Setting up a business server at home.

Hi Experts,

I come from a Database and Application development background so networks aren't my expertise.

I am considering setting up a server for my company. We are a 'distributed' company. We work from home and the only centralised data we currently have is our emails with our ISP.


What I want:
---------------

I want to set up a server in my home office which has the following apps:

Email (probably Exchange)
Some kind of groupware eg Sharepoint
Some kind of knowledge base/file sharing system
A bunch of demo web apps

The idea is that we can have a private business area for our employees as well as a pubilc client area where we show off demos.



What I have:
---------------

I have broadband at home which passes through a Wireless Netgear router (with non-functioning wireless but that is another story)

I currently have the router at default settings.... block all incoming ports except for the usual filesharing ones.



What I want to know
-------------------------

I don't know enough about security. Is there a way to put some kind of digital certificate on each authorised laptop and thereby restrict access to business functions etc. How does that work?

Can I get some kind of certificate server or something.

At some sites I've used Check Point, is that more secure or something?

Also any info on Service Providers and Linux as alternatives are appreciated.


Thanks for your help.


LVL 30
nmcdermaidAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ppfoongCommented:


Yes, you can form an IPSec VPN network to interconnect each other, using either certificate or pre-shared secret key.

You will need a firewall with IPSec VPN server feature running at your site, and the remote laptops installed with VPN client such as SoftRemote or CheckPoint SecureClient.

Example of supported firewall is Cyberguard SG series http://www.cyberguard.com/products/firewall/index.html.

nmcdermaidAuthor Commented:
Thanks very much for that.

How about if I just had a web client for all the apps, and just use the web rather than a VPN? That way I don't have to install any software on the laptops.


I seem to recall that there was a Microsoft VPN driver but I don't know if its the IPSEC one.

Regarding the certificate/key thing. In both cases we have a server which hands out a file which is copied on to the laptop, is that right?


ppfoongCommented:

A simpler way will be, put on a user/password authentication mechanism in your web applications, so that only users with the right password can access in. This also does not require the use of certificates.

The certificate server will generate a pair of private key and public key. The client should have a copy of the public key that match with the private key on the server.


Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

nmcdermaidAuthor Commented:
So if I set up Exchange web access (with login/passwrd), that should have sufficient security?

I'm just worried that there may be ways to hack my server if I don't get the security right, with all these web apps!
SuperCoreyCommented:
Go order a server and have Windows 2003 Small Business installed on it. If you get the premium edition it'll give you IAS as well. You can use you router to block most of the port, leaving open the ones you want. You can use IAS to further enhance the security. You can setup group policy to require IPSEC for all communications on the network, using your SBS server as a cert authority for your own use.

You can easily setup Outlook Web Access for other people to check mail, using SSL if you want.

cd.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nmcdermaidAuthor Commented:
Thanks for your help guys, its been very enlightening.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.