Avira's firewall

I wouldn't recommend a software based firewall on a server! Go out and buy a hardware device like from WatchGuard, Fortinet, Juniper etc...

^ This.

On a personal computer, however, Avira is... alright. Just be prepared for some issues if you have programs that you'd like to give routine permissions to, or opening ports.

I'd personally recommend Sygate except that they got absorbed into the Symantec oozeball.

Hi Gufus,

as far as i know Avira Premium Security Suite ist not for Servers. If you try to install you should be notified that Microsoft Server ist not supported. I think default Firewall from Microsoft should do it for us all.

On 08/04/10 21:50, schtebo wrote: [ Snip ]

Ktchk- are you insane?

No, just Microsoftcentric. A common disease these days.

This coming from someone who recommended Sygate, of all things. A firewall with well-known critical design flaws, like running an interactive service with SYSTEM privileges.

The Windows Firewall is perfectly fine for blocking inbound connections. Outbound connections can't be controlled reliably anyway, not to mention that once they happen, the system already has been compromised.

cu

Honestly did not know that. Anything else you can point out about it, then? And where I can verify that?

i have heard that recommendation many times and do not dispute it, but assuming that the s/w firewall comes up first during boot up, WHY would you insist on not having a s/w firewall on a server?

Hello, Jon!

You wrote on Thu, 8 Apr 2010 13:16:07 +0000 (UTC):

Unworthily... I guess. :-)

Hello, Benji!

You wrote on Thu, 08 Apr 2010 05:01:44 GMT:

| for some issues if you have programs that you'd like to give routine | permissions to, or opening ports.

I do.

| I'd personally recommend Sygate except that they got absorbed into the | Symantec oozeball.

I /don't/ do Symantec.

Hello, Jimmy!

You wrote on Thu, 08 Apr 2010 04:31:14 GMT:

| I wouldn't recommend a software based firewall on a server! Go out and | buy a hardware device like from WatchGuard, Fortinet, Juniper etc... |

'k

Hello, Rick!

You wrote on Thu, 08 Apr 2010 14:07:41 -0400:

| | i have heard that recommendation many times and do not dispute it, but | assuming that the s/w firewall comes up first during boot up, WHY would | you insist on not having a s/w firewall on a server? | Good question.

Hello, Ansgar!

You wrote on 8 Apr 2010 13:27:41 GMT:

| | The Windows Firewall is perfectly fine for blocking inbound connections. | Outbound connections can't be controlled reliably anyway, not to mention | that once they happen, the system already has been compromised. | Duly noted.

Get some window of the software in question (configuration, notifi- cation, whatever). Use a tool like Spy++ to identify the process that window belongs to. Check the process list to find the process and its owner (the account it's been started under). This should never be SYSTEM (or any other privileged account).

For a better understanding of the underlying problem check these links:

Actually, no. It's a rather stupid question. A good question would be: why would anyone in his right mind insist on HAVING a sofware firewall on a server?

Open ports on a server need to be open, because otherwise the server would be unable to provide its services (which would render it rather futile). You cannot block access to ports that need to be accessible.

cu

I would say that part of the problem is the "insistence" of having (or not) a software firewall, with no possibility of the other.

I will argue that a software firewall is just another form of security. (I'm not going to debate how good of a form of security it may or may not be.) Like most good over all security systems, security is provided in layers of multiple smaller forms of security. With this in mind, the software firewall on a server (or any thing for that matter) is another layer of security. Thus if the server has the resources to run the software firewall and it is not a detriment to the function of the system, then it's probably ok to have it there. If the server does not have the resources to run the software firewall or if it is a detriment to the function of the system, then don't run the firewall unless you really need to. In short, it is situational dependent.

There are some advantages to running a firewall even on ports that you need to have open. Some services don't have any ability to filter what IP addresses are allowed to talk to them. Or there are some cases where it is appropriate to centrally manage a firewall across multiple systems rather than having to manage each service on every system.

I think it really comes down to where does a software firewall fall in your over all security scheme. If you feel your organization can benefit from it, then use one. If you feel a software firewall is not appropriate for your organization, then don't use one.

I personally view software firewalls as an additional line of defense to protect against outbreaks behind the edge hardware firewalls.

Grant. . . .

Hello, Grant!

You wrote on Sun, 11 Apr 2010 12:51:03 -0500:

| I think it really comes down to where does a software firewall fall in | your over all security scheme. If you feel your organization can | benefit from it, then use one. If you feel a software firewall is not | appropriate for your organization, then don't use one. | | I personally view software firewalls as an additional line of defense to | protect against outbreaks behind the edge hardware firewalls. | Excellent policy IMHO |

Hello, Ansgar!

You wrote on 11 Apr 2010 12:46:15 GMT:

FL> >> i have heard that recommendation many times and do not dispute it, FL> >> but assuming that the s/w firewall comes up first during boot up, FL> >> WHY would you insist on not having a s/w firewall on a server? FL>>

FL>> Good question. | | Actually, no. It's a rather stupid question.

Hu.. :(

Hello, schtebo!

You wrote on Thu, 8 Apr 2010 04:50:02 -0700 (PDT):

| I think default Firewall from Microsoft should do it for us all.

Taking notes...