I am setting up a Win. 2000 Server and want to know what the best Firewall software is?

Actually, I am getting 5 static IP's and could run them all through one machine which I guess wouldnt have to be Windows based and I could use this machine as the firewall for all the servers. Any suggestions on the most reliable method of setting this up and the recommended Firewall software for WebHosts?

Thanks

Teach yourself "IPSec" its a feature built into windows 2000 to secure the machine and the ports on the machine, its actually quite an extensive product and very worthwhile learning.

IPsec is not a firewall. IPsec provides per-packet authenticity/confidentiality between peers communicate using IPsec protocols. This is not the same as a firewall. IPsec will not necessarilly block any ports but run authentication routines on all packets. This is not necessary if you want to simply block all traffic to certain ports.

To install a firewall, you should decided upon your network topology. Are there several machines that need to be protected? or just one?. If you have several machines, a older machine with linux and IPtables (IPchains) can provide you with a good firewall. If you are protecting a single machine and want something simple, you may want to consider using Tiny Personal Firewall, Zone Alarm, BlackICE Defender or others. Note these are very simply firewalls but are also relatively inexpensive.

You should look at:
http://www.linuxsecurity.com/
in the firewall section for more info.

One or two servers is all I'm going to be running. Thanks for the help. Also, I have been told I can run several sites with one static IP using IP forwarding and a router. I am using a router to share my DSL connection. What I don't understand is since I only have one IP address from my ISP (my WAN IP) and this is the address anyone must type to get to my router, then the router takes this IP and forwards it to the address(es) I have set up for forwarding. So every request to this IP is forwarded by the router to my server. My question is, since I only have one IP (my WAN) to access the router, how can I host multiple sites with this one IP since there is only one IP. How can the router know to send some people to different addresses (sites) on my LAN with the same WAN address for all the sites?

Virtual hosting allows multiple sites per IP address. Of course, you have to register your address with a registrar and have your DNS setup to point to the single IP address. Browsers send extra header information which the server uses to send the user to the correct web site.

If fact, all of your web sites should have the same WAN IP address -- the address that your DSL/Cable provider has given you. You will then have to use a DNS service to point the web site address www.mydomain.com to your IP.

In windows 2000, you have to configure all of the sites to use the same address. The extra header info will take care of making sure the right web site appears to the user.

I am not sure what happens on windows 2000 when you put in the IP instead of the web site address. On linux and apache, you get the main or first virtual account.

Thanks for helping clear this up. Additional information in the header makes sense, I knew this info had to go somewhere, but wasn't sure where. Thanks again. I appreciate it.

Aloha
I also know that this book has com highly recomended
http://www.bookpool.com/.x/4zhdbco8fr/sm/1565927680

Zone Alarm (www.zonelabs.com) is the best software-based firewall for Windows platforms that I know of.

I'm not sure how it would work for a server, but I would recommend it to EVERYONE running Windows.

Oh yeah, the standard version is 100% FREE! They have a professional edition, but I don't see the need for it.

I completely agree with bombino! You might also want to check out this site, especially if you are interested in security -- lots of good information written in a way that's really easy to understand.

GRC.com (http://grc.com)

This guy, Steve Gibson who runs GRC.com has written some little free utilities that test port security on your computer and another that tests firewalls. Turns out Zonealarm is the best, BlackICE defender doesn't stop much by the sounds of it. He also has an interesting series of articles about recent DDOS attacks on his site. Really worth a read if you are setting up a server.

Donna :cool:
http://donnamiller.net

Originally posted by maxfac
One or two servers is all I'm going to be running. Thanks for the help. Also, I have been told I can run several sites with one static IP using IP forwarding and a router. I am using a router to share my DSL connection.

I was interested in doing something similar, the ADSL options available to me come with various amounts of data transfer (I think they use the term 'traffic') per month, then you pay extra for anything over that amount. What I was wondering is, say if I got a plan with 600MB per month, do you get charged for data being transferred both ways, or just one (the usual way). In other words, most people getting this type of connection are surfing (not hosting) and downloading, so they would be charged for internet => pc traffic. But if you are hosting sites as well, there will be pc/server => internet (visitors) traffic as well. Does anyone know if you get charged for traffic going that direction as well? And for a personal website with 30-50 hits a day, what amount of data transfer are you typically using?

Donna:cool: