Re: How secure is our server?

I have a SonicWall TZ170 that I'm thoroughly satisfied with, but it's not
inexpensive, at least not like the more home-user oriented devices. By the
way, I'm not saying that those Linksys, etc. boxes are useless - they're
clearly better than nothing. This is not an area I'm overly knowledgeable
about, so if you're interested, you could start another thread about the
merits of various firewall devices - you'll get a good debate going, and
hopefully get responses from people who know better than I why the higher
cost devices are better. I know there's more in the way of reporting, and
more granular control, but I'm not clear on the engineering behind what
makes one prevent intrusion better than another.

On the password subject, IMHO, and I stress that this is just my own
opinion, I would rather encourage the users to write down a long password,
than to use a shorter, more easily remembered one. It just seems to me that
the strangers outside your network are a much greater risk than the person
at the desk next to you. Of course, they don't need to stick the password
to the monitor for all to see.

You can google for password suggestions. There are a lot of good ones for
making secure passwords that are easy to remember. One is to use phrases
instead of words - for example, "I l0ve to drink R00t Beer!" is a pretty
strong pass phrase that probably would not have to be written down.


"Mark" <Mark@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6F46C229-5F4E-4AFF-A758-30601D5C54F1@xxxxxxxxxxxxxxxx
Thank you Dave.

You have answered some key points for me there I think.

We are currently using just Standard SBS. So I take it a regular
Linksys/Netgear or similar firewall/router would not be suitable to use?
The
links you posted are great, and much appreciated, and I am yet to see how
much one of these would cost, but are there other, lower cost,
alternatives
on the market. Sadly at the moment we are running on fumes and trying to
keep
costs to a bare minimum right now.

I have also tried getting the older ladies that work here to use harder
passwords, but they seem to be against it... Will have to keep on at them
and
force it.

Mark

"Dave Nickason [SBS MVP]" wrote:

Is this SBS Standard or Premium? If Premium, do you have ISA 2004
installed? ISA is the firewall component in SBS 2003 Premium, so if you
have that, properly configured with the CEICW, your network should be
secure. If not, you need a good, business-quality external firewall
device.
SonicWall and Watchguard are both well regarded, and there are many
others
that I'm sure are as good. A $49 or free-after-rebate device from Best
Buy
does not qualify as a network firewall.

And, don't forget passwords. If your password is the name of your wife,
pet, or favorite sports team, or if it's easily determined in a
dictionary
attack, your network is exposed by the VPN and RWW.

I would certainly not argue against the use of external resources to
determine network security. Personally, I don't use external services,
other than to run a free "Shields Up" scan from www.grc.com once or twice
a
year. But I do maintain and monitor my firewall software religiously.


"Mark" <Mark@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4B529FC0-7372-4257-B071-F63E9DFB43C5@xxxxxxxxxxxxxxxx
We have had an SBS2k3 server running for a couple of years now, and
nobody
in
our company is by any means a computer whiz. I just wanted to know how
secure
we are, and how I can help tighten things up now that I am little more
comfortable with things.

Currently using:

SBS 2k3 SP2
2 NIC (external WAN connection plugs straight into cable modem)
Running VPN & we can also Remote WorkPlace into it.

Any guidance is greatly apppreciated.





.

Relevant Pages

  • RE: [fw-wiz] UPS Worldship connection problems with new firewall device
    ... Are there any log messages generated in the SonicWALL when the user attempts ... >of weeks back for my small office network. ... >laptop which accesses UPS ... >firewall appliance, ...
    (Firewall-Wizards)
  • RE: Odd SonicWall behavior
    ... SonicWall answered the telnet... ... I help out one of the labs at my university keep their network up and pcs ... From my (outside their firewall) I did ... the lab director unplugged each pc one by one from the ...
    (Security-Basics)
  • Re: Sonicwall One-to-One NAT vs. DMZ
    ... that you're looking to access the SonicWALL firewall management from the WAN ... This version introduced HTTPS management of the firewall. ... >> inside the network, you can only use the inside address I, and not the ... >in mind, if you use a DMZ port, and somebody breaks into the computer on ...
    (comp.security.firewalls)
  • Re: Student Questions
    ... I'm a network admin in this situation also. ... Is setting up a firewall load balancing scheme worth the effort (and I ... If your internet access is mission ... cost would be a standby box to which you upload your presaved config. ...
    (comp.security.firewalls)
  • RE: Hardware Firewall ??? choose one !
    ... I have experience with the PIX and the SonicWall SOHO series firewalls. ... User Authentication, AntiVirus, Content Filtering and a Firewall solution ... You need to make sure your network beyond the firewall is well ...
    (Security-Basics)