|
Home > Archive > IIS Server Security > March 2004 > Firewalls & IIS 5
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Paul Grant 2004-03-25, 2:35 pm |
| I am setting up a simple single ftp and website on my DSL-
connected (static IP) W2K Workstation Pro using IIS 5. I
will have all service packs and security hotfixes
installed and will use Windows Update to dynamically
install any new critical updates as they appear. I intend
to follow the security practices outlined for installing
IIS 5 contained in the pertinent MS KB docs.
My question is: "Do I really need, in addition, a firewall
of the PC desktop type available from Symantec, BlackIce,
and a number of other vendors?"
Researching this issue on firewall vendor websites isn't
much help. In fact, Symantec states outright that they
will not technically support their desktop firewall on a
system running IIS 5.
Any and all advice would be appreciated.
-Paul Grant
| |
| Jeff Cochran 2004-03-25, 4:51 pm |
| On Thu, 25 Mar 2004 10:56:04 -0800, "Paul Grant"
<pmpgrant@pacbell.net> wrote:
>I am setting up a simple single ftp and website on my DSL-
>connected (static IP) W2K Workstation Pro using IIS 5. I
>will have all service packs and security hotfixes
>installed and will use Windows Update to dynamically
>install any new critical updates as they appear. I intend
>to follow the security practices outlined for installing
>IIS 5 contained in the pertinent MS KB docs.
Good plan.
>My question is: "Do I really need, in addition, a firewall
>of the PC desktop type available from Symantec, BlackIce,
>and a number of other vendors?"
Yes. Though a desktop firewall is a poorer choice than a stand-alone
firewall, you should still have one.
>Researching this issue on firewall vendor websites isn't
>much help. In fact, Symantec states outright that they
>will not technically support their desktop firewall on a
>system running IIS 5.
Because Symantec's products routinely break anything they touch,
especailly web servers. 
>Any and all advice would be appreciated.
Kerio works fine, as do other free or low cost ones. XP and Server
2003 have a built-in firewall capability but in W2K you have to add
one. Might also consider an inexpensive broadband router such as a
Linksys that has firewall capabilities in it.
Jeff
| |
|
| |
| Any and all advice would be appreciated.
|
| -Paul Grant
|
Personally, I feel the protection need is still there. On my WinXP and WIn2000 machines with IIS, I use Linksys router/firewall, and ZoneAlarm Pro.
ZoneAlarm will tell you about outgoing request also, so you can spot any Trojans calling home. Zonealarm has a home free version.
-rwg
This is what I think, not necessarily what is accurate!
--------------------
| Content-Class: urn:content-classes:message
| From: "Paul Grant" <pmpgrant@pacbell.net>
| Sender: "Paul Grant" <pmpgrant@pacbell.net>
| Subject: Firewalls & IIS 5
| Date: Thu, 25 Mar 2004 10:56:04 -0800
| Lines: 20
| Message-ID: <13bc001c4129a$d2ac0950$a101280a@phx.gbl>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Thread-Index: AcQSmtKseExU9/O0S5qoh0QF4HcC2Q==
| Newsgroups: microsoft.public.inetserver.iis.security
| Path: cpmsftngxa06.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.inetserver.iis.security:10604
| NNTP-Posting-Host: tk2msftngxa09.phx.gbl 10.40.1.161
| X-Tomcat-NG: microsoft.public.inetserver.iis.security
|
| I am setting up a simple single ftp and website on my DSL-
| connected (static IP) W2K Workstation Pro using IIS 5. I
| will have all service packs and security hotfixes
| installed and will use Windows Update to dynamically
| install any new critical updates as they appear. I intend
| to follow the security practices outlined for installing
| IIS 5 contained in the pertinent MS KB docs.
|
| My question is: "Do I really need, in addition, a firewall
| of the PC desktop type available from Symantec, BlackIce,
| and a number of other vendors?"
|
| Researching this issue on firewall vendor websites isn't
| much help. In fact, Symantec states outright that they
| will not technically support their desktop firewall on a
| system running IIS 5.
|
| Any and all advice would be appreciated.
|
| -Paul Grant
|
|
|
|
|
|