| Author |
Message |
zn
Guest
|
 Posted:
Sat Jan 15, 2005 12:29 am Post subject:
NT 4 server firewall? |
|
|
Who makes software firewalls for Windows NT 4 Server? We are running an
Oracle database on it and want to give it further security. Are there any
quality freeware server firewall products for NT 4?
Thanks. |
|
| Back to top |
|
 |
Leythos
Guest
|
| Posted:
Sat Jan 15, 2005 12:59 am Post subject:
Re: NT 4 server firewall? |
|
|
In article <Xns95DE93748F63znzn122eduinvalid@216.196.97.131>,
zn@zn122.edu.invalid says...
| Quote: | Who makes software firewalls for Windows NT 4 Server? We are running an
Oracle database on it and want to give it further security. Are there any
quality freeware server firewall products for NT 4?
|
What are you wanting to protect it from?
If you want more control over ports - just install a NAT box and only
forward the ports you need. If you want better, get a firewall, in
bridge mode you won't have to change any IP settings and you can filter
anything you want. I would never run a firewall application on the same
server I wanted to protect.
--
--
spamfree999@rrohio.com
(Remove 999 to reply to me) |
|
| Back to top |
|
|
zn
Guest
|
| Posted:
Sat Jan 15, 2005 2:21 am Post subject:
Re: NT 4 server firewall? |
|
|
Leythos <void@nowhere.lan> wrote in
news:MPG.1c51ef8370547b4989f18@news-server.columbus.rr.com:
| Quote: | In article <Xns95DE93748F63znzn122eduinvalid@216.196.97.131>,
zn@zn122.edu.invalid says...
Who makes software firewalls for Windows NT 4 Server? We are running
an Oracle database on it and want to give it further security. Are
there any quality freeware server firewall products for NT 4?
What are you wanting to protect it from?
If you want more control over ports - just install a NAT box and only
forward the ports you need. If you want better, get a firewall, in
bridge mode you won't have to change any IP settings and you can
filter anything you want. I would never run a firewall application on
the same server I wanted to protect.
|
We are at a large institution. Switch security is in place but we want to
protect ourselves from having to rely on the network administrator's word
that security is in place. This is becoming more of an issue now that
Microsoft has discontinued security patches for NT and we haven't upgraded
yet. |
|
| Back to top |
|
|
By-Proxy
Guest
|
| Posted:
Sat Jan 15, 2005 3:22 am Post subject:
Re: NT 4 server firewall? |
|
|
zn <zn@zn122.edu.invalid> wrote in
news:Xns95DEA66FE722Cznzn122eduinvalid@216.196.97.131:
| Quote: | Leythos <void@nowhere.lan> wrote in
news:MPG.1c51ef8370547b4989f18@news-server.columbus.rr.com:
In article <Xns95DE93748F63znzn122eduinvalid@216.196.97.131>,
zn@zn122.edu.invalid says...
Who makes software firewalls for Windows NT 4 Server? We are running
an Oracle database on it and want to give it further security. Are
there any quality freeware server firewall products for NT 4?
What are you wanting to protect it from?
If you want more control over ports - just install a NAT box and only
forward the ports you need. If you want better, get a firewall, in
bridge mode you won't have to change any IP settings and you can
filter anything you want. I would never run a firewall application on
the same server I wanted to protect.
We are at a large institution. Switch security is in place but we want
to protect ourselves from having to rely on the network
administrator's word that security is in place. This is becoming more
of an issue now that Microsoft has discontinued security patches for
NT and we haven't upgraded yet.
|
Twofold issues here.
1/ NT4? I think its time to upgrade. If the system contains information
worth protecting then upgrade your system....
2/ If you dont trust the Admin enough to take his word at how secure the
system is then hire an Admin that you do trust. As an admin myself I have
null respect for any company that will not trust me. I also do not
enlighten Directors or Managers to just how secure something is or is not
as from my 25 yrs experiance in the field 9 times out of 10 these are the
very people I need to protect data from for the greater good of the
company. Many times a Manager or high rank with little or no knowlage has
stuffed something up becouse they think that they are above the systems.
Trust your admin, also seek an indipendant security company to "Audit"
your security and advise your Admin Guy of the results in an open forum
round table meeting.(not a witch hunt). NT4 is dead move on... NT4 also
has some very major security issues in itself that no firewall will save
you from......... |
|
| Back to top |
|
|
kris
Guest
|
| Posted:
Sat Jan 15, 2005 5:44 am Post subject:
Re: NT 4 server firewall? |
|
|
It may not be a good idea to put a firewall on NT server. See if the
built-in TCP port filter works for you. But if you want to try, there
is a free firewall, safety.net in download.com that works on NT. I am
not really sure if the server license is free. Safety.Net is an
intermediate driver based fw on NT and NT does not support stacking of
more than one driver. If you are using any RRAS (wan-arp) or VPN
(IP-SEC based as opposed to SSL) on the server, it may not be
compatible.
It is generally not recommended to install any system level drivers on
NT as the recovery is hard if there are any crashes.
