?
Solved

Protecting Server on a LAN with DSL connection

Posted on 2005-03-17
5
Medium Priority
?
261 Views
Last Modified: 2013-12-04
Hello,

Windows 2003 LAN, DSL connection, Linksys router, DSL router, Dlink switch. Of course the server has the role of DNS and DHCP and they(server&wks) all have private IP address.

If my server is plugged into one of the switch ports is it secure?
Dan I simply rely on the built in firewall on the Linksys Router?

On a seperate note, how can I restrict internet access to certain workstations in a DSL enviornment? From my research, I can point the internet excluded wks to point to invalid proxy address? Any other suggestions?

Can you point me to a link that explains how to setup a proxy server for the above enviornment?

What type of software firewall do you recommend to protect the server?

Thanks,
Biren
0
Comment
Question by:birenshukla
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 5

Expert Comment

by:dr_binks
ID: 13569131
well I personally use 'Smoothwall 2.0' on both my home LAN and the LAN I am admin of at work.
it is free to download, however it does require a dedicated machine (a P2 266 with 64MB and a 4GB HDD will do, you also need 2 or 3 networks cards depending on how you want to set it up)

smoothwall works like this:

you have 2 or 3 zones (depending on the nummber of network cards)
red zone is for the internet connection
orange is for DMZ (i.e. for webservers and mail servers ect)
and the green zone is for secured LAN

the green zone can talk to the oranger zone (not the other way unless you open ports up in the options)
and the red zone can only talk to the green zone if somone requests somthing (say a web page)

when you have setup the proxy machine, you dont need a kb/mouse/monitor attached to it because everything is done via web configuration from a remote machine.

you can download smoothwall 2.0 from www.smoothwall.org

it has a rather extensive admin/setup guide making it easy peasy to install and configure.

to install it, you burn the ISO onto a CD and boot from the CD (like installing windows)

the diagram of you network will oook somthing like this:

                                                                                           Modem/router
                                                                                                 |
                                                                                                 |(RED)
                                (ORANGE)                                                   |                            (GREEN)
              external services servers     ------   switch   -------  smoothwall proxy----- switch -------------- computers

I hope this helps you out

~Binks
0
 

Author Comment

by:birenshukla
ID: 13569543
That is extremely helpful.  I will have to test it out. That should answer my firewall question. However, I want to know what would somebody do, if they did not want to setup a proxy firewall.
0
 
LVL 5

Expert Comment

by:dr_binks
ID: 13569747
There isnt much you could do... except install another f/wall on your machine.
Also, the proxy I told you above works exactly like a router, everything is transparent. you set up you IP addres similar to you IP address now while you are using your router and thats it... no other settings on your machines are required.
You will notice absolutly no difference (other than the fact that you shoudl be able to use P2P progs like kazaa, bittorrent etc)

I really do recommend going for this setup if your concious about security.

~Binks
0
 
LVL 5

Expert Comment

by:dr_binks
ID: 13570327
correction:
 (other than the fact that you **should't** be able to use P2P progs like kazaa, bittorrent etc)
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 200 total points
ID: 13571223
If it were us, we'd set up a linux iptables firewall, or even use sygate or zonealarm to block the private ip range wanting to go to dst port 21,80,443 and 8080
If your linksys has the functionality to do this it be pretty easy.

Action   SourceIP  Sport    DestinationIP   Dport
Block 10.0.0.0        any     any               80
Block 10.0.0.0        any     any               443
Block 10.0.0.0        any     any               8080
Block 10.0.0.0        any     any               21
Allow 10.1.2.3        any      any            any  <--- this would be your server
you could also be more precise with certain workstations
Block 10.1.2.5        any     any               80
Block 10.1.2.6        any     any               80
-rich


0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses
Course of the Month8 days, 3 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question