A firewall is designed to keep information secure by keeping intruders out of the network. It can be configured to serve as a barrier between the internal network’s addresses and those in the outside world. To let network traffic pass through the firewall, traffic from only certain IP addresses can be allowed to pass, or traffic from specific addresses can be blocked. This can be done on ip-addresses and/or on port numbers. Much used port numbers are :
| 20/21. FTP |
| 23. Telnet |
| 25. SMTP |
| 53. DNS |
| 69. TFTP |
| 80. HTTP |
| 88. Kerberos |
| 110. POP3 |
| 119. NNTP |
| 143. IMAP |
Firewalls are available are hard- and software solutions. Microsoft's firewall solution is Microsoft Proxy Server 2.0, which is later replaced by Internet Security and Acceleration server 2000.
Functions of Microsoft Proxy Server 2.0 are :
| In- and outbound packet filtering. |
| Real time security alerts. |
| Reverse proxy to put a webserver outside the firewall while still available for internal clients. |
| Reverse hosting to put webservers inside the firewall to let them act individual or or as on single virtual web server. |
| Server proxying to put server behind the firewall. |
| Hierarchical content caching. |
| Array based content caching and administration to let multiple proxy servers use on cache. |
| FTP and HTTP (1.1) cache support. |
| Web- and command line administration. |
| Configuration backup and restore. |
| Client auto configuration. |
| Socks support. |
Features of ISA 2000 are : (See ISA 2000features)
| Multi layer firewall. (packet-, circuit and application level) |
| Stateful inspection. (examine data passing the firewall) |
| Application support. (NAT) |
| Integrated VPN support. |
| System hardening. (Lockdown Windows 2000) |
| Intrusion detection. |
| Application filters. |
| Web cache and caching scalability. (Group multiple ISA servers via the Cache Array Routing Protocol) |
| Distributed or hierarchical caching. |
| Active caching and scheduled content download. |
| Policy based internet access control. |
| Bandwidth priorities. |
| Email content screening. |
Microsoft Proxy Server uses address translation to provide internet access for a private network but the method used with the RFC, which defines the specifications for NAT. The product also offers firewall functionality as you can block or allow ip traffic from specified domains or IP addresses. This filtering can also be based on ports. The third functionality of Microsoft Proxy Server is the caching of web pages and ftp objects. This can be done to reduce the amount of internet traffic and to increase the speed of frequently accesses web pages. The three supported proxy services are :
| Web proxy (HTTP, HTTPS, FTP read, and Gopher for TCP/IP computers with CERN aware browsers) |
| WinSock proxy. (Windows Sockets applications on TCP/IP or IPX/SPX clients that are not aware of proxy can access the internet. Needs a WinSock proxy client on the clients) |
| SOCKS proxy. (cross-platform mechanism to provide secure communications between clients and servers using TCP/IP. It supports HTTP, FTP, Telnet and Gopher) |
Before you install proxy server 2.0 on a Windows 2000 server, two steps need to be taken :
| As Proxy Server 2.0 is an ISAPI extension to IIS, IIS 5.0 must be installed. |
| You
need to install a patch to install Proxy Server 2.0 on a Windows 2000
server. |
| Microsoft Internet Security and acceleration server homepage |
| Microsoft Proxy server 2.0 homepage |
| Knowing which ports to block on a firewall (TechRepublic) |
Last update: 1 July 2001