How to manage Windows Firewall and make your Integra applications globally available

Forum:
- Installing WordFrame

Author	Message
Boz Zashev	22 Jun 2010 17:10 no-new-comments
Joined: 17 Dec 2008 Location: Plovdiv Bulgaria	What is a Firewall Why it should be always enabled on your web server? Which TCP ports should I use? How to open a port on Windows Server 2003? How to open a port on Windows Server 2008? To operate, WordFrame Integra needs to install two web applications - the "Public site" and "Core administration". The first one is the application that will be used by public. The second one is the back-end administration of the platform, which should be accessed only by staff members. In order to provide an additional level of security, the Core administration is often installed on a different domain name. It can also use a secret port of the Public site's domain. In this way its location is concealed. Sometimes, on a newly installed web server even the default port 80 is firewalled and not accessible for external connections. For those of you, who plan to install the WordFrame Integra platform, it is important to have a better understanding how to open ports in the Windows firewall. This article will help you out with the task. Before we start, just have in mind that we are dealing only with the software Windows Firewall of the web server. There could be other software or hardware firewalls, which could prevent you from accessing the Integra web applications. In this case you will need to contact your network administrator or hosting vendor. 1. What is a Firewall ? Firewalls can be implemented in either hardware or software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. Wikipedia A firewall is a piece of software or hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. If you are a home user or small-business user, using a firewall is the most effective and important first step you can take to help protect your computer. Microsoft security In our WordFrame Integra world, the firewall is the software component of the web server called "Windows firewall". We will need to set it up properly and make it grant us external access to the Public site and the Core administration. This external access is not needed if you plan to install the platform on your computer and use it only locally. 2. Why firewall should be always enabled on your webserver ? Simple. It’s important to secure your servers properly - otherwise you may be putting your business at risk. You can also cause damage to other people by exposing their personal details to ill-doers. This is twice more important for a web server, as it is publicly accessible. Anyone in the world with a good Internet connection can "touch" it and look for holes in the security. You can also consider the alternative to change your default webserver "Administrator" account, so its username is much harder to be guessed. 3. Which ports should I use ? This is a hard question, as it really depends on what else you have installed in this web server and what is the network policy of your hosting or Intranet provider. Reviewing the complete list of all known port usages, gives me nothing more than a headache. The important one is the port 80, as it is the default one. When you type a domain in your browser, it automatically establishes connection to the web server on port 80. All other ports need to be specifically provided by adding them behind the domain name ":port-number". An example could be "http://domain.com:8080". This will request connection with the web server on TCP port 8080. Than the firewall will check it against its rules and if it is set correctly it will grant you access to the web server. The web server than will check what site corresponds to this port and will present it to you. On a single IP / domain), only one site can have a specific TCP port number. So to make the decision simpler, I can tell you what we, as a team, have decided. Sandbox or trial installation - during the installation, the WordFrame Integra installer will suggest the port 2010 for the public site and port 2011 for the Core administration. We are using this or any other pair between port numbers 2000 and 10 000. Production environment - the public site port should be 80 (the default one). For the Core administration we either set it up on a different IP / sub-domain name or on a port between 2000 and 10000. 4. How to open a port on Windows Server 2003 ? a. Open the Control panel. You need to have delegated Administrator's role to do that. b. Double click on the Windows Firewall icon c. Make sure that the firewall is turned on. If it is off for some reason, you need either to enable it and continue or contact your network administrator for more details. I do not have to open any ports, as they are all wide open with a disabled firewall. d. Click on the Exceptions tab e. Press the "Add port" button f. Type in an exception name and provide the port number g. Press the OK button. You should see your new exception in the list h. Press again the OK button. The Firewall window will close i. Follow the same instructions for both Public site and Core administration ports 5. How to open a port on Windows Server 2008 ? a. Open the Control panel. You need to have delegated Administrator's role to do that. b. Double click on the Windows Firewall icon. c. This should open the "Windows Firewall with Advanced Security" window d. Click on the "Advanced settings" link on the left side of the window e. Click on the "Inbound Rules" link on the left side of the window f. Click on the "New Rule" link on the right side side of the window g. On the "Rules type" wizard step select "Port" radio button and Press the Next button h. On the "Protocol and ports" wizard step leave "TCP" radio button selected, type in the port number and Press the Next button i. On the "Action" wizard step leave "Allow the connection" radio button selected and Press the Next button j. On the "Profile" wizard step leave all the checkboxes selected and Press the Next button k. On the "Name" wizard step type in rule name and description and Press the Finish button l. Repeat the same wizard steps to add exceptions for both the Public site and the Core administration m. Close the "Windows Firewall with Advanced Security" window

