Re: Network & Broadband Security...
From: Jerry Mendes (mendes@nospam.datacomm-insights.com)Date: 06/04/02
- Next message: Chris: "Re: Need help in Australian employees monitoring Law"
- Previous message: Pete: "Re: VPN without Firewall?!"
- Maybe in reply to: HC: "Re: Network & Broadband Security..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Jerry Mendes <mendes@nospam.datacomm-insights.com> Date: Tue, 04 Jun 2002 07:54:41 -0000
davidaustinarcher@ntlworld.com (David) wrote in
news:70bd4e6e.0205300804.77c216aa@posting.google.com:
> Hello,
>
> I wonder if anyone can give me advice.
>
> We are a small company with 80 or so PC terminals on a network
> controlled by an NT4 server. We have recently had broadband internet
> access installed as a point on our network. This will give us a
> permanent IP address which I believe to pose a security threat. Many
> of our computers have shared directories (no passwords) including the
> NT server, but the user must be added to the NT server user list in
> order to access its directories.
>
> All of the PCs look to a proxy server for internet access, which in
> turn looks to the broadband box for access.
>
> Can anyone advise me on the security precautions I should take? I have
> looked at firewall hardware but there are so many on the market.
>
> Much appreciated,
>
> David.
David,
You should find a good book on securing your network, or at least read a
tutorial. Check O'reilly books -- they have a couple of good titles. Or
you might want to hire a consultant can give you a basic roadmap. Though
most of the people who will respond to you will give you reasonable advice,
a few quickly written answers on a newsgroup aren't really sufficient.
The firewall is just one piece of a complete security plan. You'll need to
look at how to secure your Web server, your email server, and how to assure
that your users don't violate security policies by using dial-up modems to
circumvent the firewall. And you may want to keep detailed logs on a
dedicated "log server" which could be almost any old machine running
Win95/98/ -- even a P100 less, so long as it has a big enough hard drive to
keep large log files.
So far as a firewall is concerned, I don't think it matters so much which
one you buy so long as you understand how to configure it properly, and if
you stick with a somewhat well-known manufacturer, who provides readily
available live support (by phone). Many organizations default to Cisco,
because they're a big, reliable company, but you can find good products
from many other companies (WatchGuard, Checkpoint, and Raptor -- now part
of Symantec -- come to mind). Most of these products have versions that
will run on either Windows NT/2000 or some UNIX derivative, and some are
preloaded onto a so-called "firewall appliance" -- a stand-alone device
preloaded with everything you'll need. Decide whether you want the
firewall to simply block Internet intruders, or do you want it to also
implement virus screening, be capable of implementing VPNs, host your
public email server, and various other features.
For a company with 80 users, I'd suggest one of the firewall appliance
products -- the entry level products available from the vendors with a
range of products. Entry level products can be every bit as secure as the
more sophisticated ones, but generally lack certain features or support for
large numbers of users.
If you need more help, email me off list -- just delete the nospam from my
email address listed below.
-- Jerry Mendes, Principal Consultant Voice: (415) 381-5500 DataComm Insights FAX: (415) 381-5502 150 Seminary Drive Email: mendes@nospam.datacomm- insights.com Mill Valley, California 94941 http://www.datacomm- insights.com
- Next message: Chris: "Re: Need help in Australian employees monitoring Law"
- Previous message: Pete: "Re: VPN without Firewall?!"
- Maybe in reply to: HC: "Re: Network & Broadband Security..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
