Advice needed to secure my server

Posted on 2006-05-07
Last Modified: 2013-11-16
I am going to setup a server at my office for business use, I am going to use it as webserver , mail server and SQL server. the OS is  windows server 2003 small business edition premium.
my question is what is the best solution to secure my server from internet hackers and attacks ?
currently I am using linksys WRTP54G router which has a built in firewall, but I dont know if it is enough or not ? do I need to buy a hardware firewall to protect my server or software firewalls would do well ? and if I need to buy a hardware or software firewall , what do u suggest ?
Question by:fifthelement80
    LVL 11

    Accepted Solution

    I haven't seen any Linksys or Netgear firewalls to be very strong from lab tests. Judging from the resources you are going to want to protect on that single server, you should go with an either best of breed or 2nd best of breed solution

    Best of breed:
    PIX, CheckPoint, Juniper/Netscreen

    2nd best of breed

    You should definitely go with a hardware firewall and the new PIX firewall version comes with a very good GUI. From my experience, Watchguard firewalls also do a pretty good job and aren't too difficult to manage. If you aren't confident of setting up one yourself, have a consultant do it for you. Once installed, you may not need too many changes after that.
    LVL 9

    Assisted Solution

    Bill pretty much pegged it.
    All three are good options. If you've got nothing but money you could also go to super best of breed and go with Sidewinder, but they are really pricey. and more for an enterprise solution.

    Also when it comes to business practices, There are 2 main ones. Security in debth, meaning multiple layers of security, like a hardware FW and software, or FW and router etc etc. and the other is Deny by default, allow by exception. meaning you only allow the traffic that is needed and there has been a reason established as to why to open it.

    Here is some info to help make your decision if you want to buy a FW..

    Personally I would recommend a Juniper Netscreen

    Here is a Firewall learning guide, to help out with some of the what they do's.,295582,sid14_gci1093527,00.html?track=NL-422&ad=548051USCA

    Here is a buying guide for FW's it can help you decide.

    Here's some 3rd party studies of FW's

    2006 Products of the year,289483,sid14_gci1160468_tax299825,00.html?track=NL-20&ad=543466&adg=299807


    Hope it helps,

    LVL 2

    Assisted Solution


    Take a look at the SonicWall TZ170 Wireless Router / VPN / Firewall at

    The SonicWall TZ 170 Wireless is a total security platform delivering enterprise-class wired and wireless security to small networks. It integrates secure 802.11b/g wireless, deep packet inspection firewall and VPN technologies in an effective, easy-to-use solution. It features an integrated 5-port auto-MDIX switch with a designated 802.3 PoE port and a user-defined optional port that can be configured as a second LAN, a second WAN or DMZ for added network configuration flexibility. The TZ 170 Wireless can be easily managed remotely or globally using Sonic Wall’s Global Management System. Utilizing Sonic Wall’s feature-rich SonicOS operating system, this device provides total security solution for simple, reliable and flexible networks. SonicOS Standard allows rapid deployment in basic networks with a user-friendly Web interface and powerful wizards. Network administrators can create multiple zones of access - for wired and wireless workers as well as guest wireless users - offering a high level of control without compromising network security.

    Product Highlights
    •      Combines secure 802.11b/g wireless, deep packet inspection firewall and VPN technologies – all in one device
    •      Integrated 5-Port MDIX Switch allows multiple home or office computers to be networked together
    •      Global Management System provides tools for simplified configuration, enforcement and management of global security policies, VPN and services — from a central location
    •      Delivers excellent performance with 90 Mbps Stateful Packet Inspection Firewall and 30+ Mbps 3DES and AES VPN throughput

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Join & Write a Comment

    Suggested Solutions

    Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    This video discusses moving either the default database or any database to a new volume.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now