Re: SBS 3003 Premium - 2 NIC w/ Hardware Firewall

From: Blase <Blase@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Sun, 16 Jul 2006 15:52:01 -0700

I understand that opening ports to allow external login access also allows
for login opportunity that hackers might try to exploit. I guess what I'm
trying to do is "limit the scope of the rules", as you suggest, to minimize
that potential. But I obviously do not know quite how to do that, and assumed
the X5 firewall device might help with some pre-established rules for the
services I need - or at least limit the hacker attack to trying to penetrate
the external device rather than my server. But I guess it can't work that way.

I have some experience with networking and MS Exchange, but I know very
little about security issues or proper configuration of firewall rules. This
server has been operational for over 2 years - flawlessly - but in the past 4
months or so these random and consistent login attempts began happening. So
I've been looking to tighten up our installation to keep them out, while
still keeping the benefits SBS offers us. I know of 3 SBS servers that were
infiltrated in our city recently and wanted to make sure we did all we could.
An external firewall device was recommended by the FBI computer people as a
reasonable level of redundancy, so I purchased one when we recently replaced
the physical server hardware - hence the original post here.

So to answer your primary question, this is a very small business of 8 users
in an architectural firm. We need to provide FTP access to our consultants
and clients, for on-going project collaboration, but do work only in Alaska.
Occassionally people in other US states require access to this FTP site, but
never internationally.

We use VPN access as well, allowing employees to log in to the server, check
out software licenses from our CAD software license server and transfer any
files they need to work on. This functionality is primarily to allow users to
work from home or when traveling. It is not for any full time VPN needs of a
satelite office or anything like that.

We use SBS Remote Workplace tools for remote log in purposes, but that
functionality is limited pretty much to me. I use it to do minor server
maintenance from home or on the road. We also use it within the office to
access one general workstation that houses some single-installation contract
software we use sporadically - at the start-up of each project only.

We use Outlook Web Access to gain access to our Exchange Server from outside
of the office. I personally use the RCP over HTTP for my particular access to
the Exchange server, since I travel quite a bit and can get better
functionality that way. The VPN, FTP, and OWA are all services that are
accessed within other states of the US on occassion, but never
internationally.

Finally, I use a smart phone that accesses my Exchange server with Exchange
Active Sync.

Any help you can offer is appreciated. I appreicate all of the responses
thus far. I didn't mean to strike a nerve in my last request - I just didn't
understand how an update CD was going to help me when I've already performed
the update itself. I'm still not sure whether I need to remove the SP1 patch
first when I get this CD(which I thought was pretty much impossible), or run
it again with the CD to gain access to the ISA 2004 piece - but I'll just get
the CD coming and see if I can figure things out from there.

Tnaks again.

"Leythos" wrote:

In article <7DA546A6-CE22-4D37-AA3B-B4367282EEEB@xxxxxxxxxxxxx>,
Blase@xxxxxxxxxxxxxxxxxxxxxxxxx says...

I'm trying once again to get some clarity on this issue. I now have the X5
properly installed and everything is working fine - I get full access to VPN,
remote workplace, rcp over http email, etc. But I am still getting some
periodic hits, sometimes 2,500 at a session, where a bot program or something
is attempting random login attempts to my server. That is why I opted for the
external firewall device in the first place. Apparently the X5 will either
not stop that kind of request, or I do not yet have it configured correctly
to do so.

You seem to think that a firewall will block access to ports that you've
exposed by some magic rule, it's not true. If you expose ports that
allow users to "Log in" to your server, then you have to create rules
that permit it in the firewall, those rules, unless you limit their
scope, don't know the difference between a legit user and a cracker
trying to login.

Just like creating a rule to allow HTTP inbound - if you don't limit it
by some means then anyone connecting via HTTP can reach the service
running HTTP. I personally limit our websites (HTTP) to IP ranges in
countries that I consider necessary and have full subnet bans on
countries that I've determined we don't need to serve.

Seeing the suggestions from SuperGumby, I wanted to add the ISA protection
noted. I never realized I had ISA 2000 as part of my SBS 2003 Premium
software, however, so it has never been installed. SuperGumby suggested I not
do so, but opt for ISA 2004 instead. So I downloaded ISA 2004 trial to see if
I could configure it correctly, until further posts from Marina suggested I
should remove it and use only the CD's that are specifically made for SBS
2003.

At this point, all I want to know is how best to get to ISA 2004 for my
installation. I have always kept this server patched to the latest updates -
so SBS 2003 SP1 has already been installed. Yet if ISA was never installed
initially, it was obviously not updated to 2004 when I did the SP1 patch. So
the question is how best to proceed. Should I install ISA 2000 from my
original product CD's and then run the SP1 patch again? Or is there a better
way? Marina's last post simply gave me the link to the SP1 download page. SP1
is already installed - but ISA is not. That is the problem here.

Even ISA won't block login attempts.

Why don't you tell us what you want from a firewall and protection, then
what services you want to provide externally, then we might be able to
help.

--

spam999free@xxxxxxxxxx
remove 999 in order to email me

Follow-Ups:
- Re: SBS 3003 Premium - 2 NIC w/ Hardware Firewall
  - From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]

References:
- Re: SBS 3003 Premium - 2 NIC w/ Hardware Firewall
  - From: Blase

Prev by Date: Re: SBS 2003 to 2003 Server Upgrade?
Next by Date: Re: SBSR2 Install Sequence... can you upgrade R2 from SE to PE?
Previous by thread: Re: SBS 3003 Premium - 2 NIC w/ Hardware Firewall
Next by thread: Re: SBS 3003 Premium - 2 NIC w/ Hardware Firewall
Index(es):
- Date
- Thread

Relevant Pages

Re: ISA - Single NIC - FTP Issue
... > and always attempts an anonymous login. ... > Recently I began testing the ISA 2004 server. ... > HTTP, HTTPS and FTP protocols. ...
(microsoft.public.isa.configuration)
RE: ISA 2000 and 3rd NIC
... can I try to reinstall SP2 befor reinstall the whole ISA? ... Do you know if I can run this installation in a Terminal session? ... if firewall service is stopped the server is unreachable from LAN. ... | password the logon is successful and connection freezes on the desktop. ...
(microsoft.public.isa)
RE: ISA Server and Win2k3 standard OS
... 1)Start the ISA Server Setup process. ... During the installation, error messages and error event logs ... When Setup completes the installation of ISA Server, ...
(Focus-Microsoft)
Re: "ISA Cannot Run" Message
... As the final step of installation I'm loading ISA from the SBS premium CD. ... logical processors or that it's an AD server. ...
(microsoft.public.isa)
Re: ISA Server 2004 Upgrade from ISA Server 2000 Fails on SMTP Scr
... from 2000 the installation failed. ... It does show up as ISA 2004 in add removed ... So to go from two nics back to one ... > Microsoft Internet Security & Acceleration Server: ...
(microsoft.public.isa)