Linux Firewall and Windows server security

[TSMJ]

Hi
I have a smoothwall firewall and a Win 2k server webserver sitting in the Green Zone (as the DMZ will not work at all) with TCP ports 80, 21 and 20000 forwarded to it. I also have a hardware router with a built in firewall which plugs straight into the smoothwall box.

How worried about security should I be regarding the Win2k webserver in terms of disabling services and removing the default shares etc.? I need to be able to access the drives from the LAN side to update my website and when I disable IPC$ this will stop working - need I bother? What should I do to the webserver security wise, if anything at all?

Cheers

 

[pansophic]

Security functions best when applied in layers. You should harden any internet facing computer to the best of your ability, regardless of any other protections that you may have applied, like a firewall and port filtering router.

In your case, if you actually MUST have the IPC$ share available, then you must. But you probably want to implement some form of logging (like an IDS) to detect any attempts to access that port that come through your firewall.

By not using the Orange zone on your smoothwall, you have essentially made your green zone orange. Read up on Snort. I believe that you can implement your own filters on the smoothwall.

Also, look into potentially modifying Squid (the web proxy) so that it is proxying your web connections into your server. You can eliminate some of the buffer overflow and XSS attacks by using a proxy for web servers.


pansophic