2

We have a 2008 R2 server hosted in a data centre where we have no physical access but connect to it using RDP.

We plan to run SQL Server and some other services which should only be accessible to a limited number of static WAN IP addresses.

Unfortunately there is no Firewall Appliance at the perimeter so we only have Windows Firewall to rely upon.

The plan I have is to block everything inbound except those select whitelisted IP addresses. After reading from various articles about MMC Snap-in, Windows Firewall, IPSec etc I then stumbled upon a post here: https://serverfault.com/a/51223/214935

This led me to believe that if I create a new Inbound Rule perhaps called 'Global Whitelist' which contained those specific/trusted IP Addresses, if I then disabled all the other inbound rules then everything else would become blocked.

Frankly, it sounds like a plan but it honestly scares me because if I screw this up, I kill our only access to the server.

I wouldn't have posted a new question if I had been able to post a comment on the above thread but being new here, my reputation is too low :-(

I simply need to clarify if the above should work or if perhaps I'll end up severing our only connection to the server.

Perhaps there is a better/cleaner/easier way to achieve the same results. Can anyone help?

Community
  • 1
Wayne Phipps
  • 218
  • 3
  • 9
  • 3
    Do you have a local computer that you can pre-design the firewall rule with and test with? Set up the rule that you think should work but use a set of private-local IPs instead. Then once the desired effect is achieved replace the privates with the publics and drop it in. – MartinC Apr 02 '14 at 20:21
  • Thanks @MartinC, I'm starting with that approach and am creating a windows 7 virtual machine for testing. Were on a domain where the Firewall Rules are locked down by GPO. I didn't really want to take a on a 'trial and error' approach with our server security, I was hoping for someone with technical experience to give their opinion or ideas on how this is normally achieved but thanks for that idea. – Wayne Phipps Apr 03 '14 at 07:52

1 Answers1

1

2 inbound rules:

1) allow RDP restricted by external IPs (your whitelisted IPs)

2) block everything.

Verify in a test environment that desired effect is achieved, then drop in place. Mind you, this will not prevent those servers from making outbound connections to non-whitelisted machines due to the nature of stateful firewalls.

MartinC
  • 345
  • 1
  • 3
  • 11