides all the tools you need" if you're not going to use an external firewall, though. If you do want that functionality, though, and you don't want to pay for it, you might look at Snort: http://www.snort.org/ Securityfocus has a good article on using Snort on IIS servers, but I can't find the URL to save my life. So instead, I'll post this: http://www.snort.org/docs/snort-win2k.htm Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ______________________________________________________________________ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
