Just wondering what people's take is on the need for firewalls & opinions on which one to use. I don't currently have a firewall on my server- what are the risks? I have FTP and Web services set with passwords, etc... Thanks.

This is my first time with a dedicated server and I didn't know if I needed one either. Like you, I'm running a web server and an FTP server. After about a week or two with Server Beach, my web site kept crashing and I couldn't figure out why. Event logs are useless and with my limited knowledge of running a server it was like a needle in a hay stack. Then, after installing BlackIce, I found all sorts of people trying to get into my server. After setting up the firewall and blocking a**holes who were trying to send mail through me, run system commands, etc. I haven't needed to babysit my server every five minutes. Get a firewall up my friend. ServerBeach doesn't handle much of your security issues for you.

I couldn't agree more! We have blackice server protection and people are knocking on the door and rattling the handles ALL THE TIME. You are crazy if you think you can't do at least basic port blocking.

For example there's some machine in the UK - probably some poor fool's comprimised box - that's hitting all kinds of alerts several hundred times a week:

IP: 217.8.217.137
DNS: 217.137.static-adsl.customer.ch.easynet.net

-Bob

I was wondering how people go about installing a firewall without disabling their remote desktop?

I would imagine as soon as it's installed the port that your RDC runs on is blocked. Anyone have any experience getting their firewall running without locking themselves out?

With BlackICE Server Protection the default firewall setting is to "allow all" after installation so you can get in there and tweak things w/out locking yourself out.

I did it w/out incident. Just double check those rules before you lock it down!!!

:)

Hi laxbobber

Are you refering the US$299,95 software??? :eek: Is there anything cheaper you recommend? :p

That's a little over my budget right now. Smiling.

Server Software never come cheap. :( Just have to save the moola

Yep, that's the one! Sorry if that's out of your price range. There are other things you can do and cheaper ways I'm sure....

Yeah, you both are right. Server stuff don't come cheap. Gotta get a few more clients to pay for this LOL.

Has anyone tried Sygate Personal Firewall Pro on a server?

I totally agree with the others. Firewall is essential and Black Ice Server Protect does the job. I have tried zone alarm and kept getting locked out after install and SB had to disable.
Black Ice, as the others say, allows access after install and you can set your rules for Remote Desktop Connection.
Before installing a firewall I assumed I was safe! Black Ice shows at least 12 attacks daily which it blocks!!!!
Well worth the money :)

Why use a third party software option when Windows servers come with
their own TCP/IP security policies?

If you go the properties of your TCP/IP connection, go to advanced>Options>TCP/IP filtering.

This will allow you to 'block all ports except...' or 'allow only these ports' for both TCP and UDP ports.

Know your servers.

How well is that windows firewall?? Can it notify me whos trying to hack into my server?

This site helps to explain ways to secure your system. The Windows user self defence gives some useful tips on account set up. This info is based on home users but some of the tips & tricks can be used for smart admin management!
Windows 2000 Self Defence (http://www.uksecurityonline.com/husdg/w2kp2.php)

It also gives an insight into various techniques used by hackers.
Hacker Threat Analysed (http://www.uksecurityonline.com/threat/hackers.php)

WinRoute Pro

http://www.kerio.com

Just don't reboot after installation... BEFORE configuration. (<- Learned the hard way :( )

Kevin

I've heard windows uses some odd ports- I'm planning only leaving the necessary ports open:

25- smtp
20,21- ftp
80- http
3389- remote desktop

Are there any others that absolutely need to be open?

port 110 if you use POP and port 143 for IMAP?

kbrown, can Winroute Firewall be installed remotely on a server, configured and only then you reboot? Is that what you meant?

YES!.... That would be the ideal way to do it :D, otherwise youll be locked out and taking no traffic!!

"Live and learn" I guess.

Kevin

The latest version of Winroute (version 5.1) lets you enable remote admin before rebooting, allowing you to access configuration from outside the firewall after rebooting.

The other option is to install it on a machine you have full access to and copy the configuration xml file up to the server before rebooting. This is what Kerio recommend with their personal firewall product as well.

hey everyone - i just got a copy of Sygate Personal Firewall Pro and want to install it but befor i do i want to kwo if any of you have any experience with it.

i dont want to install it and have it block RDP on me so i cant get back in.

can someone out there please tell me if sygate does this, and if so how to install it on my SB server without gettig locked out.

thanks!

I have bought SPFPro in the past and I asked the exact same question. Seems like there is one way to do it and I have a theory.

If you install it, it will block everything by default and you will be locked out of the server. BUT

1. You can install it on your local machine, configure it to allow whatever you need or all and back up the files from the installed directory. Then you install it on your server and BEFORE you reboot, overwrite the files with the backup you made of your local machine. Only then do you reboot. This was posted on their forums and I have not tested it yet.

