5

I'm planning a few servers to be run on Rackspace cloud. Aside from using load balancers to control the flow of web traffic, how good is the Windows Firewall? I'm thinking in terms of throughput as well as security.

Piers Karsenbarg
  • 548
  • 3
  • 12
  • 24

3 Answers3

7

The Windows firewall is just fine for most applications. As with running any server, start out with a default deny policy and open up only the ports that you need.

Perhaps the more important question is whether or not your application software is secure...

EEAA
  • 109,363
  • 18
  • 175
  • 245
  • I should probably point out, that I want to control who has access to things like RDP and SQL Server, rather than anything within an application. – Piers Karsenbarg Aug 24 '11 at 12:26
5

The Windows Firewall is lean, mean, and does its job well. I doubt it would affect your throughput, and I'd trust it over any 3rd party software firewalls. ErikA is right in that you start with a default deny policy (preferably including outbound traffic also) to minimize your attack surface.

However, the benefits of a hardware firewall should be understood, since relying only on a software firewall isn't a best-case scenario. Even if you can't use one, it will help you understand the pros and cons of each ("Why should I bother having two firewalls???")

Bigbio2002
  • 2,823
  • 12
  • 35
  • 54
  • if a site has more than a dozen machines using host firewalls *and* another one on Internet link(s) is the only defensible option. – Hubert Kario Aug 09 '11 at 17:19
-1

No. It would effectively put your server directly on the Internet without any true security barrier. Personally, I feel that is a big drawback for the Rackspace Cloud (and IBM's Cloud). I would suggest looking at using another host (Linux) to function specifically as a firewall.

If you are not locked into Rackspace, check out EC2. AWS EC2 offers a significantly more robust security layer, not to mention Virtual Private Cloud.

af-at-work
  • 670
  • 1
  • 6
  • 12
  • I've been happy with dreamhost.com as well. – Alan Aug 09 '11 at 14:22
  • With the downtime that Amazon has been reporting over the past 6 months, I'm not really trusting them. Although people may prove me wrong, I've not heard many reports of Rackspace cloud product going down. – Piers Karsenbarg Aug 10 '11 at 09:06
  • @Piers - as with any well-engineered system, you need to set things up in such a way that you're not dependent on any one single point of failure. It may be true that Rackspace has been more stable historically, but that may be pure coincidence. They *will* have periods of extended downtime, just like the Amazon EBS outage. – EEAA Aug 24 '11 at 14:30