Lee:
>
>If you do use a software firewall for w2k or w2003 servers:
>
>1. What do you use?
>
>
I have been evaluating a product called "CHX-I Packet
Filter" (http://www.idrci.net/). I had been looking
for a lightweight packet-filtering option for some of
my Windows Servers similar to the software firewalls
that are available with Sun Solaris 10 (IP Filter)
and other UNIX varieties. I wanted to avoid most
of the application-based firewalls that display
"pop-ups" to warn of possible intruders or unknown
applications. With the packet-filtering option, I
disable all ports by default and then enable only
the ports and IPs (or MAC addresses) of the traffic
that I need to pass in/out.
Similar packet-filtering rules can be implemented
within the "Local Security Policy" using IPSec, but
I don't believe the IPSec rules perform stateful
inspection and I don't think there is an option
for logging which can be useful when setting up
and troubleshooting new filtering rules.
>2. Can you copy the firewall rules for backup or use on another machine?
>
>
Yes - very easily.
>3. Have you used any tools such as performance monitor to determine the
>software firewall's affect upon system resources such as cpu time and
>memory?
>
>
Not yet. Still evaluating. Mostly concerned with setting
up the packet-filtering rules at the moment. Have read some
postings on various message boards that stated CHX-I was very
good at using limited resources.
>4. Does this require a yearly subscription?
>
>
Free for personal use, but not for commercial use. When I
contacted the company regarding use in an educational environment,
that wanted to push a campus site-license. However, since I
was only interested in about five machines, I was granted
permission to use the software for free. As I mentioned, I
am still evaluating - there doesn't seem to be too many bells
and whistles with this product, but from what I have seen so
far, it seems to do what I need it to do and that is packet-filtering,
plain and simple.
Jim
--
========================================
James T. Brown
UNIX Systems Administrator
Geography/Fisheries & Wildlife
Michigan State University
email: [log in to unmask]
|