• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 183
  • Last Modified:

Firewall, Proxy et al in Server 2000

I've taken on an old client of mine from 15 years ago back on board. They have extremely good luck, thus have never really had the lessons of security failures teaching them to invest in things like firewalls, antivirus, etc. I am building a new server to replace their 6 year old P3 system and they have chosen to use Windows 2000 server again.  

I've not worked in this sort of environment before ( normally one would have a hardware firewall, AV, Webroot or something similar, IDS perhaps... ) and had a couple of questions :

1: How can I tell if W2K Server is currently being used as a firewall? ( I recall this was possible but have never
    tried it out )
2: How can I tell if W2K Server is currently being used as a proxy?
3: Wasn't there some form of web accelleration capability in W2K Server?

I'm fairly certain these folks will not wish to invest in any hardware or software for the time being. I've advised them of the risks of doing so but still wish to do what I can to 'secure' them with W2K Server. ( I'll be checking the ADSL router to see if it has any firewall capabilities )

Thank you for any insights.


   
0
Bluewhale042399
Asked:
Bluewhale042399
1 Solution
 
centrepcCommented:
If the W2k server is being used for NAT which is a poorman's firewall it will have two network cards enable.  

One with a public ip address and the other with a private ip address.  The workstations will have the their gateway set to the private ip address of the server and then the server will forward the internet request.  

If you would like to set a little security you can configure the port filtering under the advanced tab of the tcp/ip properties of the network card.  Only enable ports that you want to be able to access from the outside.  

If you do not need any access from the outside you can block all of the ports.

There are also many 3rd party proxy server products available.  

If the customer isn't willing to spend as little as 600.00 dollars on a cisco pix 501 then they shouldn't even have computers.  If they are going to buy a new server tell them to buy a cisco pix and not have the server open to the internet.  It will cost them way more in the long run trying to keep the server clean.





 

0
 
Bluewhale042399Author Commented:
I totally agree.  And they will probably start doing so as I keep nudging them that way and as money starts coming in again. ( the tech they had the last 5-10 years apparently would call them back days or a week later ! )  In the interim I do what I can.

Usually these types of clients get the hint after I point out that they paid me for labor hours, repeatedly, which could have been avoided by having decent hardware and software in the first place. :]
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now