• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Possible to "upgrade" Windows Server 2003's firewall to the Server 2008 version?

S

scauffiel

Senior member
As the title says, I have a network with both 2003 and 2008 servers, obviously the 2008 firewall is much improved over the '03 version. Anyone know of any way to upgrade the '03 version to the '08? Probably not possible, but figgered I'd ask around...

Any thoughts are appreciated,
Steve
 
Even if by some chance you manage to safely remove the 2003 firewall and put the 2008 firewall in its place, it would be a completely and totally unsupported configuration, and you risk having you modifications overwritten by security patches, likely resulting in a server that's unable to boot.

In other words, not possible.
 
Yea, this is one of those things that might be interesting to try to make work if you have a lot of free time to waste but nothing you'd want to do to a system you actually care about and want to work properly.

Firewalls on servers never made much sense to me anyway. You should have a good border firewall like an ASA protecting them inbound and there shouldn't be anything erroneous installed to make unwanted outbound connections, so what's the point?
 
Nothinman said:
Firewalls on servers never made much sense to me anyway. You should have a good border firewall like an ASA protecting them inbound and there shouldn't be anything erroneous installed to make unwanted outbound connections, so what's the point?
Click to expand...

If the threat is coming from within the internal network, an ASA won't do jack shit. Not that they do much, anyway.
 
theevilsharpie said:
If the threat is coming from within the internal network, an ASA won't do jack shit. Not that they do much, anyway.
Click to expand...

And if it's attacking a valid service on that server it won't do jack shit either because you've made it exempt. If you're running random services that you don't want exposed, internally or externally, you're asking for trouble.
 
Nothinman said:
And if it's attacking a valid service on that server it won't do jack shit either because you've made it exempt.
Click to expand...

This is true if you're using a simple packet filter (e.g. Windows Firewall, Cisco ASA, etc.), but any firewall worth a shit will also have intrusion prevention functionality that will catch and block such attacks.
 
theevilsharpie said:
This is true if you're using a simple packet filter (e.g. Windows Firewall, Cisco ASA, etc.), but any firewall worth a shit will also have intrusion prevention functionality that will catch and block such attacks.
Click to expand...

Maybe, there's a lot of other variables involved as well. But do you really put a hardware firewall between all of your internal users and their servers as well?
 
Nothinman said:
Maybe, there's a lot of other variables involved as well. But do you really put a hardware firewall between all of your internal users and their servers as well?
Click to expand...

Some of the companies I work with that faces fines or other punishments for data leaks do, and with even mid-range firewalls able to filter at near line-speed these days, it's not that expensive anymore.

Other servers I manage that don't warrant that level of protection run a software firewall with IPS capability, like Symantec Endpoint Protection.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top