Re: LAN Security - Stopping unknown machines accessing the LAN

If you have ISA 2k4 in a single nic setup...it's not doing anything firewallishy for you.

What's your "real" hardware firewall... as currently it sounds like you allow any connections outbound no matter what.

In a 2nic setup or with a hardware firewall that needs authentication, only those workstation that authenticated could go out the door.

A SBS server does.. but not with one nic card.

Alan wrote:
Hi All,

I am not sure whether this is an SBS question or not. If not, feel free to (politely!) tell me where to go.

I have observed that if I place an 'unknown' workstation on our LAN it will, for example, connect to the internet. For demo purposes I used a fresh install of Linspire 5.0 since I had the install CD and I don't have a spare Windows license available right now (but I assume this would work with many other OSs).

It connected to the internet no problem.

Our SBS 2003 Prem server is the DC and runs ISA 2004. It is in single NIC configuration (which is why I wonder if I am asking the question in the right forum).

Can the SBS server prevent an unknown client from accessing the LAN and external resources (the internet in general)? Obviously the unknown machine cannot join the domain unless given permission by an Admin, but is the server and the other domain clients on the LAN at risk from this machine (and by extension from something nasty that it 'contracts' from the net)? Does the SBS 2003 Prem server 'protect' itself and its domain clients from such a machine?

I know that we shouldn't allow other machines to be connected to the LAN, but I am just trying to understand the risks and potential for damage if a user decides to do something like that - all in naivete as they always do of course!


Thanks,

Alan.
.

Relevant Pages

  • Re: SBS VPN setup?
    ... And if you have a hardware firewall you haven't flashed in years they just got in through a exploit. ... SBS plugs into a switch with the other computers and the switch is plugged into a firewall appliance with 2-nics. ... To compare apples to apples, let us assume there is a network setup as I outlined above...and the firewall appliance is an ISA server, such as those available from Celestix. ... > learn and test the RWW solution before deploying it. ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS VPN setup?
    ... The 2-nic configuration is used when the SBS server will *also* act as your network's firewall. ... You purchase 2k3 PREMIUM and that comes with ISA to handle the firewall duties. ... To compare apples to apples, let us assume there is a network setup as I outlined above...and the firewall appliance is an ISA server, such as those available from Celestix. ...
    (microsoft.public.windows.server.sbs)
  • Re: Internet on nodes
    ... disabled state (someone please confirm this for SBS Standard, ... firewall service should result in 'ISA lockdown'. ... print' from both the server and a WS. ... Was not able to connect to the internet on the WS. ...
    (microsoft.public.windows.server.sbs)
  • Re: ceicw failure on e-mail config
    ... Merv Porter [SBS MVP] ... Ethernet adapter Server Local Area Connection: ... Call to Reading the firewall selection returned ok. ... Firewall Rule: SBS DHCP Client ...
    (microsoft.public.windows.server.sbs)
  • Re: Firewall on a single NIC SBS2003 Standard edition
    ... Frank McCallister SBS MVP ... > " Well, if you're wanting to run the firewall on a single NIC, you aren't ... Don't ask the server to do *everything*, ... > internet traffic from the workstations don't have to go through the SBS. ...
    (microsoft.public.windows.server.sbs)