Quake3World

OK, I've had it with the windows firewall, it's just not making sense to me at all, can anyone recomment a decent firewall that is easily configurable for a server environment (web, ftp, file, etc) that is robust and preferably has decent logging capabilities.

Also on a side note, If I'm behind my routers firewall, and I have that configured properly (and my server PC isnt in a DMZ), do I need a software firewall at all? Is it generally a good idea to have one anyway, as a failsafe?

Any help appreciated

Cheers

if you keep your pc free of spyware, you have no need for a software firewall IF you're using a hardware one.

Bearing in mind I'm planning as setting up the mentioned PC as a server of sorts, and it's quite possible that I'd attract unwanted attention so to speak?

Also another thing, the server in question has 2 NICs, one which I try to use for internet traffic, and one for home-network traffic (file sharing, printing and the like), on my router I have all the relevant ports forwarded to the IP of the "internet traffic" NIC on the server. Are there any other concerns I should have regarding security and the possible compromisation of the server, as I'd like to keep downtime to an absolute minimum?

Edit: Another thought; on the scale of hardware firewalls, am I right in saying they only vary on scalability or configurability, not actual hard-line security right? So your average router firewall is up to the job of semi-pro webhosting?

Cheers

ilum0s wrote:Another thought; on the scale of hardware firewalls, am I right in saying they only vary on scalability or configurability, not actual hard-line security right? So your average router firewall is up to the job of semi-pro webhosting?Cheers

Security flaws are sometimes found in hardware firewalls as well but since the market is so segmented, they're rarely exploited (even the most popular models have a share of only a few percent). That's why firmware updates are issued from time to time.

BTW, run the server apps under a user account with no privileges.

be a good idea to make your ip address on the WAN side unpingable also.

Err, maby.. i flat out disable the thing, and run off of my router

AmIdYfReAk wrote:Err, maby.. i flat out disable the thing, and run off of my router

ditto

Kaziganthe wrote:Am I the only person who gets by fine with just the XP Firewall? Just wondering.

No, me too.

But recommending a decent firewall nooooooooooooo
zonealarm

ilum0s wrote:
Also another thing, the server in question has 2 NICs, one which I try to use for internet traffic, and one for home-network traffic (file sharing, printing and the like), on my router I have all the relevant ports forwarded to the IP of the "internet traffic" NIC on the server. Are there any other concerns I should have regarding security and the possible compromisation of the server, as I'd like to keep downtime to an absolute minimum?

Edit: Another thought; on the scale of hardware firewalls, am I right in saying they only vary on scalability or configurability, not actual hard-line security right? So your average router firewall is up to the job of semi-pro webhosting?

Cheers

To be quite honest the Windows firewall is a more than adequate second line of security since you already have a router in place. As for hosting, most routers which are a firewall rather than simply a NAT-based router will be up to the task. Which make and model do you have?

Kaziganthe wrote:Am I the only person who gets by fine with just the XP Firewall? Just wondering.

I use it as a second level of security on my home network with no complaints.

Actiontec Wireless-Ready DSL Gateway (connected to a 16 port router for the rest of the house)

It's been fine so far, got it a few years back and it does the job just fine. I used the XP firewall just because it was there, and why not, but recently it has been tempremental, although I'm not posotive its the root of my probs. I just wanted to know if there was a well-reputed firewall that's more configurable (and less dumbed down) as a second line of defence. Cheers for all the replies btw, I knew Q3W still had it!

Aha, I found the root of all my problems, a "frien" of mine hacked me a while back and changed the Remote Desktop port to that of something that was already forwarded on my router. Which is why I couldn't connect. Cheecky fucker that he is. Oh well, all resolved. Cheers for the reply