• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 269
  • Last Modified:

Protecting Server on a LAN with DSL connection

Hello,

Windows 2003 LAN, DSL connection, Linksys router, DSL router, Dlink switch. Of course the server has the role of DNS and DHCP and they(server&wks) all have private IP address.

If my server is plugged into one of the switch ports is it secure?
Dan I simply rely on the built in firewall on the Linksys Router?

On a seperate note, how can I restrict internet access to certain workstations in a DSL enviornment? From my research, I can point the internet excluded wks to point to invalid proxy address? Any other suggestions?

Can you point me to a link that explains how to setup a proxy server for the above enviornment?

What type of software firewall do you recommend to protect the server?

Thanks,
Biren
0
birenshukla
Asked:
birenshukla
  • 3
1 Solution
 
dr_binksCommented:
well I personally use 'Smoothwall 2.0' on both my home LAN and the LAN I am admin of at work.
it is free to download, however it does require a dedicated machine (a P2 266 with 64MB and a 4GB HDD will do, you also need 2 or 3 networks cards depending on how you want to set it up)

smoothwall works like this:

you have 2 or 3 zones (depending on the nummber of network cards)
red zone is for the internet connection
orange is for DMZ (i.e. for webservers and mail servers ect)
and the green zone is for secured LAN

the green zone can talk to the oranger zone (not the other way unless you open ports up in the options)
and the red zone can only talk to the green zone if somone requests somthing (say a web page)

when you have setup the proxy machine, you dont need a kb/mouse/monitor attached to it because everything is done via web configuration from a remote machine.

you can download smoothwall 2.0 from www.smoothwall.org

it has a rather extensive admin/setup guide making it easy peasy to install and configure.

to install it, you burn the ISO onto a CD and boot from the CD (like installing windows)

the diagram of you network will oook somthing like this:

                                                                                           Modem/router
                                                                                                 |
                                                                                                 |(RED)
                                (ORANGE)                                                   |                            (GREEN)
              external services servers     ------   switch   -------  smoothwall proxy----- switch -------------- computers

I hope this helps you out

~Binks
0
 
birenshuklaAuthor Commented:
That is extremely helpful.  I will have to test it out. That should answer my firewall question. However, I want to know what would somebody do, if they did not want to setup a proxy firewall.
0
 
dr_binksCommented:
There isnt much you could do... except install another f/wall on your machine.
Also, the proxy I told you above works exactly like a router, everything is transparent. you set up you IP addres similar to you IP address now while you are using your router and thats it... no other settings on your machines are required.
You will notice absolutly no difference (other than the fact that you shoudl be able to use P2P progs like kazaa, bittorrent etc)

I really do recommend going for this setup if your concious about security.

~Binks
0
 
dr_binksCommented:
correction:
 (other than the fact that you **should't** be able to use P2P progs like kazaa, bittorrent etc)
0
 
Rich RumbleSecurity SamuraiCommented:
If it were us, we'd set up a linux iptables firewall, or even use sygate or zonealarm to block the private ip range wanting to go to dst port 21,80,443 and 8080
If your linksys has the functionality to do this it be pretty easy.

Action   SourceIP  Sport    DestinationIP   Dport
Block 10.0.0.0        any     any               80
Block 10.0.0.0        any     any               443
Block 10.0.0.0        any     any               8080
Block 10.0.0.0        any     any               21
Allow 10.1.2.3        any      any            any  <--- this would be your server
you could also be more precise with certain workstations
Block 10.1.2.5        any     any               80
Block 10.1.2.6        any     any               80
-rich


0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now