2. Install it on your server and BEFORE you reboot, go to the Services thing in Control Panel and change the startup option for the Sygate service to Manual or Disabled. Reboot, configure it and then turn the service on. THIS IS A THEORY and I don't know if it will work either. I need to test it.

If you have a server that is not live yet and want to give it a shot, let me know. :)

awesome - thanks for the quick reply. i will test out one of the theories this afternoon and let you knwo if it works.

thanks!!

That will be great, for I need to install it, too! Keep me posted!!!!! :D

ok well i am still working with sygate (its been a busy weekend) but here's what i have done so far.

i set up sygate on a w2k server that is sitting right here in my office... i configured it to accept RDP and opened port 80 for web traffic. i also set up terminal services on my test box here so i can connect from another local computer and test the RDP.

so i can connect to my test box here via remote desktop but i dont get the sygate icon in the system tray and when i go to start, programs, sygate to launch sygate, nothing happens.

so apparently i cannot access sygate at all via remote desktop, i can only open it when i am physically on that machine.

so am i missing something? is there something i have to do to enable it for remote access?

i dont want to try installing it on my SB server till i figure this out.


but basically the plan is (if i can get past this hitch) get it set up on my test box, then install sygate on SB, copy the program files/sygate folder to SB and then reboot.


anyway - any thoughts on the remote access thing?

Oh, that IS a known glitch in Sygate.

You can check their forums at http://forums.sygatetech.com/vb/

I found this topic:
http://forums.sygatetech.com/vb/showthread.php?threadid=6774&highlight=RDP
to be of some (abeit confusing) help. Maybe changing the permissions as it states will do the trick. A senior member called fireftr has a very interesting reply dated 08-22-2003 11:27 AM that might just hold the key to the solution. Third last post from the bottom of the page.

Let me know if this solves anything!

yeah i saw that and tried it and it didnt work for me. i posted a seperate message on the sygate boards about it and am awaiting a response. will keep you posted.

What do think about build in Win 2003 server firewall?

heve not used 2003 yet - i have 2000 right now... but i have heard that you can configure the fw in 2003 to do the very basic tasks of blocking unwanted traffic.

Well, according to my security consultant (wow, that sounds fancy!), Win2K only does basic port blocking and even so, when I tried it, there was some sort of bug that my email server went crazy. I just gave up on it after a week trying to make it work. I don't know about 2003, though. I have never tried it (and I don't know when I will do so), but I doubt it improved much because MS wants to sell other software like ISA Server.

ok well my saga continues - i had gotten the following info from http://www.whitehat-security.com/SPF.htm.

Backing up SPF

The following Files from your SPF directory, hold your application settings C:\Program Files\Sygate\SPF\(cltdef.dat, default.dat, serdef.dat, stddef.dat, StdState.dat, TSate.dat) and can be backed up and saved by copying them to another file or disk. You can then recopy them back to the SPF DIR to restore to the previous settings. Note: For SPF PRO users you need to export your Advanced Rules to file to back them up.

Creating a Mirror image of a preconfigured SPF install

If you install and configure SPF on a system, Allowing all the applications you need like IE, Kernel, etc. Then extract the downloaded SPF Pro install "exe" to a file and then copy the following Files from your SPF directory, which hold your application settings C:\Program Files\Sygate\SPF\
(cltdef.dat, default.dat, serdef.dat, stddef.dat, StdState.dat, TSate.dat).

Then use those to copy over the ones in the extracted SPF install file. Then you can use that file to install SPF on other system, it should allow SPF to install with the preconfigured applications settings.

this does not work. i set up sygate on my home machine with the same config and os as my SB box. then i copied the files specified above to my sb box in the SPF folder and rebooted.

ever since then i have ntobeen able to connect and my web and FTP sites are down... sygate still blocked all traffic after the reboot.

so i had to contact SB support and am waiting for them to open up my ports (hopefully ASAP).

so i'm back to square one as for how to install sygate and nto have it lock me out.

anyone else have suggestions?

Wow, from what I have read it looks like BlackICE is the way to go as far as remote server installation. However, I wonder if their Server Firewall is any better then their Desktop product. I have read several forums where they say that BlackICE is not as good as most firewalls, i.e. a step above the Microsoft firewall. Is that just because they forget to close all there un-needed ports or is it just not that good?


I know better then to put ZoneAlarm Pro on there as it took me several weeks to have all my internet accessing applications and services to surface. And ZA locks out all Internet traffic in and out while it is prompting the user to decide if it should be allowed.


Besides BlackICE for it's ease of installation. What would be the next choice?