Solved

2003 Server with an interface on the internet

Posted on 2006-11-02
7
253 Views
Last Modified: 2013-12-04
In a couple places I have run across Windows Servers sitting directly on the internet with routable IPs on 1 interface and internal Ips on another.   The person that has done this says that it is perfectly fine and safe.  I have a hard time beleiving that to be true, what would be the point of firewalls if that was the case.

So my question is, is that really a good idea and if not why?
0
Comment
Question by:InvisibleTerror
7 Comments
 
LVL 12

Expert Comment

by:gidds99
ID: 17861885
0
 
LVL 12

Expert Comment

by:gidds99
ID: 17861910
Firewalls provide additional security and can provide valuable defence where a Windows Server is not adequately secured (or as an additional layer of network security for Internet facing Windows Servers).
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 17862078
if by 'directly' you mean there is no router/firewall between the internet and the server, then you are correct that the setup isn't secure at all.  nothing you do on the server to 'protect' it really does much good since the 'offender' has already hit the server.  that is what the firewall/router needs to prevent.

0
New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

 

Author Comment

by:InvisibleTerror
ID: 17862420
Yes that is exactly what I mean.
0
 
LVL 9

Expert Comment

by:FixingStuff
ID: 17863123
Agreeing with mikeleebrla ... if indeed the second interface is a direct connect to a router without ACLs and/or firewall in place, this is just as bad a the primary NIC connected to a router with a public IP.  Does the gateway IP route to the "unsecure" NIC? One would assume so or else it would be useless for internet traffic.  Go here and run SheildsUP from the server to check open ports, etc, then show the person:
www.grc.com
FS-
0
 
LVL 8

Expert Comment

by:RevelationCS
ID: 17867145
what you describe above sounds like a proxy/load balancing type environment. If properly secured with firewalls and intrusion detection (internal and external for both), then it is safe to use that method. Using a proxy method to hide your internal network schema is typically a recommended practice as it makes it harder for an external hacker to gain access to the servers as they need to compromise both the external proxy (the hardware with the external IP address) along with the internal machine. Firewalls place more of a difficulty level on that as they would also have to compromise the firewalls.
0
 
LVL 7

Accepted Solution

by:
CharliePete00 earned 125 total points
ID: 17869064
A Windows server is a general purpose machine.  By default it posses all of the necessary instructions to provide a wide range of services (file, print, dns, web, aplication, routing, etc.) and is designed to execute applications.  They also designed to be dynamic and may be configured to act in just about any role.  A dedicated firewall, on the other hand, is designed for a specifc purpose, limiting and controlling network traffic, and only contains the necessary instructions for the tasks it was designed for.  If security is compromised on a firewall it's difficult to get it to act like anything but a firewall.  If security is compromised on a Windows server you can make it act like just about anything.  While you may be able to secure a Windows server to the point it can be deemed "safe" to expose to the Internet the consequences of any compromises of its security can be pretty severe.  It's always good practice to place a standoff device like a firewall between your servers and the outside world.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Was laptop hacked? 11 90
File audit / tracking software 3 83
Why can't I delete this folder? 6 94
Changing Passwords for  Windows and Linux servers  in bulk 7 61
Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now