-krisp |
|
| Back to top |
|
|
Wolfgang Kueter
Guest
|
| Posted:
Sat Jan 15, 2005 5:44 am Post subject:
Re: NT 4 server firewall? |
|
|
zn wrote:
| Quote: | Who makes software firewalls for Windows NT 4 Server?
|
The availiable products will not protect you.
| Quote: | We are running an
Oracle database on it and want to give it further security.
|
Software firewalls do not give security.
| Quote: | Are there any
quality freeware server firewall products for NT 4?
|
No. Lock down the box and use safe implementations of the service(s) the box
is running. Done.
Wolfgang |
|
| Back to top |
|
|
zn
Guest
|
| Posted:
Sat Jan 15, 2005 6:25 am Post subject:
Re: NT 4 server firewall? |
|
|
"kris" <blore_sec@yahoo.co.in> wrote in news:1105749854.930553.200990
@f14g2000cwb.googlegroups.com:
| Quote: | It may not be a good idea to put a firewall on NT server. See if the
built-in TCP port filter works for you. But if you want to try, there
|
This will sound silly ... I wasn't aware of the TCP port filter. Where is
is located on the system? |
|
| Back to top |
|
|
zn
Guest
|
| Posted:
Sat Jan 15, 2005 6:28 am Post subject:
Re: NT 4 server firewall? |
|
|
Wolfgang Kueter <wolfgang@shconnect.de> wrote in
news:cs9p1f$pjr$1@news.shlink.de:
| Quote: | zn wrote:
Who makes software firewalls for Windows NT 4 Server?
The availiable products will not protect you.
We are running an
Oracle database on it and want to give it further security.
Software firewalls do not give security.
Are there any
quality freeware server firewall products for NT 4?
No. Lock down the box and use safe implementations of the service(s)
the box is running. Done.
Wolfgang
|
This isn't a home network that we're talking about. There is an institution
with a hardware firewall, routers, and switches between the Internet and
this server. I'm looking for a software firewall as just another way to
protect the server and protect against network security misconfigurations
and internal threats. |
|
| Back to top |
|
|
Triffid
Guest
|
| Posted:
Sat Jan 15, 2005 6:44 am Post subject:
Re: NT 4 server firewall? |
|
|
kris wrote:
| Quote: | It is generally not recommended to install any system level drivers on
NT as the recovery is hard if there are any crashes.
|
Hard, or impossible?
I recently worked on an NT4 SP6a system with a dead NIC and Nortel VPN
client installed.
I was unable to source an identical replacement NIC. Googling told me I
should uninstall the VPN client before attempting to change the NIC, so
I did - and all services, protocols, and bindings disappeared from the
Network control panel applet. NT then refused to install any service or
protocol since they were already installed (but invisible, so could not
be updated either).
I tried several recipes which claimed to clean networking out of the
registry, and one them actually got me to "Windows NT networking is not
installed, would you like to install it now?" - but the installation
failed horribly.
I gave up and got it working by restoring the original system partition,
then using ERD Commander to install the new NIC driver under the old
file name.
The owner wisely decided not to leave the system in that state, and has
since upgraded to XP Pro SP2. |
|
| Back to top |
|
|
kris
Guest
|
| Posted:
Sat Jan 15, 2005 6:56 am Post subject:
Re: NT 4 server firewall? |
|
|
Contol Panel, Protocols, TCP/IP properties, Enable security Advanced,
TCP/IP Security Dialog. Set ports.
-krisp |
|
| Back to top |
|
|
Al Dykes
Guest
|
| Posted:
Sat Jan 15, 2005 6:59 am Post subject:
Re: NT 4 server firewall? |
|
|
In article <Xns95DE93748F63znzn122eduinvalid@216.196.97.131>,
zn <zn@zn122.edu.invalid> wrote:
| Quote: | Who makes software firewalls for Windows NT 4 Server? We are running an
Oracle database on it and want to give it further security. Are there any
quality freeware server firewall products for NT 4?
Thanks.
|
Turn off all the services you don't need on it. Stop file and priint
sharing. You could get a cheapo linksys box and just trun on the
ports you need.
Since MS is (or has already) stoped issuing patches there's a limit to how
safe you can make this puppy, by itself.
If you _really_ need security and for some reason can't upgrade from
NT4, you can run it under VMware or MS Virtual Machine on a modern OS,
which can run a firewall.
--
a d y k e s @ p a n i x . c o m
Don't blame me. I voted for Gore. |
|
| Back to top |
|
|
Lars M. Hansen
Guest
|
| Posted:
Sat Jan 15, 2005 7:43 am Post subject:
Re: NT 4 server firewall? |
|
|
On Fri, 14 Jan 2005 19:28:23 -0600, zn spoketh
| Quote: |
This isn't a home network that we're talking about. There is an institution
with a hardware firewall, routers, and switches between the Internet and
this server. I'm looking for a software firewall as just another way to
protect the server and protect against network security misconfigurations
and internal threats.
|
Yes, and Wolfgang's answer still applies.
* Disable the services that are not necessary to the operation of the
server to reduce avenues of attack.
