I find this firewall works very well, but only with 3.11 for workgroups. When are they gonna release Win 95? Anyone know?

Howard 4/10/2004 2:28:06 AM

Microsoft is so cool.I Love them. I wish I had more money to buy more Windows 2003 boxes. Oh my God... that firewall... is kicking ass! So cool! Linux stuff can't be compared with it. not telling about any (if any) of Sun firewalls. Windows rulz!!!!

radek10/6/2003 3:06:17 PM

Stand tall and NOT let your self be bullied by Micro$oft! The truth is the truth and should not be suppressed.

Kenneth Olsen 9/26/2003 7:49:38 PM

I think the article shows the author's lack of knowledge of Windows 2003. She doesn't seem to understand how port scanning works much less the results of the scans. I was hoping for some detail on what options she set and the results. Her bias on the "non industry standards" stuff doesn't include all the false info Windows will return because it has "embraced, enhanced, and extended" so many standards and that top 75 tools list is just fyodor's list, not some magical security organization's list.

Also I don't think she is mixing up terminology. The FIREWALL is call Internet Connection Firewall, RRAS to my knowledge doesn't use the term Firewall.

Andrew Lockwood 9/25/2003 7:23:18 AM

For the record you tested a Small Business Server 2003 RRAS firewall. We aren't Windows 2003 Server. We have a password complexity wizard that kicks in.

Furthermore the list of ports that you list as being "open on the firewall" are the needed ports if you stuck a hardware firewall on the outside. For example, port 4125 open opens up AFTER you authenticate on port 443. The ports listed there ONLY open up if you select those options when running the "CEICW" wizard. You did use the wizard didn't you? You run the wizard and only open up those ports that are needed.

On that SBS2k3 you would never run the firewall without running the "CEICW" configure email and internet connection wizard". I do not remember that list of listening programs on my box. I'll check and post back in.

S Bradley 9/24/2003 7:21:51 PM

I found this article highly suspect, so I setup a win2k3 server in my lab. Following a fresh install, I used the online help to configure RRAS for routing, NAT and basic firewall. I forwarded ports 80 and 3389 to an internal server and then started my NMAP scans.
The server properly (and silently) blocked all traffic except for the ports I was forwarding. I suspect the author failed to click the box that says "Enable a basic firewall on this interface"

Someone should really verify the work of these people before their articles become public.
(And I don't even like Microsoft!)


Steven Cardinal 9/24/2003 1:33:55 PM

1. It is my opinion MS should not be including a "basic" firewall with a server product. It is bad enough that we are having a hard time convincing companies that Network Security is a item that needs more attention than simply using a NAT router. I would sincerely hope any one who is using a server product would have sense enough to take network security into account.

2. From what I saw in the report, the "basic" firewall can be usefull on a LAN as part of a tied security approach.

3. No one should be using just a Windows server to provide Internet access. (You report suggests that is what it is for.)

4. SBS includes ISA server 2000, which is a full fledged certified and recoginzed firewall. Any one using SBS 200x would therefore not use any "basic" firewall, rather ISA server if that that server was going to be serving as a firewall. Therefore your report using SBS 2003 RCx is flawed. Why not use a standard Windows Server 2003?

Respectfully yours,

John Tolmachoff
eServices For You

John Tolmachoff 9/23/2003 7:01:39 PM

"Nmapwin ... is free software under the GNU General Public License (GPL)." A link or two to this handy tool would be much appreciated.

Milton F. Lopez 9/23/2003 4:32:56 PM

the force is with microsoft

jango fett 9/23/2003 1:35:02 PM