To keep your Windows 2008 server secure, it is important to restrict access to who is allowed to connect to your server. You may have programs like FileZilla, SQL Server/MySql and Remote Desktop and just having a strong password for those services is not enough. You should therefore create Windows Firewall inbound rules to prevent unauthorised access to your server.
My previous ISP gave me an IP address which lasted at least 6 months before being renewed. So I could add my IP address to the Windows Firewall and deny access to all others. That worked fine until I changed ISP and everytime I connect I was given a new IP address. This caused a huge problem for me and I needed to find a solution. I didn’t want to remove that Windows Firewall rule and just have the password as a method of defence against hackers or opportunists.
So I started analysing the IP addresses that were assigned to me by my new ISP every day or so. From the data I gathered, I found a pattern which shows that the first 2 digits were fixed, the 3rd one varied between just two consecutive numbers and the fourth one was dynamic (as in it could be any number). With that information, I knew exactly what I had to do. Instead of listing a static IP in Windows Firewall, I could set an IP range which could connect to the server.
Let’s suppose, the lowest IP address was 188.8.131.52 and the highest was 184.108.40.206. You could put that in the Firewall inbound rule easily as the starting from and upto range as follows:
However there’s a more elegant way of doing that – by specifying a subnet mask. You could try type in 220.127.116.11/23 as follows:
I’ve used the subnet calculator to correctly assign the range : http://www.subnet-calculator.com/cidr.php
Note that although this configuration will allow a lot of IP addresses within that range to access the server, it’s better than leaving it open to the whole world. The combination of the IP range along with a strong password makes it more secure than having no IP restriction at all.