nmcdermaid
asked on
Setting up a business server at home.
Hi Experts,
I come from a Database and Application development background so networks aren't my expertise.
I am considering setting up a server for my company. We are a 'distributed' company. We work from home and the only centralised data we currently have is our emails with our ISP.
What I want:
---------------
I want to set up a server in my home office which has the following apps:
Email (probably Exchange)
Some kind of groupware eg Sharepoint
Some kind of knowledge base/file sharing system
A bunch of demo web apps
The idea is that we can have a private business area for our employees as well as a pubilc client area where we show off demos.
What I have:
---------------
I have broadband at home which passes through a Wireless Netgear router (with non-functioning wireless but that is another story)
I currently have the router at default settings.... block all incoming ports except for the usual filesharing ones.
What I want to know
-------------------------
I don't know enough about security. Is there a way to put some kind of digital certificate on each authorised laptop and thereby restrict access to business functions etc. How does that work?
Can I get some kind of certificate server or something.
At some sites I've used Check Point, is that more secure or something?
Also any info on Service Providers and Linux as alternatives are appreciated.
Thanks for your help.
I come from a Database and Application development background so networks aren't my expertise.
I am considering setting up a server for my company. We are a 'distributed' company. We work from home and the only centralised data we currently have is our emails with our ISP.
What I want:
---------------
I want to set up a server in my home office which has the following apps:
Email (probably Exchange)
Some kind of groupware eg Sharepoint
Some kind of knowledge base/file sharing system
A bunch of demo web apps
The idea is that we can have a private business area for our employees as well as a pubilc client area where we show off demos.
What I have:
---------------
I have broadband at home which passes through a Wireless Netgear router (with non-functioning wireless but that is another story)
I currently have the router at default settings.... block all incoming ports except for the usual filesharing ones.
What I want to know
-------------------------
I don't know enough about security. Is there a way to put some kind of digital certificate on each authorised laptop and thereby restrict access to business functions etc. How does that work?
Can I get some kind of certificate server or something.
At some sites I've used Check Point, is that more secure or something?
Also any info on Service Providers and Linux as alternatives are appreciated.
Thanks for your help.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
A simpler way will be, put on a user/password authentication mechanism in your web applications, so that only users with the right password can access in. This also does not require the use of certificates.
The certificate server will generate a pair of private key and public key. The client should have a copy of the public key that match with the private key on the server.
ASKER
So if I set up Exchange web access (with login/passwrd), that should have sufficient security?
I'm just worried that there may be ways to hack my server if I don't get the security right, with all these web apps!
I'm just worried that there may be ways to hack my server if I don't get the security right, with all these web apps!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your help guys, its been very enlightening.
ASKER
How about if I just had a web client for all the apps, and just use the web rather than a VPN? That way I don't have to install any software on the laptops.
I seem to recall that there was a Microsoft VPN driver but I don't know if its the IPSEC one.
Regarding the certificate/key thing. In both cases we have a server which hands out a file which is copied on to the laptop, is that right?