Archived from groups: comp.security.firewalls (More info?)

Hello,
Do you know if exists known problems with zonealarm (version 5.5) on
windows server 2003 ? There is a warning before installation on this OS
but product seems to work correctly...
On the other hand, the "svchost.exe" process is blocked by zonealarm
when it wants to reach the DNS. I had to authorized DNS addresses on a
few ports in zonealarm. With Windows 2000 pro, it was not necessary.
Is this behavior is linked to Windows 2003 ?

Archived from groups: comp.security.firewalls (More info?)

vince1008@gmail.com wrote:
> Do you know if exists known problems with zonealarm (version 5.5) on
> windows server 2003 ?

Why would someone want to have a "Personal Firewall" on Windows 2003 Server?

Yours,
VB.
--
MAC-Filtering bringt so viel Schutz vor "Hackern" wie Zeitungspapier vor
einer Atombome. (MAC filtering is protecting against "hackers" like newsprint
is protecting against a nuclear bomb)
- Christian Forler in de.comp.security.misc

Archived from groups: comp.security.firewalls (More info?)

to use windows 2003 as a workstation

Archived from groups: comp.security.firewalls (More info?)

vince1008@gmail.com wrote in news:1127993990.322256.292280
@o13g2000cwo.googlegroups.com:

> Hello,
> Do you know if exists known problems with zonealarm (version 5.5) on
> windows server 2003 ? There is a warning before installation on this OS
> but product seems to work correctly...
> On the other hand, the "svchost.exe" process is blocked by zonealarm
> when it wants to reach the DNS. I had to authorized DNS addresses on a
> few ports in zonealarm. With Windows 2000 pro, it was not necessary.
> Is this behavior is linked to Windows 2003 ?
>
>

One doesn't run PFW software on a server O/S to a protect server.

You should find a server host based FW there are out there.

If the machine is setting behind a NAT router, then you can use IPsec a
packet filter to supplement the NAT router, which can stop inbound or
outbound traffic by port, protocol, or IP.

http://www.petri.co.il/block_ping_ [...] _ipsec.htm
http://www.analogx.com/contents/articles/ipsec.htm
http://support.microsoft.com/kb/813878

Is this machine doing a direct connection to the Internet or is it
setting behind a router?

Either way, you should secure or harden the Win 2K3 O/S to attack (search
Google). The buck stops at the O/S and not something like ZA to protect
the Win 2K3 server O/S.

Duane

Archived from groups: comp.security.firewalls (More info?)

In article <1127993990.322256.292280@o13g2000cwo.googlegroups.com>,
vince1008@gmail.com says...
> Hello,
> Do you know if exists known problems with zonealarm (version 5.5) on
> windows server 2003 ? There is a warning before installation on this OS
> but product seems to work correctly...
> On the other hand, the "svchost.exe" process is blocked by zonealarm
> when it wants to reach the DNS. I had to authorized DNS addresses on a
> few ports in zonealarm. With Windows 2000 pro, it was not necessary.
> Is this behavior is linked to Windows 2003 ?

Do not run a personal firewall application on a Server, not even if you
are playing around as a workstation. If you need to block traffic,
either set it up properly or get a cheap NAT device to block inbound.

Windows 2003 does not have any certified "Personal" firewall products -
you can use ISA with it - if you can afford 2003 server you can afford
ISA (since it appears you're just playing with it).

--

spam999free@rrohio.com
remove 999 in order to email me