Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Do I have a firewall?
- Thread starter drazeni
- Start date
non of the windows default installations have a firewall installed.. worse still, u can't get any type of firewall or packet filter on the windows CDs... if u need some kind of protection, u may want to look at getting ZoneLab's ZoneAlarm... u may have heard of it..
securing windows is a problem.. but here are a few things u can do...
u will need to disable all the services u think u don't need.. trust me, there are many, but that depends on what u intend to with ya machine... for instance, if ya server is going to run some kind of database, u don't need to have DHCP server enabled.. or IPSec for that matter.. aside from taking up resources, u risk having unnecessary ports open...
then, disable NetBIOS servers.. unfortunately, i am yet to find a way one can communicate with other windows machines using anything other than NetBIOS... however, ZoneAlarm can help u solve this.. it will, by default, disable NetBIOS attacks/connections to your machine....
good luck
securing windows is a problem.. but here are a few things u can do...
u will need to disable all the services u think u don't need.. trust me, there are many, but that depends on what u intend to with ya machine... for instance, if ya server is going to run some kind of database, u don't need to have DHCP server enabled.. or IPSec for that matter.. aside from taking up resources, u risk having unnecessary ports open...
then, disable NetBIOS servers.. unfortunately, i am yet to find a way one can communicate with other windows machines using anything other than NetBIOS... however, ZoneAlarm can help u solve this.. it will, by default, disable NetBIOS attacks/connections to your machine....
good luck
as a matter of fact, you can use IPSec filters... it has nothing to do with IPSec VPNs but you can use it to define what kind of traffic is allowed to and from your server... ---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !
have a look at this link :
---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !
---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !
- Thread starter
- #6
Hi all,
Can I 'extend' the question in this thread please? I have a W2k LAN already, with a Domain Controller and Active Directory functioning. There's a DSL router in place (Netgear RT314) and eithr ZoneAlarm Pro or Tiny Personal Firewall at each of the 6 machines in the LAN (The DC has ZoneAlarm).
However, I'm always having to leave the firewalls down when the machines authenticate into the D.C., and bring them back up aftwards. So, there's probably a setting or protocol or two that I've misconfigured.
If anyone has used these (admittedly client oriented) firewals on W2K Domain Controllers, and can share some settings for success, I would appreciate it.
Thanks!
Steve
Can I 'extend' the question in this thread please? I have a W2k LAN already, with a Domain Controller and Active Directory functioning. There's a DSL router in place (Netgear RT314) and eithr ZoneAlarm Pro or Tiny Personal Firewall at each of the 6 machines in the LAN (The DC has ZoneAlarm).
However, I'm always having to leave the firewalls down when the machines authenticate into the D.C., and bring them back up aftwards. So, there's probably a setting or protocol or two that I've misconfigured.
If anyone has used these (admittedly client oriented) firewals on W2K Domain Controllers, and can share some settings for success, I would appreciate it.
Thanks!
Steve
Steve,
How does the company get on the Net? If everyone goes through the DC then you don't need firewalls on the clients, only the DC (point of entry). If individually, centralise it through the DC for economies of scale reasons.
Either way, it removes the need for a firewall on the client and removes the problem (which is caused by the authentication being unable to pass through the firewall as it is blocked by the firewall software).
How does the company get on the Net? If everyone goes through the DC then you don't need firewalls on the clients, only the DC (point of entry). If individually, centralise it through the DC for economies of scale reasons.
Either way, it removes the need for a firewall on the client and removes the problem (which is caused by the authentication being unable to pass through the firewall as it is blocked by the firewall software).
Your netgear router comes witha basic NAT and firewall. just use that.
here is a link to support at netgear
here is a link to support at netgear
Hi all,
Thanks for the replies. I realize that I need to expand the details a little bit...
I have one server that hosts an application for which I provide technical support. As such, I have a couple of open ports to which incoming packets are routed, and thus I am 'exposed'. I would use the router's packet filtering, but the source packets originate from a couple of different subnets. depending upon where I am working. Thus, the software firewalls.
Admittedly, if I eliminate working from anywhere but my main location, which has NAT and thus provides one basic address to the 'cloud', then I could use the router's basic packet filters to block all but that on the open port/service.
Think that this is the best way to go?
Regards,
Steve
Thanks for the replies. I realize that I need to expand the details a little bit...
I have one server that hosts an application for which I provide technical support. As such, I have a couple of open ports to which incoming packets are routed, and thus I am 'exposed'. I would use the router's packet filtering, but the source packets originate from a couple of different subnets. depending upon where I am working. Thus, the software firewalls.
Admittedly, if I eliminate working from anywhere but my main location, which has NAT and thus provides one basic address to the 'cloud', then I could use the router's basic packet filters to block all but that on the open port/service.
Think that this is the best way to go?
Regards,
Steve
- Status
Similar threads
- Locked
- Question
- Locked
- Question
