?
Solved

Inet Security for Windows Small Business Server 2003

Posted on 2006-04-17
3
Medium Priority
?
280 Views
Last Modified: 2013-11-16
Greetings all,

I'm a total newbie at MS Small Biz Server.  I know enough about networking to be dangerous to myself and those around me.

The MS instructions seem to be incomprehensible murk.

Many questions:  What is the best (most secure) way to hook our new server up the the Internet?  Right now, it's behind a Symantec Security Appliance.  The serever has 2 NICs.  We want to host our own SSL extranet, as well as have ftp, mail, & etc.

Hardware firewall a good idea?  If yes, then which one?  Will the Symantec work?  Or would a Cisco PIX or NetScreen 5GT (or something else) be better?

We have purchased 5 fixed IPs.  A regular website would use one of the IPs.  The SSL extranet uses another.  How do you do the routing so that a user can get through to the correct IP?

Thanks in advance,

/RO/

0
Comment
Question by:raortman
  • 2
3 Comments
 
LVL 4

Expert Comment

by:MichaelPro
ID: 16474104
Yes my suggestion is that your front-end to the internet to be a hardware-based Firewall, such as Cisco PIX. you can have proxy servers inside your network later but you want to make sure your internet side is as bullet-proof as possible. With cisco PIX you can allow certain ports to be mapped to certain servers (e.g. mail/ftp/mail) or you can setup your own DMZ.

whatever way you choose, you need to configure your firewall (software or hardware doesn't make any difference) to allow the port 80 (for web) , 21/20 ( for ftp), and 443 for SSL. Mail is SMTP 25 and POP 110. each one of these ports has to be mapped to certain server inside your network. It is preferred that your inside network use an intranet IP address instead of Public (Router will identify which server it goes to by the port address - for example if an incomming mail hits the CiscoPIX, it reaches there in port 25, Cisco then knows to send port 25 traffic to server inside your network 192,168,1,6).

hope this helps

thanks,
Michael
www-e-charts.com
0
 

Author Comment

by:raortman
ID: 16474260
Hi Michael,

Yes.  Your comment helps.  

Is there anything about the Cisco that should make me want to abandon my (brand new) Symantec Gateway Security 360 router?  Or can I do everything that needs to be done with the Symantec appliance?  It's very programmable.

Also, I just completely don't understand how different WAN IPs are routed to specific services on the server--through the firewall.  

If we were hooking the server up directly to the net, we could put all 5 of our new fixed IPs into its NIC.  

But the Symantec router seems to work with only 2 IPs:  the Gateway IP and the first static IP from our ISP.

 Can we (should we) assign different IPs to different services on the server?  One to email.  One to ftp, and etc?

Many thanks,

/RO/
0
 
LVL 4

Accepted Solution

by:
MichaelPro earned 1000 total points
ID: 16479812
Ro,
If you already have Symantec Gateway 360 and are comfortable configuring it, that should be good enough. however, i haven't worked with this specific model so i'm not sure if it meets your peformance needs. If you know how to configure this one, my suggestion would be to stick with Symantec one since configuring Cisco would take some time if you are not used to it. Generally, any VPN router would work for you even if you buy a a cheap linksys one but Cisco (or other business products) work like a clock and Linksys doesn't.  

Let me know if you need any more info

Thanks,
Michael
www.e-charts.com
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
With more and more companies allowing their employees to work remotely, it begs the question: What are some of the security risks involved with remote employees and what actions should we take to secure them?
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question