In all honesty if you are planning to use the box as a web server then it is best not to put a software firewall on it at all. Any firewall software will seriously impact on server performance if the hit level is high. Rather it would be a better idea, and in-line with common sense, to move the security layer away from the web server and just let the server fulfill its own function. Its always best to use a dedicated firewall in my opinion. A Cisco PIX firewall or Nokia firewall may do the job nicely. Cisco firewalls can be picked up fairly inexpensively on eBay. It would be best to move the web server to a DMZ on your firewall and only allow access to port 80 and 443 (if using SSL) on your server. As a further precaution you can privately number your web server and use NAT through the firewall to a global public address. You can also prevent people from using your server as a "hop point" if they manage to break through your firewall ACLs on a Cisco PIX by restricting your static entries which prevents the web server from initiating connections out to the Internet.
Hope this gives you some ideas. Many Regards, Mark Searle. -----Original Message----- From: Dejan [mailto:[EMAIL PROTECTED]] Sent: 05 January 2003 20:02 To: Security-Basics Subject: win2k firewall anyone can recommend software firewall for win2k adv. server ? it is planed to be used as web server. Email Disclaimer The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter.
