Firewall solution for colo'd charity server

F

Fark_Maniac

2[H]4U
Joined
Feb 21, 2002
Messages
2,438
I've got a box built on XP that I'm using to host a charity's web server that is colo'd with a great company. I've got some software based firewall stuff on there, but I'd really like to find a hardware based firewall that I can install that will keep attacks away. I don't really need a router...just a firewall.

I found this at newegg...would something like this be what I'm looking for?
http://www.newegg.com/Product/Product.aspx?Item=N82E16833122007

server runs apache, mysql, and an hmail (email) services on XP that patches automagically. I think I have a recent copy of Norton Internet Security on it. I know norton isn't the greatest thing, so I want to get something hardware based setup.
 
Im not even sure where to start...

Windows XP as a colo'd server?!?

Anyways, something is better then nothing/windows.
 
Wow... you should really reconsider your plans.. WinXP/NIS/MySQL AND a netgear hasbro router... dude, this computer is going to make your life miserable..
 
dahlhana said:
Wow... you should really reconsider your plans.. WinXP/NIS/MySQL AND a netgear hasbro router... dude, this computer is going to make your life miserable..
Click to expand...

you use what you have...I'm asking for firewall suggestions....

I'd love to re-think this...but putting in 50hrs a week already in the IT field...I do not have the time to do so. It has been running just fine for the past year and a half with only one issue so far. the machine itself was built from nice parts...just the software isn't the greatest. once I get a hardware firewall in...it should take a number of the threats out of the equation.

...so again..any suggestions? I'm not asking should I get the Netgear...I'm asking...is something like this what I'm looking for?
 
Get it behind NAT. A software firewall for a desktop OS will simply not be able to deal with many concurrent hits....anyone browsing websites on that will feel like they're on a 14.4 modem.

Windows XP, a desktop OS, isn't really happy dealing with many concurrent hits. Do you plan on more than say, a 1/2 dozen people browsing the site at any time?

A server colo'd at a data center, you'll want to lock it down very well, strip services, there are lots of steps in locking down an OS that will be sitting at a data center on a public IP. That PC will be poked and prodded by hackers looking for an orifice to crawl into.
 
this is a local Kansas City organization. it is not large. I average about 300MB of data...both ways per month. Pages load just fine.
 
Honestly, that thing will be better than nothing. I don't really ever look at anything in that range, as far as cost, so I don't know how good it is. I used to run with some netgear business firewalls and they were fairly good, very stable. The important thing is get the NAT action going on to protect that box. :D
 
okay, let me rephrase it a bit. I'm fairly comfortable using home grade routers and configuring the firewall on them. that's easy and I get how they work.

I do not have any experience in strictly firewall devices.

I did find one of these guys (x10e) on craigslist for 75 bucks:
http://www.watchguard.com/products/edge-e.asp
 
Watchguard stuff is pretty decent. We have 2 of the X5500e models at work and they are functioning quite well so far. $75 is a good price too considering that they retail for about $500.
 
What is it you expect to actually use from a firewall appliance, versus simply keeping your desktop web server behind a NAT router?

Do you need content filtering? ACL control in addition to NAT? Spam filtering? Antivirus scanning of traffic originating from behind the firewall?

The colo host should be able to NAT your XP box, most good colo's will do that for you from their managed switches.

But for a single hosted web server...I don't see the advantage of going for more of a higher end firewall appliance, esp if it's budget..for a charity, you have to pay yearly subscription fees for those extra UTM features.

Fark_Maniac said:
okay, let me rephrase it a bit. I'm fairly comfortable using home grade routers and configuring the firewall on them. that's easy and I get how they work.

I do not have any experience in strictly firewall devices.

I did find one of these guys (x10e) on craigslist for 75 bucks:
http://www.watchguard.com/products/edge-e.asp
Click to expand...
 
For one small server this firewall will be fine. I want to say though I have had bad experience with this firewall at my work. I support an office of 20 and they are all behind a FVS318 and randomly the box will lose connection to the web and I'll have to unplug it and plug it back in. If somebody works from home and initiates a VPN connection to it during work hours the box will freeze and need a cold restart. I have read that the earlier versions are better than the others but for 1 server this should suffice.
 
reading more about this appliance, this is what i aim to accomplish. I only want to present port 80 to the public as well as email ports that I can't think of at the moment. I can configure it to trust ports like 3306 for my house as well as work's IP address so that I can still administer other applications openly. This way, my administration is easier while the public only gets what it needs from the server. The ability to VPN into the box is also attractive. And for the price, I don't think they'd balk too much at it.


YeOldeStonecat said:
What is it you expect to actually use from a firewall appliance, versus simply keeping your desktop web server behind a NAT router?

Do you need content filtering? ACL control in addition to NAT? Spam filtering? Antivirus scanning of traffic originating from behind the firewall?

The colo host should be able to NAT your XP box, most good colo's will do that for you from their managed switches.

But for a single hosted web server...I don't see the advantage of going for more of a higher end firewall appliance, esp if it's budget..for a charity, you have to pay yearly subscription fees for those extra UTM features.
Click to expand...
 
You must log in or register to reply here.
Back
Top