>I'm looking for firewalls specifically aimed at protecting
>web servers.
>
>I have a farm with web servers that I want to protect. No
>intranet-stuff, users or authentication. Only public web
>servers with anonymous access.
You can protect the web servers using any packet filtering router or
firewall. Set up the filtering rules to be as restrictive as possible. For
example, only allow inbound TCP connections on port 80 and perhaps 443 if
SSL is used. This will protect the web servers from most TCP/IP based
attacks.
The most important thing to do is to make sure that your servers are safe
from attacks via HTTP itself. Make sure that you have the latest security
patches for your server applied and be very careful about the CGI programs
that are used. For an excellent document on how to do this see the WWW
Security FAQ at http://www.w3.org/Security/Faq/.
As an additional security measure, disable all TCP/IP services that are not
required on the web servers (e.g. sendmail, nfs, rsh, ftp, telnet). Also
make sure that your internal network is protected from the public web
servers by a firewall. This way, if someone does manage to break in to one
of your web servers, they cannot use it as a base to attack other computers
in your internal network.
Kevin McNamee
IKON Technology Services
|
|
