birenshukla
asked on
Protecting Server on a LAN with DSL connection
Hello,
Windows 2003 LAN, DSL connection, Linksys router, DSL router, Dlink switch. Of course the server has the role of DNS and DHCP and they(server&wks) all have private IP address.
If my server is plugged into one of the switch ports is it secure?
Dan I simply rely on the built in firewall on the Linksys Router?
On a seperate note, how can I restrict internet access to certain workstations in a DSL enviornment? From my research, I can point the internet excluded wks to point to invalid proxy address? Any other suggestions?
Can you point me to a link that explains how to setup a proxy server for the above enviornment?
What type of software firewall do you recommend to protect the server?
Thanks,
Biren
Windows 2003 LAN, DSL connection, Linksys router, DSL router, Dlink switch. Of course the server has the role of DNS and DHCP and they(server&wks) all have private IP address.
If my server is plugged into one of the switch ports is it secure?
Dan I simply rely on the built in firewall on the Linksys Router?
On a seperate note, how can I restrict internet access to certain workstations in a DSL enviornment? From my research, I can point the internet excluded wks to point to invalid proxy address? Any other suggestions?
Can you point me to a link that explains how to setup a proxy server for the above enviornment?
What type of software firewall do you recommend to protect the server?
Thanks,
Biren
ASKER
That is extremely helpful. I will have to test it out. That should answer my firewall question. However, I want to know what would somebody do, if they did not want to setup a proxy firewall.
There isnt much you could do... except install another f/wall on your machine.
Also, the proxy I told you above works exactly like a router, everything is transparent. you set up you IP addres similar to you IP address now while you are using your router and thats it... no other settings on your machines are required.
You will notice absolutly no difference (other than the fact that you shoudl be able to use P2P progs like kazaa, bittorrent etc)
I really do recommend going for this setup if your concious about security.
~Binks
Also, the proxy I told you above works exactly like a router, everything is transparent. you set up you IP addres similar to you IP address now while you are using your router and thats it... no other settings on your machines are required.
You will notice absolutly no difference (other than the fact that you shoudl be able to use P2P progs like kazaa, bittorrent etc)
I really do recommend going for this setup if your concious about security.
~Binks
correction:
(other than the fact that you **should't** be able to use P2P progs like kazaa, bittorrent etc)
(other than the fact that you **should't** be able to use P2P progs like kazaa, bittorrent etc)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
it is free to download, however it does require a dedicated machine (a P2 266 with 64MB and a 4GB HDD will do, you also need 2 or 3 networks cards depending on how you want to set it up)
smoothwall works like this:
you have 2 or 3 zones (depending on the nummber of network cards)
red zone is for the internet connection
orange is for DMZ (i.e. for webservers and mail servers ect)
and the green zone is for secured LAN
the green zone can talk to the oranger zone (not the other way unless you open ports up in the options)
and the red zone can only talk to the green zone if somone requests somthing (say a web page)
when you have setup the proxy machine, you dont need a kb/mouse/monitor attached to it because everything is done via web configuration from a remote machine.
you can download smoothwall 2.0 from www.smoothwall.org
it has a rather extensive admin/setup guide making it easy peasy to install and configure.
to install it, you burn the ISO onto a CD and boot from the CD (like installing windows)
the diagram of you network will oook somthing like this:
Modem/router
|
|(RED)
(ORANGE) | (GREEN)
external services servers ------ switch ------- smoothwall proxy----- switch -------------- computers
I hope this helps you out
~Binks