• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Would IPSec be considered a good firewall?

A

aceO07

Diamond Member
I'm currently use IpSec on Win2k Server as my firewall. I'm using it for terminal services. It is an acceptable firewall? I have it set up so that it only allow certain ports to go through.

I don't know of any software firewalls for Server OS. Also, I'm not too familiar with hardware firewalls and how they work.

I would prefer to use IpSec as a firewall or have a better configuration for it, instead of going with another solution. Unless someone can provide some good points about why it's a bad firewall. I've try to do port scanning and other firewall tests and they all seem to be fine.
 
IPSec is not a firewall, it's a standard for encrypting and protecting IP communications, either computer-to-computer or LAN-to-LAN.

Go and check out this link....
Firewalls 101
 
Where to start...

First off...IPSEC is NOT a firewall. It is a secured (encrypted) transport protocol for connecting a device or network to another network.

You can use IPSEC to tunnel (encrypt) terminal services sessions to a W2K Server. It's a perfectly acceptable way to secure the traffic between the TS Server and the TS Client. It is NOT an acceptable firewall (see above).

There are MANY software firewalls for Server OSes. Accuracy of Port scanning and "other firewall tests" depend on where the scanner/tester is located, and all the things that exist between it and the "target" that you're testing.

Dang...Boscoh beat me to it.
 
While I am not fully knowledgeable on the full uses of IpSec, I do know that it can be used to block and permit traffic going to or leaving my computer.

For example, I can set up rules that block all traffic, and only allow traffic from a source port to a destination port based on IP. Rules can be set up for any combination of source/destination ports, or source/destination ip addresses. While it is not a SPI firewall, it does do the job of permitting and allowing certain traffic to go through.

Ignoring what IpSec is intended for, with it's capabilities to permit/block(filter) traffic, couldn't IPSec be considered a firewall? Isn't that what a firewall does? I've actually done some testing of my own and it seems to do fine in blocking things. Though I'm not as sophiscated as others are in testing..

I was actually hoping to find advice on how to configure it better or if there was anybody else using it this way. Seeing as there isn't.. what options do I have?
 
When I was looking for a new firewall a few months back, because my simple solution (zonealarm) was crapping out, I ran into a website that described using IPSec as a firewall and so that's why I'm using it as such. It was an interesting idea, so I thought it was worth a try..

ipsec as firewall. Give it a look and let me know what you think.
 
I see where you're coming from now.

That guy's use of the term "IPSec" is rather confusing. Dont get yourself confused, IPSec is NOT a firewall, it is a standard for IP encryption. Yes, you can do what he's talking about in the IP Security Policies.

Have you tried looking at other software firewalls such as Sygate? Is this a corporate system or a personal system?

You can also do port filtering in a much easier way (although not as elaborate) by right clicking Properties on your NIC, going into TCP/IP properties, Advanced, Options, TCP/IP Properties.
 
Yes you can. Here is another helpful link from MS:

http://www.microsoft.com/techn.../security/ipsecld.mspx

I have used that guide in the past to secure Windows 2000 servers where a hardware firewall was not feasible. It is possible to create a script using the ipsecpol.exe command such that you can keep different rule sets and apply them as needed.

As you've found, this is just a simple packet filter - no stateful inspection. So if you plan on using a default block policy you will have trouble running "client" applications (web browser, etc) from a secured server since they choose a random high source port. Otherwise, using the Windows IPsec tools to build a firewall works fine. I can confirm that a port scan will show blocked ports as "stealth" (grc.com) or "filtered" (nmap).
 
ipsec as firewall. Give it a look and let me know what you think.
Click to expand...

I think it's confusion caused by MS's strange craving to reuse terms for completely different things. What they call "IP Security" is completely different from IPSec the protocol.
 
Originally posted by: bex0rs
Yes you can. Here is another helpful link from MS:

http://www.microsoft.com/techn.../security/ipsecld.mspx

I have used that guide in the past to secure Windows 2000 servers where a hardware firewall was not feasible. It is possible to create a script using the ipsecpol.exe command such that you can keep different rule sets and apply them as needed.

As you've found, this is just a simple packet filter - no stateful inspection. So if you plan on using a default block policy you will have trouble running "client" applications (web browser, etc) from a secured server since they choose a random high source port. Otherwise, using the Windows IPsec tools to build a firewall works fine. I can confirm that a port scan will show blocked ports as "stealth" (grc.com) or "filtered" (nmap).
Click to expand...

Thanks for the additional info. I'm give it a read. 🙂
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top