General
cancel
Showing results for 
Search instead for 
Did you mean: 

Enhance the Windows with Cisco firewall

SOLVED
Go to solution
scott_417
Frequent Advisor

Enhance the Windows with Cisco firewall

It seems to me that as compared to the Linux, the Windows OS is less secured, simply because some virus or bugs could craw in.

Now if I'll install a Cisco dedicated firewall to first route the incoming request to a web server located in the DMZ zone, then from this server, the request is routed (again through the firewall) to the "internal" database server (located behind the firewall in the LAN), I wonder in this meassure, will the virus or intrusion still be a problem?

I believe that is why use the firewall and DMZ to block the potential intrusion. But like to know how effect is this action?

Thanks to share your view.

Scott
2 REPLIES
Stuart Whitby
Trusted Contributor

Re: Enhance the Windows with Cisco firewall

Depends how the virus is transmitted. The best way to secure yourself against them is to put a lock over all USB ports, floppy drives, CD drives and remove it from any network. A firewall won't stop email (unless it's set to do so) and will do nothing but block incoming and probably outgoing ports.

Windows is no better or worse than any other OS in terms of viruses, bugs or insecure code. The main difference is that there are a whole lot of people who don't have a clue what they're doing with the OS and leave it utterly insecure, and it's such a popular OS that any serious issue has a massive worldwide effect. Microsoft is doing a lot to address this issue at the moment by bundling firewalls etc. with the product and having them easy to configure. However, how many home users still run with Adminstrator priveleges? This account gets hacked and the hacker has full access to do *ANYTHING* on the system.

Bugs and viruses don't crawl in. For a start, bugs are written into the code and MS is better than any other vendor at addressing them and getting the fixes out (with XP & above). Viruses only come in when they're invited. Shut down unnecessary programs and services, give a hard slap anyone who opens an attachment from someone they don't know that says "Here's that file I promised you", *especially* if that same email has come from 5 different people in a row, and make sure you only visit reputable porn sites. Generally, anywhere that puts pop-ups and pop-overs in their web page would rather do the same thing when your system is offline and will happily install things on your system if they're able.

I'm not sure what kind of setup you're looking to protect with the firewall. However, proper firewall setup is explained in many places, and you're best to go find a website dedicated to this subject. Or get a security consultant to set this up for you. My guess is that you'll also want to set up that DMZ web server as a mail server as well and have a virus scanner running against your incoming email.
A sysadmin should never cross his fingers in the hope commands will work. Makes for a lot of mistakes while typing.
Viktor V. Lubezniy
Valued Contributor
Solution

Re: Enhance the Windows with Cisco firewall

Hello,

Your security will depend on your own. If you will configure your network and firewall properly (Internet users can get access to the HTTP-port of your Web-server only), it will help to avoid many problems, but not all. You have a Web server, which gets HTTP-requests from outside. Your firewall will not change these requests (except it filters TCP-packets by content). If your Web-server software contains bug that provides remote code execution on the server or Web-server scripts are buggy, then virus attacks or intrusions are very possible. Firewall can also have its own security problems which can cause remote access to the database (the security updates and long passwords can help you in this case). So, don't forget to update your server and firewall software, make backups and view security logs.

Best regards,
Viktor V. Lubezniy