* Restrict access to the server on existing routers/firewalls.
You cannot attack what isn't there.
You cannot hide what needs to be visible.
Don't try to fix what isn't broken.
There are no software you can put on a SQL server that will protected it
more than it already should be by employing the "best practices"
available for securing said server.
There's nothing worse than upper management second-guessing the security
measures put in place by competent administrators. If you really don't
trust the administrator, then have someone come in to audit the server
and the firewall/routers.
Just because your senior management read an interesting article in some
magazine about "software firewalls" in some know-it-all business
magazine doesn't mean that it'll do anything for you...
Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address) |
|
| Back to top |
|
|
zn
Guest
|
| Posted:
Sat Jan 15, 2005 7:58 am Post subject:
Re: NT 4 server firewall? |
|
|
Lars M. Hansen <badnews@hansenonline.net> wrote in
news:i80hu0dl8iekorufpjvei44sd1ncepm13d@4ax.com:
| Quote: | On Fri, 14 Jan 2005 19:28:23 -0600, zn spoketh
This isn't a home network that we're talking about. There is an
institution with a hardware firewall, routers, and switches between
the Internet and this server. I'm looking for a software firewall as
just another way to protect the server and protect against network
security misconfigurations and internal threats.
Yes, and Wolfgang's answer still applies.
* Disable the services that are not necessary to the operation of the
server to reduce avenues of attack.
* Restrict access to the server on existing routers/firewalls.
You cannot attack what isn't there.
You cannot hide what needs to be visible.
Don't try to fix what isn't broken.
|
And what happens when another Microsoft worm breaks out and starts
exploiting some bug in the OS. How many times has that happened during
the last several years? There is always a window where the virus is
breaking out but new definitions either haven't been prepared or haven't
made it to the clients yet. A software firewall would help protect
against this.
| Quote: | There are no software you can put on a SQL server that will protected
it more than it already should be by employing the "best practices"
available for securing said server.
There's nothing worse than upper management second-guessing the
security measures put in place by competent administrators. If you
really don't trust the administrator, then have someone come in to
audit the server and the firewall/routers.
|
You guys have an inferiority complex. Just because you are competent sure
doesn't mean that every network administrator is.
Have you ever dealt with large campus, multiprotocol networking hardware?
Problems happen -- ports get left open accidentally, firmware may not get
updated quickly, leaving potential exploits.
| Quote: | Just because your senior management read an interesting article in
some magazine about "software firewalls" in some know-it-all business
magazine doesn't mean that it'll do anything for you...
|
That's just a silly comment. There is no problem running packet filtering
software on Unix and it's very commonplace. All that I asked about was
software for doing the same on Windows. Software firewalls are just
another level of security. |
|
| Back to top |
|
|
Bas Keur
Guest
|
| Posted:
Sat Jan 15, 2005 8:09 am Post subject:
Re: NT 4 server firewall? |
|
|
| Quote: | Software firewalls do not give security.
|
Oh really ?
Ever seen a CP-FW1 running on Trusted solaris ?
But i guess you are talking about appliances here ?
(Little secret, these things run software as well)
| Quote: | Are there any
quality freeware server firewall products for NT 4?
|
NT4 is known for it's WEAK design.
You can add an iron fence in a wooden house, it simply doesn't add
security. Changes are, it breaks down even more.
I suggest you run a `bridged` server next to your NT4 (transparent firewall)
Layer 2 [OpenBSD PF/Iptables]
Layer 7 [Pix/FW1/Symantec SGS/Raptor]
(www.OpenBSD.org is easy to manage and known for it's tight security record)
Please note tha NT4 is END OF LIFE. Excpect no more updates for it.
If you ain't bount to 4 (by the oracly licence?) upgrade.
| Quote: | No. Lock down the box and use safe implementations
of the service(s) the box is running. Done.
|
Now what if someone decides to SYN-ACK your server from a
simple 256kb line ? Those out of bound packets will bring NT4 to it's knees.
-Bas |
|
| Back to top |
|
|
Leythos
Guest
|
| Posted:
Sat Jan 15, 2005 9:16 am Post subject:
Re: NT 4 server firewall? |
|
|
In article <i80hu0dl8iekorufpjvei44sd1ncepm13d@4ax.com>,
badnews@hansenonline.net says...
| Quote: | There's nothing worse than upper management second-guessing the security
measures put in place by competent administrators. If you really don't
trust the administrator, then have someone come in to audit the server
and the firewall/routers.
Just because your senior management read an interesting article in some
magazine about "software firewalls" in some know-it-all business
magazine doesn't mean that it'll do anything for you...
|
God, I hate when that happens. We had a CIO that insisted that IPSec
between offices was not secure over a dedicated T1. The he CIO that
insisted that no one should be aloud to run Active-X, not even the
development department. Or the CIO that decided that no one was to have
local admin - including the development teams. Then the CIO that thought
it would be good to open 1433/1434 to all interfaces so that remote
offices could access the Timesheet database through the firewall because
the firewall was designed to block unwanted connections.....
--
--
spamfree999@rrohio.com
(Remove 999 to reply to me) |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in