Slashdot Mirror

← Back to Stories (view on slashdot.org)

What is the Best Firewall for Servers?

Posted by Cliff on from the hot-protection-for-heavy-iron dept.

Sushant Bhatia asks: "I maintain a bunch of servers (Win 2003/XP Pro) at our labs in the university. Of late, the number of attacks on the computers has been more noticeable. The university provides firewall software (Kerio) but that doesn't work with Win 2003 (works with XP). And so we keep getting hit by zombie machines taken over in the Education Department or from Liberal Arts :-). So what does the Slashdot crowd use when they need to secure their Linux and Windows servers? Does it cost less than US$100?"

7 of 673 comments (clear)

  1. at the risk of getting flamed into submission... by gik · · Score: 4, Insightful

    a linux box.

    --
    ZERO
  2. Use a *separate* firewall box. by Richard+Steiner · · Score: 4, Insightful

    That way, platform compatibility is a nonissue.

    I use a dedicated PPro box running Coyote Linux myself, but there are far more robust solutions out there...

    --
    Mainframe/UNIX Bit Twiddler and long time Windows/Linux Hobbyist.
    The Theorem Theorem: If If, Then Then.
  3. Does it cost less than US$100? by dancedance · · Score: 4, Insightful

    Does it cost less than US$100? You can't be serious. Securing your machines is only worth $100? Is that how much it will cost to fix them once they are cracked? Give me a break. If you are serious about security you can invest more than $100.

    1. Re:Does it cost less than US$100? by MrResistor · · Score: 5, Insightful

      Did you miss the part about how he works for a school? He has to get the money before it can be invested, and $100 might be the limit above which he has to get the approval of 3 PHBs and 6 beancounters.

      Or maybe you missed the part about how the attacks are coming from other departments, over which he has no authority, and who obviously don't place a high value on security?

      --
      Under capitalism man exploits man. Under communism it's the other way around.
    2. Re:Does it cost less than US$100? by DNS-and-BIND · · Score: 4, Insightful
      There are these mystical things called "budgets". The "budget" will provide for some things and not others.

      This *is* at a university. Universities are well-known for being completely isolated from the rest of society, and as a result, they have some pretty weird ideas. One of which is not spending any money on computer security.

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    3. Re:Does it cost less than US$100? by riptide_dot · · Score: 4, Insightful

      "You can't be serious. Securing your machines is only worth $100?

      Keep in mind that the OP works for a university, which probably doesn't have a budget outside of what they already spent on their software firewall. It doesn't mean that security isn't important to him, just that there's probably not an existing budget for it.

      The OP is looking for a cheap and innovative way to secure his university network's servers - and I can't think of a better place to ask the question than here.

      I say let the FOSS community answer his question and provide him a solution to his unique problem in the way that they know best and leave the "isn't this worth more than $XXX?" questions to the salesman.

      --
      I was in the park the other day wondering why frisbees get bigger and bigger the closer they get - and then it hit me.
  4. Re:A cheap linux firewall by hawkbug · · Score: 5, Insightful

    I hear this argument a lot, and you're right - it would work... but here's the thing - If you put a pentium I computer with a 2 gig hd or something up in front of an entire lab for internet access, I would wonder about the reliability. What I mean is, at work here I was doing something similar - but when the non-rendundant power supply in the 1995 based computer died, my entire part of the office lost net access, which is bad.

    There is always something to be said about having a real server act as a firewall. For home use, sure, use an old computer running linux - but for anything that you would like to count on a reliable, get a real piece of hardware to put that linux distro on, and you'll be happier.