Firewall, Proxy et al in Server 2000

Posted on 2006-05-12
Last Modified: 2010-04-13
I've taken on an old client of mine from 15 years ago back on board. They have extremely good luck, thus have never really had the lessons of security failures teaching them to invest in things like firewalls, antivirus, etc. I am building a new server to replace their 6 year old P3 system and they have chosen to use Windows 2000 server again.  

I've not worked in this sort of environment before ( normally one would have a hardware firewall, AV, Webroot or something similar, IDS perhaps... ) and had a couple of questions :

1: How can I tell if W2K Server is currently being used as a firewall? ( I recall this was possible but have never
    tried it out )
2: How can I tell if W2K Server is currently being used as a proxy?
3: Wasn't there some form of web accelleration capability in W2K Server?

I'm fairly certain these folks will not wish to invest in any hardware or software for the time being. I've advised them of the risks of doing so but still wish to do what I can to 'secure' them with W2K Server. ( I'll be checking the ADSL router to see if it has any firewall capabilities )

Thank you for any insights.

Question by:Bluewhale042399
    LVL 5

    Accepted Solution

    If the W2k server is being used for NAT which is a poorman's firewall it will have two network cards enable.  

    One with a public ip address and the other with a private ip address.  The workstations will have the their gateway set to the private ip address of the server and then the server will forward the internet request.  

    If you would like to set a little security you can configure the port filtering under the advanced tab of the tcp/ip properties of the network card.  Only enable ports that you want to be able to access from the outside.  

    If you do not need any access from the outside you can block all of the ports.

    There are also many 3rd party proxy server products available.  

    If the customer isn't willing to spend as little as 600.00 dollars on a cisco pix 501 then they shouldn't even have computers.  If they are going to buy a new server tell them to buy a cisco pix and not have the server open to the internet.  It will cost them way more in the long run trying to keep the server clean.



    Author Comment

    I totally agree.  And they will probably start doing so as I keep nudging them that way and as money starts coming in again. ( the tech they had the last 5-10 years apparently would call them back days or a week later ! )  In the interim I do what I can.

    Usually these types of clients get the hint after I point out that they paid me for labor hours, repeatedly, which could have been avoided by having decent hardware and software in the first place. :]

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Join & Write a Comment

    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now