What's the best SW based Firewall out there for Windows Server ?

Discussion in 'OT Technology' started by Harry Caray, Aug 6, 2007.

  1. Harry Caray

    Harry Caray Fine purveyor of x.264, h.264 & TS HD-Video !!! HD

    Joined:
    Apr 19, 2001
    Messages:
    17,176
    Likes Received:
    5
    Location:
    MyCrews:4x4,SoCal,Tesla,EV's
    any suggestions ? Google will bring up a googles worth ;)

    anybody have a personal fav?:x:

    Thanks
     
  2. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    budget?
     
  3. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    No such thing. Buy a hardware firewall and save your CPU power for whatever you're planning to use the server for. Furthermore, consider that no software is hack-proof, and software firewalls require that incoming packets be accepted BEFORE they can be discarded. One good buffer-overrun exploit and boom, your firewall crashes. On a hardware box, that just makes the firewall reset, which blocks all incoming data until the reset is complete; on a software firewall, that data is sitting in main RAM, waiting for something (possibly even the firewall itself) to try to run it. That's not an issue so much on desktop PCs where the connection is shielded by NAT and the computer doesn't have a public domain name, but on a web server that's open to the public, it can be a significant vulnerability.

    That said, I use Sygate Personal Firewall (free) to monitor connections and test port-blocking rules before I send them to our IT department to be programmed into the hardware firewall.

    EDIT: (waits to get corkscrewed in the ass by Jolly)
     
    Last edited: Aug 6, 2007
  4. Harry Caray

    Harry Caray Fine purveyor of x.264, h.264 & TS HD-Video !!! HD

    Joined:
    Apr 19, 2001
    Messages:
    17,176
    Likes Received:
    5
    Location:
    MyCrews:4x4,SoCal,Tesla,EV's
    We use Sygate here at Cigna and its :ugh:... it took forever for us to make it run well with Nortel VPN for the WAH /laptop users.

    With that being said, there's no hardware that's gonna be thrown at this machine firewall wise. This is strictly a test machine and CPU wise, its a quad-core box so it's got the balls to run.:bowdown:

    Sygate Sec Agent is not near the top of my list, but was thinking about BlackICE. It was good but no updates in awhile :wtc:
     
  5. Harry Caray

    Harry Caray Fine purveyor of x.264, h.264 & TS HD-Video !!! HD

    Joined:
    Apr 19, 2001
    Messages:
    17,176
    Likes Received:
    5
    Location:
    MyCrews:4x4,SoCal,Tesla,EV's
    just starting to look, Kerio seems to get top picks along with Outpost...

    Gonna try both I guess...
     
  6. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    i used kerio long time ago... It was good. customers used to lock themselves out of their boxes, however.
     
  7. retorq

    retorq What up bitch??

    Joined:
    Dec 14, 2006
    Messages:
    6,061
    Likes Received:
    0
    Location:
    Mohave Desert
    If I had to do a software based firewall I would only do it on a linux box that runs JUST the firewall, you don't want to get into running the firewall on the same machine as a web server.
     
  8. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    lies.

    we have for years done software firewalls (iptables on linux) and various solutions on windows. All with great success.
     
  9. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
    Thought obviously this is less than ideal, since a firewall should be a dedicated box.
     
  10. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    I agree that if you have multiple boxes and you control the network, then a dedi firewall is ideal. I run a pix at the office and it rocks.

    However, for the average dedi user that has one box or leases a couple at a typical DC they don't have or need to pay for that luxury... A software firewall is fine.

    Heck, get one of those PCI-based firewalls, even.
     
  11. Harry Caray

    Harry Caray Fine purveyor of x.264, h.264 & TS HD-Video !!! HD

    Joined:
    Apr 19, 2001
    Messages:
    17,176
    Likes Received:
    5
    Location:
    MyCrews:4x4,SoCal,Tesla,EV's
    Suggestions on any of the above ? Personal experience?
     
  12. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
    Doesn't Windows Server have a built-in firewall?
     
  13. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    the Standard+ versions do. The Web Version has removed the GUI to manage it. However the underlying network stack is the same and does retain this functionality. There are ways to manipulate the acl, however it's not the most intuitive system.
     

Share This Page