Skip to main content

Notice

Please note that most of the software linked on this forum is likely to be safe to use. If you are unsure, feel free to ask in the relevant topics, or send a private message to an administrator or moderator. To help curb the problems of false positives, or in the event that you do find actual malware, you can contribute through the article linked here.
Topic: Firewall for WinServer2003 (Read 5566 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Firewall for WinServer2003

Okay, I took the plunge, grabbed an unused licensed copy of Windows Server 2003 lying around in the office, and now planning to install it on my home PC in "workstation mode" (i.e. turning on themes and other disabled services, disabling the shutdown reason dialog, etc. etc. etc.)

What I want to know: Is it still necessary to install a 3rd party firewall? If it is, which do you recommend: Comodo or ZoneAlarm?

Thanks for your inputs!

Firewall for WinServer2003

Reply #1
It is recommended to install a 3rd party firewall but I think Windows Firewall is...ok.
Zome Alarm is very good but it tends to be overkill and will take alot of manual configuration.

Firewall for WinServer2003

Reply #2
TREX: thanks! I'll install Comodo when I get back home then

Firewall for WinServer2003

Reply #3
Quote from: TREX6662k6 on
It is recommended to install a 3rd party firewall but I think Windows Firewall is...ok.
Zome Alarm is very good but it tends to be overkill and will take alot of manual configuration.


Well, what's the gripe with windows firewall?
-----
J. D. (jj) Johnston
 

Firewall for WinServer2003

Reply #5
1. Windows Firewall (pre-Vista) doesnt block outgoing connections
2. Its Microsoft, so theres a fear of holes. Some people should stick to what they do best...
3. It isnt the most featured

In light of what I said above, I find Windows Firewall to be enough for what I want it to do. But I will not be supprised if someone installs a 3rd party firewall.

Firewall for WinServer2003

Reply #6
If I am behind a NAT router *and* I am the only one using the PC, I wouldn't even consider using a firewall.

But unfortunately, neither of the above. So a firewall is a must.

Firewall for WinServer2003

Reply #7
Quote from: pepoluan on
If I am behind a NAT router *and* I am the only one using the PC, I wouldn't even consider using a firewall.

But unfortunately, neither of the above. So a firewall is a must.

Windows Firewall is good enough in my opinion. Think twice for the feature of "blocking outbound connection".

How many times have you blocked an outbound connection before? Next to none for me.

How many times have you allowed a legitimate outbound connection? Many, and I think this is quite useless.

Firewall for WinServer2003

Reply #8
Quote
Windows Firewall is good enough in my opinion.


Same here, but pre-Vista Windows Firewall has been critizied(SP) for not having an option to control outgoing connections. Some people like applying a level of trust to their programs. Just incase that nasty worm comes along...

Firewall for WinServer2003

Reply #9
Quote from: TREX6662k6 on
Quote
Windows Firewall is good enough in my opinion.


Same here, but pre-Vista Windows Firewall has been critizied(SP) for not having an option to control outgoing connections. Some people like applying a level of trust to their programs. Just incase that nasty worm comes along...

So you want to know the view from an MCSE that manages thousands of computers and servers in a large corp?

You first trust an application, then you run it from your machine. Just imagine how do you think you start Firefox, Thunderbird, Outlook, Internet Explorer, etc, and then permit them to access the internet. The 2nd step is redundant. If you know what the application is, why do you block it? Do you think Firefox is going to make malicious connections to other places that you can block further? If you allow an application to access internet, they already have a way to do malicious things no matter how you block or control.

If you do not trust an application from the beginning, you do not run it in the first place. This is very basic common sense.

Where do you think trojans/worms come from? Emails? How many times have you heard of not running attachments from untrusted emails? For those cases, an effective mail filter is a much better proactive solution.

And stopping spread of worm/trojan is the job of AntiVirus, not the job of Firewall. Firewall is used to control network traffic. You have a concept that people should block worm from accessing Internet. This is wrong. The correct concept is, users should never have a chance to run that worm/trojan.

For those people who are dumb enough to let a torjan stay in their PC and not get killed by AntiVirus, this is the failure of the users and the AntiVirus. And if they even manage to run a trojan/worm, or other malicious applications (which shows they lack the sense of security), do you think they suddenly get smart, knowledgeable and cautious at the pop up prompt, and know to block it? Absolutely not. I have seen enough people who will simply get confused at the prompt and then click allow to permit the trojan so that it runs correctly. For those people, I see a lot of allow rules and simply allow worms/torjans to access internet.

Not to mention that our organization has a clear guidelines on "Limited User Accounts" support. That is, we use non-Administrators accounts as long as we can, and we only use Administrator accounts if it is really needed. Therefore, users cannot modify the system.

Our experience tells us that, we NEVER run a third party firewall on PCs because of compatibility reasons. We've seen applications that interfere with the firewall, and makes the application unusable, or the system unstable. Run only trusted applications, and have a reputable AntiVirus, and you are fine 99% of the time. Windows Firewall is surprisingly good in terms of application compatibility, and you do not need to deal with those redundant allow/deny pop ups.

For servers, first they are NEVER connected to internet directly, and secondly, they only run approved services. A web server is a web server, for instance, and of course, firewalls are used to control inbound traffic. Outbound traffic is usually used to control our users, together with proxies, from accessing dangerous places. For example, we only allow accessing destination ports 80 and 443 for standard http and https traffic.

