Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: A few thoughts on firewalls and web servers |
|
Author |
|
Brian
Joined: 21 Oct 2005 Posts: 209 Location: Puyallup, WA USA
|
Posted: Mon 25 Sep '06 23:33 Post subject: |
|
|
Just a few thoughts on firewalls and web servers. I work in an environment, very corporate and quite an enterprise environment as well. All content is run through Web Marshall, a gateway / proxy appliance, and all servers are protected via hardware firewalls.
I do not believe in the use of software firewalls for anything beyond a home computer, and even then it is mostly a "feel good" purpose. The truth is that a software firewall can be defeated, but generally by means of a user on that machine in some way allowing the execution of code that quietly circumvents or defeats the software firewall. I have personally witnessed this taking place, but only with some level of interaction by a person on that machine logged in as an adminstrator.
On the other hand, if you filter the content, as you desire inbound and outbound by a high quality security appliance, you will be well served. For example, I use a router / firewall by ZyXel. Of course there are many good brands and models out there, this was my choice because of the very high quality that they are tested to. This allows me to set up rules for WAN to LAN, LAN to LAN, and LAN to WAN. This is powerful because you have far more control over the type of traffic you allow into your network, even when you allow it.
I do NOT run any software firewalls on any server I manage, I am strongly opposed to them. Another thought is that if you turn off every single service that is not needed, including NetBIOS, file and printer sharing, indexing services, and the plethora of other Windows services that are not needed, you potentially increase your security and likely server performance to at least some measurable degree.
In theory, you should not need a firewall at all, if there isn't anything listening on a given port, then there is no threat that can get through on that port. But if you are like me and you have a server connected through a network to other machines, then you will want the protection of a perimeter firewall, and maybe more. |
|
Back to top |
|
roberts
Joined: 06 Mar 2007 Posts: 2
|
Posted: Tue 06 Mar '07 17:59 Post subject: |
|
|
hi,
very useful, software firewalls is slow, can not be believed.
all web site servers need be protected via hardware firewalls.
Thanks.
------------------------------
software reviews |
|
Back to top |
|
PipoDeClown
Joined: 20 Dec 2005 Posts: 77
|
Posted: Wed 14 Mar '07 10:00 Post subject: |
|
|
Software in "hardware firewalls" is called firmware.
Its all software. But its on a _seperated_ device.
So there could be a bug in that software that allow leaking data from wan to lan bypassing the filter.
I'am using a _sepereted_ computer running a "software" firewall sitting between my modem and internal lan. It manages traffic wan-lan-wlan-dmz...
You _need_ a firewall at least to keep your lan-traffic clean from outside noise. In small (home)networks just one integrated modem/router/firewall will suffice most of the time.
Just my 0,02€ |
|
Back to top |
|
|
|
|
|
|