Re: Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.. Previous post was missing the subject line)
From: Patrick Andry (pandry@wolverinefreight.ca)Date: 09/26/01
- Previous message: akomolafe: "Re: URLscan overhead"
- In reply to: Jorge Roxo: "Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.. Previous post was missing the subject line)"
- Next in thread: Jorge Roxo: "RE:RE: Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.. Previous post was missing the subject line)"
- Next in thread: Fernando Cardoso: "RE: Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.. Previous post was missing the subject line)"
- Reply: Jorge Roxo: "RE:RE: Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.. Previous post was missing the subject line)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3BB20613.1020602@wolverinefreight.ca> Date: Wed, 26 Sep 2001 12:45:07 -0400 From: Patrick Andry <pandry@wolverinefreight.ca> To: j.roxo@sotagus.pt Subject: Re: Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.. Previous post was missing the subject line)
Jorge Roxo wrote:
>We are considering using a multiple installation of firewalls in all our
>servers. All servers are Windows 2000 Advanced Server with no IIS as we
>have no website or web services other than Internet access and e-mail.
>Both Internet and e-mail are accessed via a separate proxy server
>running Linux Red Hat 6.1, and it is necessary for the user to
>authenticate him/herself before any e-mail or web access is done. The
>idea is to establish firewalls between all our servers inside our LAN,
>so all traffic inside the network is filtered by the firewalls, and also
>as we have several domains, to try and stem the spreading of virus
>inside the network ( beside the fact that all pcs have AV and its daily
>updated ) by filtering the traffic at the Servers using the firewalls
>and the AV.
>
<snip>
A strong firewall to the outside and a high end switch capable of vlans
should give you sufficient protection. This is of course assuming you
are running a natted connection to the internet with only one IP
address. The VLAN would allow you to separate the traffic between
groups of computers, and should not affect server or lan performance,
but rather improve it. Logging capability on the firewall and a
mirrored port on the switch would be huge reccomendations.
The largest problem you would have with virus spread would be contact
lists in Outlook or Outlook Express. Stress to the users how important
it is to not use these. Also use antivirus on every machine. I prefer
NAV, but the choice is ultimately yours.
The final step would lie with the proxy server. What are you using for
a proxy? If you are using squid, I suggest an add-on program called
Dans Guardian. This program will filter internet content, block
specified mime types and files based on extension. It is fairly easy to
set up, can be as restrictive as you want it to be, and with the proper
configuration, you can have a really nice proxy setup.
- Previous message: akomolafe: "Re: URLscan overhead"
- In reply to: Jorge Roxo: "Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.. Previous post was missing the subject line)"
- Next in thread: Jorge Roxo: "RE:RE: Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.. Previous post was missing the subject line)"
- Next in thread: Fernando Cardoso: "RE: Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.. Previous post was missing the subject line)"
- Reply: Jorge Roxo: "RE:RE: Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.. Previous post was missing the subject line)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