Author

Message

22 Jun 2010 17:10 no-new-comments

Joined:
17 Dec 2008
Location:
Plovdiv
Bulgaria

What is a Firewall
Why it should be always enabled on your web server?
Which TCP ports should I use?
How to open a port on Windows Server 2003?
How to open a port on Windows Server 2008?

To operate, WordFrame Integra needs to install two web applications - the "Public site" and "Core administration". The first one is the application that will be used by public. The second one is the back-end administration of the platform, which should be accessed only by staff members.

In order to provide an additional level of security, the Core administration is often installed on a different domain name. It can also use a secret port of the Public site's domain. In this way its location is concealed.

Sometimes, on a newly installed web server even the default port 80 is firewalled and not accessible for external connections.

For those of you, who plan to install the WordFrame Integra platform, it is important to have a better understanding how to open ports in the Windows firewall. This article will help you out with the task.

Before we start, just have in mind that we are dealing only with the software Windows Firewall of the web server. There could be other software or hardware firewalls, which could prevent you from accessing the Integra web applications. In this case you will need to contact your network administrator or hosting vendor.

1. What is a Firewall ?

Firewalls can be implemented in either hardware or software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. Wikipedia

A firewall is a piece of software or hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. If you are a home user or small-business user, using a firewall is the most effective and important first step you can take to help protect your computer. Microsoft security

In our WordFrame Integra world, the firewall is the software component of the web server called "Windows firewall". We will need to set it up properly and make it grant us external access to the Public site and the Core administration. This external access is not needed if you plan to install the platform on your computer and use it only locally.

2. Why firewall should be always enabled on your webserver ?

Simple.

It’s important to secure your servers properly - otherwise you may be putting your business at risk. You can also cause damage to other people by exposing their personal details to ill-doers.

This is twice more important for a web server, as it is publicly accessible. Anyone in the world with a good Internet connection can "touch" it and look for holes in the security.

You can also consider the alternative to change your default webserver "Administrator" account, so its username is much harder to be guessed.

3. Which ports should I use ?

This is a hard question, as it really depends on what else you have installed in this web server and what is the network policy of your hosting or Intranet provider. Reviewing the complete list of all known port usages, gives me nothing more than a headache.

The important one is the port 80, as it is the default one. When you type a domain in your browser, it automatically establishes connection to the web server on port 80. All other ports need to be specifically provided by adding them behind the domain name ":port-number". An example could be "http://domain.com:8080". This will request connection with the web server on TCP port 8080. Than the firewall will check it against its rules and if it is set correctly it will grant you access to the web server. The web server than will check what site corresponds to this port and will present it to you. On a single IP / domain), only one site can have a specific TCP port number.

So to make the decision simpler, I can tell you what we, as a team, have decided.

Sandbox or trial installation - during the installation, the WordFrame Integra installer will suggest the port 2010 for the public site and port 2011 for the Core administration. We are using this or any other pair between port numbers 2000 and 10 000.
Production environment - the public site port should be 80 (the default one). For the Core administration we either set it up on a different IP / sub-domain name or on a port between 2000 and 10000.

4. How to open a port on Windows Server 2003 ?

a. Open the Control panel. You need to have delegated Administrator's role to do that.

b. Double click on the Windows Firewall icon

c. Make sure that the firewall is turned on. If it is off for some reason, you need either to enable it and continue or contact your network administrator for more details. I do not have to open any ports, as they are all wide open with a disabled firewall.