I have Windows server 2008 R2 running on Rackspace network and I'm having difficult times to secure it behind a linux and iptables...
I would like to know if the windows firewall is secure enough to leave the server accessible from the public internet without any other security system...
Thanks
Yes. The windows firewall is good enough. It can handle blocking IPs/ports just fine. Just make sure you start out blocking everything, then only unblock the services you need.
Should be ok, temporarily, but really depends on what you're doing, and how much load you expect.
The benefits of a dedicated hardware firewall is that it gives you a buffer in case of misconfiguration of the firewall, Windows, or both, temporary downtime (i.e. when/if firewall service needs to be stopped to apply an update), and vulnerabilities in Windows Firewall itself or any of the dependent services or the TCP/IP stack itself.
This isn't to say that a hardware firewall is itself immune to bugs, but a dedicated firewall is just that: a dedicated piece of a equipment that's (typically) sole purpose is to provide stateful packet inspection, (usually) routing/NAT, and other security-specific services; it doesn't have to make compromises like Windows does.
Its a old question, but to add a bit of detail, Windows firewall is secure but lack some packet filtering option that the linux/BSD stack offer.
It’s stateful on TCP/IP, pseudo-stateful on UDP and stateless on ICMP.
The full text;
Windows Firewall provides the stateful filtering of TCP/IP traffic (IPv4 and IPv6) that uses the TCP transport protocol. It also provides the “pseudo-stateful” filtering of TCP/IP traffic that uses the UDP transport protocol. ICMP traffic is not statefully filtered; rather, ICMP traffic is allowed or blocked based on Windows Firewall settings (for example, you can explicitly allow or deny incoming echo requests or outgoing destination unreachable messages by configuring Windows Firewall settings).
