firewall settings

Your questions suggest, you seek someone who can answer the questions and pay him. Make sure he is around, when he can't fulfill his promises.

Cheers, Jens

Operating System? Do you have a network segment of your own or just that one server?

RDP or VNC? Having both is pointless.

Do you need anonymous FTP? If not: SSH or WebDAV are a lot less painful when it comes to traversing firewalls.

Which services do you want that server to provide? Who will access them? From where?

What kind of firewall setup? Host-based? Separate device on the boundary of your network segment? Who will be maintaining the firewall? From where?

Why is port 80 obvious? The default ports for RDP and VNC are 3389/tcp and 5901/tcp respectively. As for FTP: it depends on whether you use active or passive mode. And as said before: you may want to use something less painful instead.

Why would you want to filter outgoing traffic in the first place? What threats do you see that would require this?

Please provide more information.

cu

In my opinion, a firewall is a necessity when working with an 'open' portal. A firewall can deny access to anyone who doesn't meet a certain criteria.

I've been in windows environment, where everything, EVERYTHING went thru port 80 and that was the only port open. We used ISA Server to publish services thru the web browser, which may be how sharepoint works, that I'm not sure about. In that scenario, the firewall forwards ONLY port 80 requests. And based on the services it is using, a rule is handling what it does and where it goes. Ideally a hardware firewall at the perimeter is set to listen for services asking to be forwarded to your portal. They are then passed along to the ISA Server, which takes over from there and points each connection to the (hopefully) correct server.

This wasn't out of a book, it was from memory, which may be full of holes, left and right.... Which one, my memory or my statement?

Yep....

RedForeman

Hi, the Os is Win server 2003, database is SQLserver2005 - We are using VNC cause we only 2 concurrent users for RDP. What do you mean when you ask if we need anonymous FTP? can you suggest any SSH or WebDAV solutions - what's the pros and cons? The services we provide are for all users on the www - we don't restrict anyone. you can compare our service with myspace (minus all the multimedia) I am not sure what sort of firewall setup we need as long as its good and it protects our server. We only have the server, there is not any network attached to it. What do you mean with active or passive mode for ftp?

we don't have any wish to scan or filter outgoing services, I was just in doubt about whether we needed to open the DNS port!

when users interact they receive an email sent from the server. we don't have any incoming emails to the server. I hope this provides you with better information in order to give me better feedback.

thanks a lot.

regards

Bobby

Do you need the database to be accessible from the outside?

Two concurrent users is sufficient for the administration of the server. Why do you need more?

Do you need anyone to be able to access the FTP server or just selected users. In case of the latter I'd suggest to switch to SSH or WebDAV.

IIS supports WebDAV, for SSH I'd suggest Cygwin's OpenSSH daemon. SSH is encrypted by default, for encrypted WebDAV you need SSL.

In that case enabling the Windows Firewall on your server should suffice. Enable (only!) the exceptions you need for inbound traffic (e.g. the ports for HTTP(s), RDP, SSH, ...). For ICMP allow inbound echo request and outbound destination unreachable, source quench, parameter problem and time exceeded.

FTP knows two modes: active and passive, which differ in how the data channel is established. Use your preferred search engine for details.

Unless you want to run a DNS server you don't.

cu