Windows 2000 server - dslreports.com

Forums » Up and Running » Security » Security » Windows 2000 server


Uniqs: 174	Share Topic:	RSS topic:	toggle: flat / full normal / watch	Posting:	Post a:	Post a:

Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal

Viewpoint Media Player--Spyware or Not? »
« Need information:

karan79 join:2004-08-02 Los Angeles, CA	Windows 2000 server Whats the best way to secure a windows 2000 server. Its acting as a web server. I want to set it up in a way that only certain IP addresses can log into it i.e. the page that comes up when type »windows_server_ip/xyz.html is only allowed to be viewed if you belong to the specified IPs. Do i need an external firewall? If so any suggestions. thnx
	permalink · 2004-11-10 15:27:53 ·

sivran
Long Live The Suite
Premium
join:2003-09-15
Arlington, TX
clubs:

·RoadRunner Cable

Re: Windows 2000 server

Without knowing what web server software you're using...

This could be done with Kerio 2.1.5 (see Kerio-Tiny forum or my sig for link) using the Custom Address Group. Make a rule to allow access to local port 80 from the addresses listed in the Custom group, then make a second rule to deny access to local port 80 from anywhere. This second rule should be placed after the first rule, obviously.

If you wanted to do this extenerally you would need something much more flexible than a cheap Linky.

Either way will work, though. There are advantages and disadvantages to each approach.
--
TCPA - Treacherous Computing
Kerio 2.1.5 - Best damn firewall
Licenses should be per user, Ditch Norton! Get F-Prot!

permalink · 2004-11-10 15:54:00 · Print ·

Marilla
I Am My Own Arbiter
Premium
join:2002-12-06
Belpre, OH

In my opinion, you need an external firewall for -any- web server. I feel that host-based firewalls (a sort of one of which is built in to Windows 2000, actually) are good, and all that.. but that a dedicated firewall appliance/server is a must for every single gateway to the Internet.

That said, Windows 2000 has built in two methods to permit only certain IPs to access a web site.

First, the built-in IPSec filtering can be used to prevent communications to certain ports/IPs on the server from certain IPs/networks, or allow ONLY from certain IPs/Networks (once you get a default block policy in)

Second, any web server software itself can be configured to permit connections only from certain networks/IPs, as well (including IIS and Apache, one of which you almost certainly will be using, I'm guessing).

However, on a side-note, I will re-iterate the importance of having a separate firewall protecting this system, as well. That could be an additional software-based one (though consumer-level products don't often easily work with server-level operating systems - purposefully), or a separate hardware firewall. The problem is, even if you protect your one site how you want, you still have lots of other things exposed on that server which need to be protected by a firewall. The built-in IPSec functionality can be used to help, but there are known ways around that.
--
Windows, Mac, Linux, BSD - just use the right tool for the right job... end the OS Politics!

Real politics is much more interesting! www.georgewbush.com

permalink · 2004-11-10 16:23:05 · Print ·

Daniel Premium,MVM join:2000-06-26 Pleasanton, CA clubs:	said by karan79 : Whats the best way to secure a windows 2000 server. Its acting as a web server. Make your first stop the NSA Guidelines. There is some good information in those resources. -- cat knowledge \| grep understanding
	permalink · 2004-11-10 16:31:27 ·

karan79 join:2004-08-02 Los Angeles, CA	Thnx for the info guys...you have been most helpful!!
	permalink · 2004-11-11 11:59:05 ·

your comment..

Forums » Up and Running » Security » Security	Viewpoint Media Player--Spyware or Not? » « Need information:


Thursday, 03-Dec 12:01:38	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. republican-creole page compression OFF