Re: Hardware VPN: 2 NICS --> 1 NIC - Non-Profit Needs HELP!
- From: "bkbgc1@xxxxxxxxx" <bkbgc1@xxxxxxxxx>
- Date: 30 Sep 2006 15:06:04 -0700
Thank you to everyone who posted. The computers have been successfully
setup at the new Boys & Girls Club and I plan to setup a Server 2003
box their to keep WAN traffic down. I have 1 issue with true
connectivity, but I am going to post that as a new topic since it is a
different from what we have talked about in this posting. THANKS ALL.
Joe wrote:
bkbgc1@xxxxxxxxx wrote:
DUALLY NOTED. Took it off DMZ.
What is the difference between doing a DMZ to a sbs2k3 and having a 2
NIC static ip. Oh. LOL. I just answered my own question.
Thank you Joe!
Any other tips would be great!
There would be no real problem with keeping your original
layout, but adding the router between modem and SBS. Two
levels of NAT are not a problem, and the router (with only
the necessary ports open) will keep most of the basic
automated probes away from the SBS, reducing the software
load on it and also the chances of being compromised by
a security bug. Two different firewalls, even if one is
fairly primitive, offer more protection than one.
Specifically, most 'firewall' problems are caused either
by their being left off or misconfigured, and this gives
an extra safety net. And while it's rare for a commercial
firewall/router to have a security vulnerability, it isn't
unknown.
The problem with what you did was that, while the LAN services
of the SBS have some protection against attack, they are not
sufficiently hardened to be safely exposed to the Internet.
The misnamed 'DMZ' feature of some firewalls simply forwards
all incoming connections to one machine on the LAN, which is
not usually capable of defending itself. While the outer NIC
of a 2-NIC SBS has a fairly useful firewall, the inner one
cannot.
.
- References:
- Hardware VPN: 2 NICS --> 1 NIC - Non-Profit Needs HELP!
- From: bkbgc1@xxxxxxxxx
- Re: Hardware VPN: 2 NICS --> 1 NIC - Non-Profit Needs HELP!
- From: Simon
- Re: Hardware VPN: 2 NICS --> 1 NIC - Non-Profit Needs HELP!
- From: bkbgc1@xxxxxxxxx
- Re: Hardware VPN: 2 NICS --> 1 NIC - Non-Profit Needs HELP!
- From: Joe
- Re: Hardware VPN: 2 NICS --> 1 NIC - Non-Profit Needs HELP!
- From: bkbgc1@xxxxxxxxx
- Re: Hardware VPN: 2 NICS --> 1 NIC - Non-Profit Needs HELP!
- From: Joe
- Hardware VPN: 2 NICS --> 1 NIC - Non-Profit Needs HELP!
- Prev by Date: Re: .Net 2.0 Framework and SBS 2003 sp1
- Next by Date: Re: Still can't connect to RWW or OWA remotely
- Previous by thread: Re: Hardware VPN: 2 NICS --> 1 NIC - Non-Profit Needs HELP!
- Next by thread: Re: Hardware VPN: 2 NICS --> 1 NIC - Non-Profit Needs HELP!
- Index(es):
Relevant Pages
|
