Re: Server Security
From: Dennis Balogh (posttest@nospam_yahoo.com)
Date: 02/21/03
- Next message: Karl Levinson [x y] mvp: "Re: Permission from Microsoft word"
- Previous message: Shawn Shepherd [MSFT]: "RE: Computer certificate renewal"
- In reply to: Lesley Greenway: "Server Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Dennis Balogh" <posttest@nospam_yahoo.com> Date: Fri, 21 Feb 2003 03:05:15 +0100
Lesley Greenway wrote:
> I am seeking your recommendations regarding our office:
>
>
> We have a small business with one Windows 2000 Server running AD. The
> server is a file/print server and also serves a small Maximizer
> database.
>
> We have 10 client workstations running mostly Windows 2000 and a few
> Windows
> 98.
>
> The server is not a web, ftp, or a mail server.
>
> The only reason the server would need internet access is to run
> Windows Update and to nightly connect to an online backup provider.
>
> The server currently has only one NIC, but I could easily add another
> one.
>
> The network has internet access through a 3Com ADSL router running
> NAT.
>
> I have disabled Netbios over TCP/IP on the server's NIC, but this
> screws up browsing in Nethood, although mapping drives still work.
>
> Based on this setup, can you recommend ways to keep this server
> secure from Internet hackers. Please be specific as to brands etc of
> software/hardwall firewalls and any other suggestions.
>
> Thank you for your time.
>
> Lesley
First I would add some sort of hardware firewall between the router and your
network to protect not only the server but also the rest of the network. I
use a 3Com OfficeConnect firewall in my network. This, I believe, is a
re-branded SonicWall product and they have an online demo of the web based
administration on their web site (www.sonicwall.com). They come in different
sizes depending on your needs and I found the administration quite easy to
grasp even for a first timer as I was when I first set it up. I am sure
there are plenty of other brands that work just as well. I prefer a hardware
firewall (I actually use a combination of hardware and software firewall -
MS ISA server) as my first line of defence since they are less likely to
crash or be tampered with.
Second I would make sure that I have a modern up-to-date anti-virus package
on all machines. Making your network hard to penetrate from the outside is
not enough if you have security issues on the inside. Considering that you,
as you describe it, don't have the need to expose any services like mail or
FTP to the Internet, as long as your firewall is properly configured you
would be reasonably safe from a direct assault from the outside. But you
would still be vulnerable to Trojans received for instance through e-mail.
I use a combination of different Trend Micro anti-virus products and they
are very good. It's almost a case of 'set and forget', they run themselves.
I have also heard good things about Symantec/Norton. Previously I used
McAffee but that was an administrative nightmare. When looking for software
I usually set up a test environment and download trial versions from several
vendors before I decide.
To sum it up; my first priority when I look for stuff like this is that it's
good and does the job (at a reasonable price). But as close second I look
for products that are easy to administer. A lot of products do a good job
but not all are friends of the administrator.
-- Dennis B.
- Next message: Karl Levinson [x y] mvp: "Re: Permission from Microsoft word"
- Previous message: Shawn Shepherd [MSFT]: "RE: Computer certificate renewal"
- In reply to: Lesley Greenway: "Server Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
