Sign in with
Sign up | Sign in
Your question

zonealarm on windows server 2003

Tags:
  • Firewalls
  • Windows Server 2003
  • DNS
  • Networking
Last response: in Networking
Share
Anonymous
September 29, 2005 8:39:50 AM

Archived from groups: comp.security.firewalls (More info?)

Hello,
Do you know if exists known problems with zonealarm (version 5.5) on
windows server 2003 ? There is a warning before installation on this OS
but product seems to work correctly...
On the other hand, the "svchost.exe" process is blocked by zonealarm
when it wants to reach the DNS. I had to authorized DNS addresses on a
few ports in zonealarm. With Windows 2000 pro, it was not necessary.
Is this behavior is linked to Windows 2003 ?

More about : zonealarm windows server 2003

Anonymous
September 29, 2005 10:38:02 AM

Archived from groups: comp.security.firewalls (More info?)

to use windows 2003 as a workstation
Anonymous
September 29, 2005 5:49:14 PM

Archived from groups: comp.security.firewalls (More info?)

vince1008@gmail.com wrote in news:1127993990.322256.292280
@o13g2000cwo.googlegroups.com:

> Hello,
> Do you know if exists known problems with zonealarm (version 5.5) on
> windows server 2003 ? There is a warning before installation on this OS
> but product seems to work correctly...
> On the other hand, the "svchost.exe" process is blocked by zonealarm
> when it wants to reach the DNS. I had to authorized DNS addresses on a
> few ports in zonealarm. With Windows 2000 pro, it was not necessary.
> Is this behavior is linked to Windows 2003 ?
>
>

One doesn't run PFW software on a server O/S to a protect server.

You should find a server host based FW there are out there.

If the machine is setting behind a NAT router, then you can use IPsec a
packet filter to supplement the NAT router, which can stop inbound or
outbound traffic by port, protocol, or IP.

http://www.petri.co.il/block_ping_traffic_with_ipsec.ht...
http://www.analogx.com/contents/articles/ipsec.htm
http://support.microsoft.com/kb/813878

Is this machine doing a direct connection to the Internet or is it
setting behind a router?

Either way, you should secure or harden the Win 2K3 O/S to attack (search
Google). The buck stops at the O/S and not something like ZA to protect
the Win 2K3 server O/S.

Duane :) 
Related resources
Anonymous
September 29, 2005 5:59:36 PM

Archived from groups: comp.security.firewalls (More info?)

In article <1127993990.322256.292280@o13g2000cwo.googlegroups.com>,
vince1008@gmail.com says...
> Hello,
> Do you know if exists known problems with zonealarm (version 5.5) on
> windows server 2003 ? There is a warning before installation on this OS
> but product seems to work correctly...
> On the other hand, the "svchost.exe" process is blocked by zonealarm
> when it wants to reach the DNS. I had to authorized DNS addresses on a
> few ports in zonealarm. With Windows 2000 pro, it was not necessary.
> Is this behavior is linked to Windows 2003 ?

Do not run a personal firewall application on a Server, not even if you
are playing around as a workstation. If you need to block traffic,
either set it up properly or get a cheap NAT device to block inbound.

Windows 2003 does not have any certified "Personal" firewall products -
you can use ISA with it - if you can afford 2003 server you can afford
ISA (since it appears you're just playing with it).

--

spam999free@rrohio.com
remove 999 in order to email me
Anonymous
September 29, 2005 6:48:58 PM

Archived from groups: comp.security.firewalls (More info?)

vince1008@gmail.com wrote:
> Do you know if exists known problems with zonealarm (version 5.5) on
> windows server 2003 ?

Why would someone want to have a "Personal Firewall" on Windows 2003 Server?

Yours,
VB.
--
MAC-Filtering bringt so viel Schutz vor "Hackern" wie Zeitungspapier vor
einer Atombome. (MAC filtering is protecting against "hackers" like newsprint
is protecting against a nuclear bomb)
- Christian Forler in de.comp.security.misc
February 23, 2010 7:45:03 PM

I can think of a reason why. How can you detect port scan in windows 2003 server? How can I log scans? will a HW fw do that? and at what cost? ($$$)
February 28, 2010 4:44:13 PM

Why did you revive such an old thread?
March 4, 2013 7:19:15 PM

No wonder you guys stay Anonymous.

Your replies to the OP are unhelpful in that they completely fail to answer his actual question.

You have no idea of what scenario he needs this Firewall.

As for Personal Firewalls on a 2003 Server. Ok, ZA isn't my favourite, but the one I am using is still a "personal firewall" and it does the job I need it to do.

So get your stuffy, arrogant heads out of your rear ends and either help people or don't post at all.

Oh by the way. I have 35 years in IT with responsibility for corporate infrastructure. This includes product like Checkpoint Firewall 1. If you understand how a Firewall works and how to configure properly then there is no reason why a "personal" firewall with a decent rules based system won't be perfectly adequate.

I am sick of seeing retards talk of the joys of the crappy Windows Firewall. It is a useless piece of junk. It doesn't even have rules based filtering.


Quote:
Archived from groups: comp.security.firewalls (More info?)

In article <1127993990.322256.292280@o13g2000cwo.googlegroups.com>,
vince1008@gmail.com says...
> Hello,
> Do you know if exists known problems with zonealarm (version 5.5) on
> windows server 2003 ? There is a warning before installation on this OS
> but product seems to work correctly...
> On the other hand, the "svchost.exe" process is blocked by zonealarm
> when it wants to reach the DNS. I had to authorized DNS addresses on a
> few ports in zonealarm. With Windows 2000 pro, it was not necessary.
> Is this behavior is linked to Windows 2003 ?

Do not run a personal firewall application on a Server, not even if you
are playing around as a workstation. If you need to block traffic,
either set it up properly or get a cheap NAT device to block inbound.

Windows 2003 does not have any certified "Personal" firewall products -
you can use ISA with it - if you can afford 2003 server you can afford
ISA (since it appears you're just playing with it).

--

spam999free@rrohio.com
remove 999 in order to email me

!