- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Microsoft
- >
- Enhance the Windows with Cisco firewall
Operating System - Microsoft
1752795
Members
6264
Online
108789
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-18-2005 10:24 AM
тАО10-18-2005 10:24 AM
It seems to me that as compared to the Linux, the Windows OS is less secured, simply because some virus or bugs could craw in.
Now if I'll install a Cisco dedicated firewall to first route the incoming request to a web server located in the DMZ zone, then from this server, the request is routed (again through the firewall) to the "internal" database server (located behind the firewall in the LAN), I wonder in this meassure, will the virus or intrusion still be a problem?
I believe that is why use the firewall and DMZ to block the potential intrusion. But like to know how effect is this action?
Thanks to share your view.
Scott
Now if I'll install a Cisco dedicated firewall to first route the incoming request to a web server located in the DMZ zone, then from this server, the request is routed (again through the firewall) to the "internal" database server (located behind the firewall in the LAN), I wonder in this meassure, will the virus or intrusion still be a problem?
I believe that is why use the firewall and DMZ to block the potential intrusion. But like to know how effect is this action?
Thanks to share your view.
Scott
Solved! Go to Solution.
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-18-2005 10:10 PM
тАО10-18-2005 10:10 PM
Re: Enhance the Windows with Cisco firewall
Depends how the virus is transmitted. The best way to secure yourself against them is to put a lock over all USB ports, floppy drives, CD drives and remove it from any network. A firewall won't stop email (unless it's set to do so) and will do nothing but block incoming and probably outgoing ports.
Windows is no better or worse than any other OS in terms of viruses, bugs or insecure code. The main difference is that there are a whole lot of people who don't have a clue what they're doing with the OS and leave it utterly insecure, and it's such a popular OS that any serious issue has a massive worldwide effect. Microsoft is doing a lot to address this issue at the moment by bundling firewalls etc. with the product and having them easy to configure. However, how many home users still run with Adminstrator priveleges? This account gets hacked and the hacker has full access to do *ANYTHING* on the system.
Bugs and viruses don't crawl in. For a start, bugs are written into the code and MS is better than any other vendor at addressing them and getting the fixes out (with XP & above). Viruses only come in when they're invited. Shut down unnecessary programs and services, give a hard slap anyone who opens an attachment from someone they don't know that says "Here's that file I promised you", *especially* if that same email has come from 5 different people in a row, and make sure you only visit reputable porn sites. Generally, anywhere that puts pop-ups and pop-overs in their web page would rather do the same thing when your system is offline and will happily install things on your system if they're able.
I'm not sure what kind of setup you're looking to protect with the firewall. However, proper firewall setup is explained in many places, and you're best to go find a website dedicated to this subject. Or get a security consultant to set this up for you. My guess is that you'll also want to set up that DMZ web server as a mail server as well and have a virus scanner running against your incoming email.
Windows is no better or worse than any other OS in terms of viruses, bugs or insecure code. The main difference is that there are a whole lot of people who don't have a clue what they're doing with the OS and leave it utterly insecure, and it's such a popular OS that any serious issue has a massive worldwide effect. Microsoft is doing a lot to address this issue at the moment by bundling firewalls etc. with the product and having them easy to configure. However, how many home users still run with Adminstrator priveleges? This account gets hacked and the hacker has full access to do *ANYTHING* on the system.
Bugs and viruses don't crawl in. For a start, bugs are written into the code and MS is better than any other vendor at addressing them and getting the fixes out (with XP & above). Viruses only come in when they're invited. Shut down unnecessary programs and services, give a hard slap anyone who opens an attachment from someone they don't know that says "Here's that file I promised you", *especially* if that same email has come from 5 different people in a row, and make sure you only visit reputable porn sites. Generally, anywhere that puts pop-ups and pop-overs in their web page would rather do the same thing when your system is offline and will happily install things on your system if they're able.
I'm not sure what kind of setup you're looking to protect with the firewall. However, proper firewall setup is explained in many places, and you're best to go find a website dedicated to this subject. Or get a security consultant to set this up for you. My guess is that you'll also want to set up that DMZ web server as a mail server as well and have a virus scanner running against your incoming email.
A sysadmin should never cross his fingers in the hope commands will work. Makes for a lot of mistakes while typing.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-20-2005 02:53 AM
тАО10-20-2005 02:53 AM
Solution
Hello,
Your security will depend on your own. If you will configure your network and firewall properly (Internet users can get access to the HTTP-port of your Web-server only), it will help to avoid many problems, but not all. You have a Web server, which gets HTTP-requests from outside. Your firewall will not change these requests (except it filters TCP-packets by content). If your Web-server software contains bug that provides remote code execution on the server or Web-server scripts are buggy, then virus attacks or intrusions are very possible. Firewall can also have its own security problems which can cause remote access to the database (the security updates and long passwords can help you in this case). So, don't forget to update your server and firewall software, make backups and view security logs.
Best regards,
Viktor V. Lubezniy
Your security will depend on your own. If you will configure your network and firewall properly (Internet users can get access to the HTTP-port of your Web-server only), it will help to avoid many problems, but not all. You have a Web server, which gets HTTP-requests from outside. Your firewall will not change these requests (except it filters TCP-packets by content). If your Web-server software contains bug that provides remote code execution on the server or Web-server scripts are buggy, then virus attacks or intrusions are very possible. Firewall can also have its own security problems which can cause remote access to the database (the security updates and long passwords can help you in this case). So, don't forget to update your server and firewall software, make backups and view security logs.
Best regards,
Viktor V. Lubezniy
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP