kelpere
asked on
DSL Cable to a Switch
Hi guys,
My office network has 40 nodes connected to a Win 2K network.
My company recently moved to Broadband Connection with 6 static IPs . The ISP provided us with a ' Great Speed R205S' DSL Router. I connected the router directly to the switch. In the LAN settings of the router I have assigned an internal IP as the secondary IP address. (say IP-1). I have a proxy server (with an internal Ip say IP-2) using a third party tool called Wingate to share the Internet Connection. Now my question is how the Internet Connection can be made available to clients? How does my proxy server detects the connection? Is there a real need to use a Proxy Server in such a scenario? Will enabling NAT on the DSL Router settings do the needful. PLs pls guys out there help me. How can i share this internet connection among my LAN users.
Thanks in advance
Seige
My office network has 40 nodes connected to a Win 2K network.
My company recently moved to Broadband Connection with 6 static IPs . The ISP provided us with a ' Great Speed R205S' DSL Router. I connected the router directly to the switch. In the LAN settings of the router I have assigned an internal IP as the secondary IP address. (say IP-1). I have a proxy server (with an internal Ip say IP-2) using a third party tool called Wingate to share the Internet Connection. Now my question is how the Internet Connection can be made available to clients? How does my proxy server detects the connection? Is there a real need to use a Proxy Server in such a scenario? Will enabling NAT on the DSL Router settings do the needful. PLs pls guys out there help me. How can i share this internet connection among my LAN users.
Thanks in advance
Seige
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
With NAT enabled you are pretty safe because hackers cannot address your internal clients IP addresses because the only address they can see is that of the public interface.
You need to make sure that you have a good password (long and difficult) for administration login on your DSL router and disable 'remote administration' if that feature is shown. Also disable "ping requests from the Internet" for a bit of added safety.
If your router doesn't provide firewall features then get one that does. Do not rely on 'home' software firewalls. You could get an Ethernet WAN router with firewall and connect the WAN port to your existing router and the LAN port to your existing switch or you could replace your existing WAN router with one with an integral firewall.
The default security on *most* routers will block incoming traffic from the Internet but allow outgoing web requests, FTP, SMTP, POP3 and Telnet. Other outgoing requests will also be blocked.
As this is a corporate LAN I wouldn't stand for any use of software that requires firewall security to be reduced - such as MS Messenger. Some routers provide a feature called UPNP which will allow the router to be configured automatically by such software - disable this unless you really have to use it because it opens up your firewall protection - albeit in a reasonably well controlled way. There are also router features which allow certain machines to be classed as servers accessible from the outside world and possibilities to configure certain internal addresses as being in a DMZ (ie bypassing all security) - DON'T do it unless you have extra firewalls between local PC's and the DMZ or server.
If you have 40 clients - are you using a mail server - such as MS Exchange? You should be! Keep it and all the machines up to date with ALL security patches and forget about software based anti-virus software. Make sure you are using IE 6, Outlook 2000 or Outlook Express 6 or above software for e-mails and ensure security updates are applied.
You need to make sure that you have a good password (long and difficult) for administration login on your DSL router and disable 'remote administration' if that feature is shown. Also disable "ping requests from the Internet" for a bit of added safety.
If your router doesn't provide firewall features then get one that does. Do not rely on 'home' software firewalls. You could get an Ethernet WAN router with firewall and connect the WAN port to your existing router and the LAN port to your existing switch or you could replace your existing WAN router with one with an integral firewall.
The default security on *most* routers will block incoming traffic from the Internet but allow outgoing web requests, FTP, SMTP, POP3 and Telnet. Other outgoing requests will also be blocked.
As this is a corporate LAN I wouldn't stand for any use of software that requires firewall security to be reduced - such as MS Messenger. Some routers provide a feature called UPNP which will allow the router to be configured automatically by such software - disable this unless you really have to use it because it opens up your firewall protection - albeit in a reasonably well controlled way. There are also router features which allow certain machines to be classed as servers accessible from the outside world and possibilities to configure certain internal addresses as being in a DMZ (ie bypassing all security) - DON'T do it unless you have extra firewalls between local PC's and the DMZ or server.
If you have 40 clients - are you using a mail server - such as MS Exchange? You should be! Keep it and all the machines up to date with ALL security patches and forget about software based anti-virus software. Make sure you are using IE 6, Outlook 2000 or Outlook Express 6 or above software for e-mails and ensure security updates are applied.
After setting it all up you can run 'Shields Up' (https://grc.com) which will check out your security. Then you can sleep pretty well at night.
ASKER
Thanks for your response. I configured NAT on my DSL router and assigned the IP of the router as the gateway of all client PCs( when i say client it is my internal LAN client). Now all the clients can access the Internet Connection. As per your concluding session of the email - that is what i need exactly. I need the connection available on only the Proxy Server (either ISA or any third party tool like Wingate) and all machine access this proxy server as the internet gateway. But after reading your letter i think thats pretty complicated and kind of isolated.
Now am concerned about the security issue. How safe it is to connect the DSL cable directly to my LAN switch. Can hackers access my network and likewise? Pls provide me with some info as to what all areas i need to be careful. Am not using any firewall. My only security is Symantec Antivirus! PLs advise