Re: Add 2nd NIC after intial install?
- From: Joe <joe@xxxxxxxxxxxxxx>
- Date: Mon, 20 Jun 2005 17:23:50 +0000
GeordieB wrote:
I'm just concerned that my server, with my current setup, is not secure behind my Linksys firewall since I've opened a couple of ports to the server for RWW & Outlook using RPC over HTTP (which both work beautifully now). I want my clients' systems to be secure, mostly from trojans, port scans, that kind of thing (in-office security is not a concern, these are family businesses, not a lot of employee turnover, nor huge staffs). My biggest question with 1 NIC is: even if workstations are protected with individual firewall products, what is protecting the SBS server itself if ports are open for remote access through the Linksys firewall?
The short answer is nothing, whatever topology you use. An open port is an open port, you are relying on the application listening on that port to provide security. The whole point of a firewall is to allow access to some parts of the system, otherwise you could just unplug the network cable and get perfect security. Any device between the SBS and Internet must forward messages for the ports you use, and can only provide any protection if it decodes packets and does some sort of higher-level filtering. At the level of RWW and RPC, the only device around which can do that kind of thing is the SBS itself. Very few routers which cost less than SBS Premium can do anything more complicated than basic web content filtering.
But even a 1-NIC basic SBS is not completely defenceless, there is a firewall which should only allow access to file and print serving to domain machines by default, and can be reconfigured.
My preference would be to use some kind of separate firewall outside the SBS. There are various gains, such as a reduction in load on the SBS itself, and the existence of a DMZ. 'Foreign' laptops can be connected here, giving them Internet access while the SBS keeps them out of the LAN. Inherently undesirable servers, such as public web and FTP servers, can be run here without much risk to the LAN.
I would also prefer to use a modem-router, rather than a modem (probably USB) connected straight to SBS. The big issue here is support, from the ISP and the modem manufacturer, on the odd occasion you may need it. 'Small Business Server? Never heard of it, we only support Windows.' .
- References:
- Add 2nd NIC after intial install?
- From: GeordieB
- Re: Add 2nd NIC after intial install?
- From: Frank McCallister SBS MVP
- Re: Add 2nd NIC after intial install?
- From: GeordieB
- Add 2nd NIC after intial install?
- Prev by Date: Re: internal support error microsoft word
- Next by Date: Multiple Email domains
- Previous by thread: Re: Add 2nd NIC after intial install?
- Next by thread: Re: Add 2nd NIC after intial install?
- Index(es):
Relevant Pages
|
