-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Perhaps you're not familiar with what Code Red does. > First off, it doesn't attack the operating system, it > attacks the web server. Second, all that is required > to protect yourself against CR is to disable the > ida/idq script mapping. In fact, disabling unused > script mappings (ie, unnecessary or unused > services/functionality) is not only common sense, but > it's also all over every site that talks about > information security.
Dude, my intention is not to debate with you about this or that little issue. Most don't run Apache on W2K - they run IIS. He asked what a good firewall was to put on a W2K server, and I said that he should use a solution that will monitor ALLOWED traffic. I can't possibly see what is wrong with this. He is asking what firewall he should use on a server, I said BlackIce. Do you know of another FIREWALL (Snort is an IDS) that he can put on a W2K server that will afford any protection over turning off services, i.e. one that will look for and block dangerous payloads in allowed traffic? The major issue, as you know, with firewalling a server is that you have to let things in. And since the vast majority of firewalls do nothing for inbound traffic, it is often said that putting a software firewall on a server is close to pointless. This is why I mentioned BlackIce - it is one of the few software firewalls that does offer additional protection for machines offering services. Granted, it does it by using a rulebase, but it does have some heuristic capabilities, and it is at least another layer to add to the weak link presented by allowed services. In short, I can't see what your beef is. The recommendation of a software firewall that runs on W2K Server and offers a unique protection feature is more than appropriate for this discussion, especially since that was the very question asked by the original poster. Please show me where I have gone astray. - -Daniel R. Miessler -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPhtQd1Jwf7WiYT5vEQLnYQCfey7VPI5+I3O2iEoRqwwkqRwuqvsAn0OB r3xqcagLGQS3QZbnbtcAS8Fj =YNjd -----END PGP SIGNATURE-----
