masakari098

Win 2k3 firewall

8 posts in this topic

I just installed windows server 2003 standard corporate on my main computer, but zonealarm seems to not be compatible with it. I went to the webpage that was suggested by windows help, but the only thing there was a message saying I wasnt supported. Anyone know if there is a fix, or can anyone suggest a good program you use?

0

Share this post


Link to post
Share on other sites

Zone Alarm is the firewall equivalent of a screen door . If you plan to use Win2k3 as a desktop system, I would recommend you try "Agnitum Outpost" or "Kerio PF".

0

Share this post


Link to post
Share on other sites

get a small box with 2 nic and run linux with iptable rules out the wazoo?

0

Share this post


Link to post
Share on other sites
get a small box with 2 nic and run linux with iptable rules out the wazoo?

Because some spyware etc. use port 80/21/other-popular-port to transmit their junk. Wouldn't IPTables do nothing about such dynamic traffic? The reason I said "desktop" in my post is because that's the kind of setup they'd be good for (Win2k3 can be used for things other than being a server... I used it for a while t'ill the "write why you want me to shut down" prompt got annoying). IPTables as far as I understand it is better to block malicious incomming traffic.

0

Share this post


Link to post
Share on other sites

I'm not sure I follow, so what if spyware uses those ports? you can block every single port and only open what you need if you have to

0

Share this post


Link to post
Share on other sites

You can, and should, block ports you don't need to talk out on. However if you plan to surf the web you will need to open up outbound connects for port 80 and 443 on your firewall. If you are using a standalone firewall, like iptables, it won’t know the difference between Firefox communicating over port 80 to a web server or spyware communicating over port 80 to web server. So it will let both talk to the outside world.

Many host firewalls not only block ports but also block what applications can talk out. So hopefully it would block spyware.exe from talking to the network.

Another solution would be to run a webproxy like squid with authentication enabled. This way internal applications could only talk out if they were proxy aware, which most malware is not and if you entered in credentials to authenticate it. Hopefully you wouldn’t blindly enter a username and password unless you were using an application that was supposed to connecting to the outside world.

IMHO having a standalone firewall and host based firewall is really the best solution. Using two gives you layers of defense.

0

Share this post


Link to post
Share on other sites

you can do some really advanced crap with iptables, even regex on the raw data that it sends/recieves

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now