Re: DSL, Proxy and Recommendations
From: Leythos (void_at_nowhere.com)
Date: 06/16/04
- Next message: Wolfgang Kueter: "Re: port 80 is open"
- Previous message: GhostMaster: "Re: port 80 is open"
- In reply to: Benign Vanilla: "DSL, Proxy and Recommendations"
- Next in thread: Benign Vanilla: "Re: DSL, Proxy and Recommendations"
- Reply: Benign Vanilla: "Re: DSL, Proxy and Recommendations"
- Reply:(deleted message) Charles Newman: "Re: DSL, Proxy and Recommendations"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 16 Jun 2004 14:23:30 GMT
In article <2jb2hhFvsknsU1@uni-berlin.de>,
BVremove@tibetanbeefgarden.com says...
> My current configuration looks like this.
>
> Local Active Directory server running DNS, IIS, SQL Server 2000.
> Four to five clients, all XP.
> Windows 2000 Pro as firewall running Black Ice Defender and Ositis Winproxy.
> This machine has two NIC's, one for the local LAN, and the other for the
> Internet connection which is protected by black ice, and shared by winproxy.
>
> I have a Westell 2200 for my DSL. I have a LinkSys 10/100 Switch and LinkSys
> WAP for internal networking.
>
> I'd like to dump the firewall machine and use the modem's firewall
> abilities.
>
> My question is...Can I do this? And is this modem powerful enough to provide
> protection so that I don't need protection on my individual PC's?
Are you providing inbound connections to the server or workstations from
the internet?
If you are not providing any inbound connections, then a simple NAT
router is a start, but I would consider a real appliance in place of a
NAT device for a office/business network.
Several things come to mind here:
1) Wireless, hope that you've disabled the SSID broadcast, enabled WEP,
changed the default SSID, changed the default channel, are not using the
default subnet of 192.168.1 or 192.168.0 on your network. Use the 128Bit
key, setup filtering based on MAC address too.
2) Antivirus software - never run a server (Windows) without it, always
have it on the clients systems too. Symantec Small business Edition 8.1
is cheap and works great on your platforms.
3) Your modem does not have a firewall, it's a NAT device. Never rely on
the ISP's hardware unless you and only you have control of it (not the
ISP). You can have them provide a public IP and then you take it from
there - do your own NAT or firewall, don't trust them to maintain it
form you.
4) Network subnet - change it from the default to something like
192.168.10.0/24. This keeps you out of the default networks space that
most routers/nat provide and makes it easier in case you ever implement
VPN tunnels from home/office to this location.
5) If you purchase a linksys router, make sure that it has logging still
built into it and download a utility called WallWatcher - this will let
you monitor ALL inbound and outbound traffic by IP/Port so that you can
see if anything has/is happening on your network - great place to see if
you've got a worm/backdoor that people are using - or to track employees
that are screwing off on company time.
If you go with a firewall appliance, there are many choices, but they
are not cheap, but you get what you pay for in most cases.
-- -- spamfree999@rrohio.com (Remove 999 to reply to me)
- Next message: Wolfgang Kueter: "Re: port 80 is open"
- Previous message: GhostMaster: "Re: port 80 is open"
- In reply to: Benign Vanilla: "DSL, Proxy and Recommendations"
- Next in thread: Benign Vanilla: "Re: DSL, Proxy and Recommendations"
- Reply: Benign Vanilla: "Re: DSL, Proxy and Recommendations"
- Reply:(deleted message) Charles Newman: "Re: DSL, Proxy and Recommendations"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
