Dave said:
I have a web server (personnal) and I want to setup a firewall. If I am
running a router do I need to?
"Need" is a (very) relative term, but if you mean are
you generally well protected by a router the answer
is "No."
Even a translation router (NAT) is offers no real
security -- except that usually the outside world
cannot INITIATE contact.
A lot also depends on your definition of "firewall."
(There are at least a half a dozen main categories
and differences of opinion on what constitutes a
firewall.)
If so what are some software firewalls that
can be used with IIS 5?
Yes.
Notice that IIS (or any web server) must accept
connections from SOMEONE or it is not going
to be very useful as a server -- in fact this is true
of any server.
Firewalls block or filter certain types of messages
but by their very nature they must also allow
certain (types) of messages to penetrate or else
one would just disconnect the network cable to
ensure security.
What do you wish to filter? All incoming messages
director to machines (addresses) other than your
IIS machine? Perhaps directed to any other port
than the (customary) Web server port (i.e., 80)?
Do you wish to try to filter the CONTENT of those
messages or just the source and destinations?
Firewalls start with the simple idea of a filtering
router, one which only allows connections to or
from certain addresses or ports, and grow in
complexity to very smart devices and software
that can make decisions based not just on the
contents of ONE packet but on the basis of
other packets previously received as well.
Note, that SOME (very smart people) don't even
think of the "the firewall" as being one machine
or piece of software but rather as the entire SET of
devices and processes which protect you network
where it connects from the internal to the external
world, which would enclude any intermediate
networks frequently referred to as DMZ or "screened
networks."
