• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 191
  • Last Modified:

Advice needed to secure my server

I am going to setup a server at my office for business use, I am going to use it as webserver , mail server and SQL server. the OS is  windows server 2003 small business edition premium.
my question is what is the best solution to secure my server from internet hackers and attacks ?
currently I am using linksys WRTP54G router which has a built in firewall, but I dont know if it is enough or not ? do I need to buy a hardware firewall to protect my server or software firewalls would do well ? and if I need to buy a hardware or software firewall , what do u suggest ?
Regards
0
fifthelement80
Asked:
fifthelement80
3 Solutions
 
billwhartonCommented:
I haven't seen any Linksys or Netgear firewalls to be very strong from lab tests. Judging from the resources you are going to want to protect on that single server, you should go with an either best of breed or 2nd best of breed solution

Best of breed:
PIX, CheckPoint, Juniper/Netscreen


2nd best of breed
Watchguard

You should definitely go with a hardware firewall and the new PIX firewall version comes with a very good GUI. From my experience, Watchguard firewalls also do a pretty good job and aren't too difficult to manage. If you aren't confident of setting up one yourself, have a consultant do it for you. Once installed, you may not need too many changes after that.
0
 
jabiiiCommented:
Bill pretty much pegged it.
All three are good options. If you've got nothing but money you could also go to super best of breed and go with Sidewinder, but they are really pricey. and more for an enterprise solution.

Also when it comes to business practices, There are 2 main ones. Security in debth, meaning multiple layers of security, like a hardware FW and software, or FW and router etc etc. and the other is Deny by default, allow by exception. meaning you only allow the traffic that is needed and there has been a reason established as to why to open it.

Here is some info to help make your decision if you want to buy a FW..

Personally I would recommend a Juniper Netscreen
https://www.juniper.net/products/integrated/

Here is a Firewall learning guide, to help out with some of the what they do's.
http://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1093527,00.html?track=NL-422&ad=548051USCA

Here is a buying guide for FW's it can help you decide.
https://www.juniper.net/solutions/literature/buyer_guide/710008.pdf

Here's some 3rd party studies of FW's
http://www.cs.nmt.edu/~cs491_02/IA/firewall%20performance_files/0312rev.htm

2006 Products of the year
http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1160468_tax299825,00.html?track=NL-20&ad=543466&adg=299807

2005
http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1041739,00.html


Hope it helps,

Jim
0
 
bltztechCommented:


Take a look at the SonicWall TZ170 Wireless Router / VPN / Firewall at http://www.sonicwall.com/products/tz170_wireless.html

The SonicWall TZ 170 Wireless is a total security platform delivering enterprise-class wired and wireless security to small networks. It integrates secure 802.11b/g wireless, deep packet inspection firewall and VPN technologies in an effective, easy-to-use solution. It features an integrated 5-port auto-MDIX switch with a designated 802.3 PoE port and a user-defined optional port that can be configured as a second LAN, a second WAN or DMZ for added network configuration flexibility. The TZ 170 Wireless can be easily managed remotely or globally using Sonic Wall’s Global Management System. Utilizing Sonic Wall’s feature-rich SonicOS operating system, this device provides total security solution for simple, reliable and flexible networks. SonicOS Standard allows rapid deployment in basic networks with a user-friendly Web interface and powerful wizards. Network administrators can create multiple zones of access - for wired and wireless workers as well as guest wireless users - offering a high level of control without compromising network security.

Product Highlights
•      Combines secure 802.11b/g wireless, deep packet inspection firewall and VPN technologies – all in one device
•      Integrated 5-Port MDIX Switch allows multiple home or office computers to be networked together
•      Global Management System provides tools for simplified configuration, enforcement and management of global security policies, VPN and services — from a central location
•      Delivers excellent performance with 90 Mbps Stateful Packet Inspection Firewall and 30+ Mbps 3DES and AES VPN throughput
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now