Firewall for WinServer2003

Reply #10
Hey all, let me illustrate the PC in question:

It is used as a home PC.

As I don't live with my brother anymore starting mid-Feb, I can't control whatever software he'll install.

So I'm making it extra secure for him.

As it is, I am certified in MCSE, MCSA, and MCDBA and knows firsthand about configuring for a corporate (small, though) setting. In the company I just put a pair of Cisco Routers and configure the DMZ and the NATs and no malware gets in. It helps that we also deploy Symantec AVCE. This prevents infection from flashdisks.

Firewall for WinServer2003

Reply #11
Quote
And stopping spread of worm/trojan is the job of AntiVirus, not the job of Firewall. Firewall is used to control network traffic. You have a concept that people should block worm from accessing Internet. This is wrong. The correct concept is, users should never have a chance to run that worm/trojan.


I know that isn't the job of a firewall but what else would a correctly used outgoing firewall accomplish if something was to slip by the anti virus?
Thats the only purpose I can give, if the anti-virus is really crap or the user beyond stupid.
Im not backing up the idea of an outgoing firewall, but when people look at other well known firewalls and see they all have an outgoing firewall, Windows XP firewalls looks basic which is why it was criticized.
People like having pointless, annoying, resource taking features.

I liked it because I didn't know it was even there. The only thing that was on my mind, was that some applications had the ability to exclude themselves from the list automatically. I can imagine a worm or back-door doing the same.
I hate anti-viruses. Monthly web checks are enough for me and XP \ Vista firewall. Id never become infected and though its just a useless resource eating app.

Firewall for WinServer2003

Reply #12
Quote from: pepoluan on
Hey all, let me illustrate the PC in question:

It is used as a home PC.

As I don't live with my brother anymore starting mid-Feb, I can't control whatever software he'll install.

So I'm making it extra secure for him.

As it is, I am certified in MCSE, MCSA, and MCDBA and knows firsthand about configuring for a corporate (small, though) setting. In the company I just put a pair of Cisco Routers and configure the DMZ and the NATs and no malware gets in. It helps that we also deploy Symantec AVCE. This prevents infection from flashdisks.

Deploy LUA and install everything he needs beforehand. It works like a charm for my sister, who is a complete computer novice. She never asked me to install a single app for her.

Configure Remote Assistance and help him install apps just in case he needs, or get prepared he will ask you to clean virus (RA or other remote control is still needed in such case).

Nothing is extra secure if the user is an Administrator and all processes he launches run with such credential. You know it, MCSE, right?

And if you have used 3rd party firewalls, your experience should tell you if it is really _that_ useful. A big NO from my experience, and I personally have used a lot of freeware personal firewalls existed on the internet.

Quote
Im not backing up the idea of an outgoing firewall, but when people look at other well known firewalls and see they all have an outgoing firewall, Windows XP firewalls looks basic which is why it was criticized.

Firstly I would ask, why the malware gets executed in the first place?

And this gives a wrong sense of security. Users think that when the malware is blocked, the job completes. He does not know how to kill it, how to remove it, or even does not realize he needs to do so. So the malware stays in his PC and RAM, consuming resources, until a more technical friend of the victim kills it.

People criticize because they are clueless. Just like people say MP3 is bad because they are clueless. All they need is education.

My word is this: Don't give a chance for user to run unknown apps IN THE FIRST PLACE, not to block it after it is too late. My AntiVirus does not even need to pop up because of my such measure applied at home, though I use it as yet another layer of security, and no single malware detected in my home PC since it was built in late 2002 is a record I am proud of. That's what users need to learn.

Firewall for WinServer2003

Reply #13
I think it's very important to dissable unneeded services, there's a nice script out there that can do this, but it's for XP and 2k, so I dont' know if it's useful to you.
Sadly, there isn't everything in english, but at least the big part: http://www.ntsvcfg.de/ntsvcfg_eng.html

Firewall for WinServer2003

Reply #14
Quote from: William on
Deploy LUA and install everything he needs beforehand. It works like a charm for my sister, who is a complete computer novice. She never asked me to install a single app for her.

Configure Remote Assistance and help him install apps just in case he needs, or get prepared he will ask you to clean virus (RA or other remote control is still needed in such case).

Nothing is extra secure if the user is an Administrator and all processes he launches run with such credential. You know it, MCSE, right?
If only we have Internet Broadband connection widely available here. As it is, we have mostly the crappy 56-kbps-on-a-good-day dial-up connection. So, remote anything is a no-no.

He's into gadgets, and games, but only as a user. He'll gladly install anything even from the Internet (if it comes in the mail).

Since we are separating quite far apart, it is impractical for me to come to his place if not once a month - at best.

And Indonesia is the place where new viruses/trojans/whathaveyous are born by the week.

Quote from: William on
And if you have used 3rd party firewalls, your experience should tell you if it is really _that_ useful. A big NO from my experience, and I personally have used a lot of freeware personal firewalls existed on the internet.

I did find firewalls useful when I was the admin of a computer lab (i.e. the one which students are actually encouraged to whack on settings as local admins). I can analyze what's going on, e.g. attacks against the Win2000 Server, strange connections emanating from the Win2000 workstations, etc.

Firewall for WinServer2003

Reply #15
You have already made your decision. Go ahead and install a personal firewall. Just try both and choose the one you like more.