Windows 2003 vpn server with no firewall...safe?

[Ned]

I configured server 2003 with 2 nics (internet and intranet),
configured RRAS for VPN with packet filters for VPN ONLY traffic. I
also ran the security policy wizard. Is this safe enough to connect to
the internet without a firewall?

 

[J.H]

Nothing is safe with or without firewall.

Less risk if there is having firewall

Greatest risk if there is no firewall at all!!

Test it for yourself, install a computer, leave it on Internet 1 or 2 days
(day might be
too long,,,,couple hours), you will see what happens!!

Good luck,
JPTH

 

[Kurt]

I configured server 2003 with 2 nics (internet and intranet),
configured RRAS for VPN with packet filters for VPN ONLY traffic. I
also ran the security policy wizard. Is this safe enough to connect to
the internet without a firewall?

Although I technically agree with JH, a properly locked down server will
be just fine with a public IP address. I have had Windows boxes directly
connected to the Internet with no anti-virus for years at a time without
any problem. I've never been too keen on the built-in filters in
Windows. Of course Server 2003 has a decent firewall built-in. Still,
there's nothing like a router with ACL's that only permit the traffic
you want in front of the server. The problem I see with having the
firewall and the thing the firewall is protecting being one and the
same, is that any compromise to either is a compromise to both.

If you're using PPTP VPN connections, you can do that just fine with the
server behind a NAT. If you're doing L2TP fo course you'll need the
public address.

....kurt

 

[Ned]

I checked my logs and saw a lot of anonymous connections coming from
public ip addresses. It scared me more than any horror movie I've ever
seen. I shut the server down and disconnected it from the Internet
until I can get a firewall.

thanks for your responses.