Firewall recommendation
in [Firewalls]
|
From: Med on 7 Feb 2006 07:10 Hi, I am in process of building 2 servers that will be hosted in a datacentre. The first one will be a IIS6 web server and the second SQL Server which I need to access via remote control/MMC console from the internet. Could someone suggest a good firewall or the configuration methodology. Thanks Med
From: Volker Birk on 7 Feb 2006 07:21 Med <nospam(a)nojunkmail.nowhere> wrote: > I am in process of building 2 servers that will be hosted in a datacentre. > The first one will be a IIS6 web server and the second SQL Server which I > need to access via remote control/MMC console from the internet. Could > someone suggest a good firewall or the configuration methodology. Please don't implement such systems without a security concept. If you feel unsure about how to design one, please consider ordering from a security consulting company. Yours, VB. -- > was ist wenn $BACKUPSERVER und $PRODUKTIVSERVER in einem Geb?ude, Stockwerk > oder Serverraum stehen und die L?schanlage (Fehlfunktion oder Brandfall) > die komplette IT zerst?rt Murphy meets Darwin. (Timm Thiemann zu Thomas Wildgruber in d.a.s.r)
From: Med on 7 Feb 2006 13:23 Hi, Thanks for the advise. Following the link http://www.netthreat.co.uk/core/ I can see restrictions on number of users (i.e X700 < 150). Does this include the users browsing the websites on my webserver or does it mean the admin/VPN connections to the firewall? Regards Med "Leythos" <void(a)nowhere.lan> wrote in message news:FE4Gf.122586$PY6.14807(a)tornado.ohiordc.rr.com... > In article <y60Gf.16207$wl.3260(a)text.news.blueyonder.co.uk>, > nospam(a)nojunkmail.nowhere says... >> Hi, >> >> I am in process of building 2 servers that will be hosted in a >> datacentre. >> The first one will be a IIS6 web server and the second SQL Server which I >> need to access via remote control/MMC console from the internet. Could >> someone suggest a good firewall or the configuration methodology. > > Only expose the web server via HTTP or HTTPS, when you want to manage > the servers, VPN into the firewall appliance and then set rules to allow > your VPN connection to access the servers as though you were on the LAN > with them. > > Any major vendors firewall will provide what you need, but I like > WatchGuard, starting at the X700 series and above. > > -- > > spam999free(a)rrohio.com > remove 999 in order to email me
From: Jerry Gardner on 7 Feb 2006 15:00 On Tue, 07 Feb 2006 12:10:06 GMT, Med wrote: > I am in process of building 2 servers that will be hosted in a datacentre. > The first one will be a IIS6 web server and the second SQL Server which I > need to access via remote control/MMC console from the internet. Could > someone suggest a good firewall or the configuration methodology. The Juniper Netscreen family is what I recommend. Before you expose your servers to the Internet, even behind a firewall, find, and read, as much material on hardening Windows servers as you can. You can make a Windows server just as secure as any other box, but you have to work harder at it because of the default configuration chosen by Microsoft.
From: Wayne on 7 Feb 2006 22:29 "Jerry Gardner" <jg2(a)gardnerclan.net> wrote in message news:slrnduhtu8.dvn.jg2(a)hermione.gardnerclan.net... > On Tue, 07 Feb 2006 12:10:06 GMT, Med wrote: >> I am in process of building 2 servers that will be hosted in a >> datacentre. >> The first one will be a IIS6 web server and the second SQL Server which I >> need to access via remote control/MMC console from the internet. Could >> someone suggest a good firewall or the configuration methodology. > > The Juniper Netscreen family is what I recommend. > > Before you expose your servers to the Internet, even behind a > firewall, find, and read, as much material on hardening Windows > servers as you can. You can make a Windows server just as secure as > any other box, but you have to work harder at it because of the > default configuration chosen by Microsoft. Not really work harder, work smarter. The Windows Server 2003 Security Guide has a template called "Bastion Host.inf" One simple operation applies it and you're pretty secure. http://www.nsa.gov even states: "The "High" security settings in Microsoft's "Windows Server 2003 Security Guide" track closely with the security level historically represented in the NSA guidelines" See http://www.nsa.gov/snac/downloads_win2003.cfm?MenuID=scg10.3.1.1 for the full text. Wayne McGlinn Brisbane, Oz
|
Next
|
Last
Pages: 1 2 Prev: One question about Outpost Pro in english language. URGENT. Next: Kerio and eMule, problems. |