> From: Dave Watts <[EMAIL PROTECTED]> > >> > I have to say, I agree with Robert here, in that if you > >> > want to control traffic at your server itself (host security), > >> > rather than or in addition to controlling traffic at the > >> > router and firewall, the OS provides all the tools you need. > >> > Windows NT 4 and higher allow you to block incoming traffic > >> > on all ports except those you explicitly list, using the > >> > TCP/IP Filtering dialog, and Windows 2000 gives you even > >> > greater control using IP security policies. In some respects, > >> > this is better than using something like BlackICE, in my > >> > opinion, because it's free, and if you manage multiple Win2K > >> > servers you can even use the same policies on all of them. > >> > >> I don't remember the ability to do statefull filtering in any > >> of these tools. > > > >Nope. That's what external firewalls are for. My approach to host-based > >security is generally just to disallow as much traffic as I can; I don't > >know what kind of performance hit you'd take with doing that on each host, > >and I don't want to find out. I guess I shouldn't have said "the OS > provides > >all the tools you need" if you're not going to use an external firewall, > >though. > > > >If you do want that functionality, though, and you don't want to pay for > it, > >you might look at Snort: > >http://www.snort.org/
Snort does not do any filtering. It's an IDS that logs scans. ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
