Re: DSL, Proxy and Recommendations

From: Benign Vanilla (BVremove_at_tibetanbeefgarden.com)
Date: 06/16/04

• Next message: GhostMaster: "Re: port 80 is open"
• Previous message: Daniel Crichton: "Re: port 80 is open"
• In reply to:(deleted message) Leythos: "Re: DSL, Proxy and Recommendations"
• Next in thread: Leythos: "Re: DSL, Proxy and Recommendations"
• Reply:(deleted message) Leythos: "Re: DSL, Proxy and Recommendations"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 16 Jun 2004 10:48:34 -0400

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b3a220d57de0f8898a648@news-server.columbus.rr.com...
> In article <2jb2hhFvsknsU1@uni-berlin.de>,
> BVremove@tibetanbeefgarden.com says...
> > My current configuration looks like this.
> >
> > Local Active Directory server running DNS, IIS, SQL Server 2000.
> > Four to five clients, all XP.
> > Windows 2000 Pro as firewall running Black Ice Defender and Ositis
Winproxy.
> > This machine has two NIC's, one for the local LAN, and the other for the
> > Internet connection which is protected by black ice, and shared by
winproxy.
> >
> > I have a Westell 2200 for my DSL. I have a LinkSys 10/100 Switch and
LinkSys
> > WAP for internal networking.
> >
> > I'd like to dump the firewall machine and use the modem's firewall
> > abilities.
> >
> > My question is...Can I do this? And is this modem powerful enough to
provide
> > protection so that I don't need protection on my individual PC's?
>
> Are you providing inbound connections to the server or workstations from
> the internet?

No. The server is purely for development purposes. We publish to a public
server for production releases.

> If you are not providing any inbound connections, then a simple NAT
> router is a start, but I would consider a real appliance in place of a
> NAT device for a office/business network.
>
> Several things come to mind here:
>
> 1) Wireless, hope that you've disabled the SSID broadcast, enabled WEP,
> changed the default SSID, changed the default channel, are not using the
> default subnet of 192.168.1 or 192.168.0 on your network. Use the 128Bit
> key, setup filtering based on MAC address too.

SSID is disabled if I remember correctly. WEP is not enabled, but we have
MAC filtering setup.

> 2) Antivirus software - never run a server (Windows) without it, always
> have it on the clients systems too. Symantec Small business Edition 8.1
> is cheap and works great on your platforms.

On all machines already.

> 3) Your modem does not have a firewall, it's a NAT device. Never rely on
> the ISP's hardware unless you and only you have control of it (not the
> ISP). You can have them provide a public IP and then you take it from
> there - do your own NAT or firewall, don't trust them to maintain it
> form you.

As far as I know Verizon does nothing to configure this, it's all on my end.

> 4) Network subnet - change it from the default to something like
> 192.168.10.0/24. This keeps you out of the default networks space that
> most routers/nat provide and makes it easier in case you ever implement
> VPN tunnels from home/office to this location.

Done from day one, we use 172.x.x.x.

> 5) If you purchase a linksys router, make sure that it has logging still
> built into it and download a utility called WallWatcher - this will let
> you monitor ALL inbound and outbound traffic by IP/Port so that you can
> see if anything has/is happening on your network - great place to see if
> you've got a worm/backdoor that people are using - or to track employees
> that are screwing off on company time.

So if I understand correctly, I could buy a LinkSys Router, plug the modem
into that and then the WAP and potentionally the switch into that for the
LAN?

> If you go with a firewall appliance, there are many choices, but they
> are not cheap, but you get what you pay for in most cases.

Understood.

BV.

---

• Next message: GhostMaster: "Re: port 80 is open"
• Previous message: Daniel Crichton: "Re: port 80 is open"
• In reply to:(deleted message) Leythos: "Re: DSL, Proxy and Recommendations"
• Next in thread: Leythos: "Re: DSL, Proxy and Recommendations"
• Reply:(deleted message) Leythos: "Re: DSL, Proxy and Recommendations"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: DHCP: not reached by clients ... Based on my research, we do not need to configure the DHCP or DNS on SBS, ... Run the Change Server IP address wizard to configure the SBS IP: ... One network adapter - manual router connection to broadband ... DHCP on router and other clients. ... (microsoft.public.windows.server.sbs) Re: Problem ... the remote site and see if they have the connection manager installed. ... So...whichever is easier to set up on the router. ... location B need to connect individually via VPN to the SBS server at ... server - not sure of the clients ip scheme - but I think it is ... (microsoft.public.windows.server.sbs) Re: VPN/RAS Access other network resources ... is my ADSL Modem Router Firewall. ... PPP adapter RAS Server Interface: ... > DHCP server for the LAN but VPN clients are issued IP addressess by the VPN ... (microsoft.public.windows.server.networking) Re: Marina Roos......HELP! ... The Firewall on the lan connection of XP clients should be turned off. ... If you have ISA installed on the server, check that the firewall client is ... First let the server succeed in getting access to the internet. ... WORKSTATIONS are set to DHCP server as router DHCP is ... (microsoft.public.windows.server.sbs) RE: Users Cant Access Documents on Server ... Thanks for using the SBS newsgroup. ... As well as we know, if a workstation would not access network shares, then ... Leave the Default Gateway of the internal NIC blank of the server box. ... Clients That Require SMB Signing ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)