> Guys, after browsing this list for a few days I realize this is an
> extremely controversial issue, but: if I want to protect a small
> NT network whose sole purpose is to provide a SSL web server, can I
> do so safely by configuring an NT firewall to provide access to
> port 443 exclusively?
I wouldn't bother with an NT firewall... I'd put in a router that blocked
packets from the outside not destined for that port. It'd be a lot cheaper
and would do everything that a filtering firewall would do *for this case*
because you don't have any outbound access so you don't have any need for
outside packets to get to high numbered ports, and any attack at the
application level would come straight through a firewall anyway.
If you already have Checkpoint-1 on NT then use it, but if you don't it's
just extra expense.