locked
Do I need another firewall? RRS feed

  • Question

  • My WHS is behind a D-Link DIR-655 router which uses NAT on a 192.168.x.x network.

    I use MAC address filtering for my computers to access the network, and WPA encryption.

    And I have also forwarded ports 443, 4125 and 80 to my WHS (did this to have remote access enabled to my WHS.)

    Now to my questions: 

    1.  Is there anything I need more to ensure protection of my WHS, I think there is a built-in firewall in Windows right?
    2. Is there any danger forwarding these ports to my WHS?

     

    Thursday, April 1, 2010 7:09 PM

All replies

  • Hi,

    the built in Firewall, together with the protection NAT offers to you, should be enough protection. Additional Firewalls on WHS are not only overkill, but often affect the WHS connectivity with the clients negatively.

    As long as you keep your server patched up, you should also be safe against attacks from the Internet, especially, if you do not use your WHS as desktop replacement. Also a WHS specific Antivirus solution can improve the security a little bit more.

    Best greetings from Germany
    Olaf

    Thursday, April 1, 2010 7:21 PM
    Moderator
  • Hi,

    the built in Firewall, together with the protection NAT offers to you, should be enough protection. Additional Firewalls on WHS are not only overkill, but often affect the WHS connectivity with the clients negatively.

    As long as you keep your server patched up, you should also be safe against attacks from the Internet, especially, if you do not use your WHS as desktop replacement. Also a WHS specific Antivirus solution can improve the security a little bit more.

    Best greetings from Germany
    Olaf


    OK. But since those ports are forwarded to my WHS, someone would need to know my domainname configured in my WHS's RemoteAccess configuration, or could someone just start attack my external (from ISP) IP address, and go for these ports and come in??

    These ports are so common I guess, so what is actually protecting me since the ports are known, and a portscanner would see that somethins is responding on my external ip?

    Thursday, April 1, 2010 7:38 PM