Solved

protecting servers from internal clients

Posted on 2006-11-26
4
221 Views
Last Modified: 2013-12-04
hi

i want to protect servers from internal clients i have nearly 15 servers to protect whats the best way to do

i have 2 domain controllers an exchange server and the remaining web servers with cisco 6509,4506,2950,switches.

is it possible  my clients to access only required ports
for logon authentication, dns,web access
i thought of implementing vlan but people told that having
same ip address scheme will not work on vlan my ip scheme is 145.17.3.1 to 145.17.10.254/16 servers,clients all comes under this scheme. does vlan wont work on same ip scheme.
what is the best way to prevent my severs from client
0
Comment
Question by:kvkvamsi
4 Comments
 
LVL 13

Accepted Solution

by:
hstiles earned 100 total points
ID: 18020305
Your DCs and web servers have significantly different access requirements.

If it were me, I would move the 13 web servers to a secure subnet behind a firewall (DMZ) and configure access rules on the firewall to seriously restrict internal access to those machines.  Are they domain members or strandalone machines?

I would then use the SCW on Windows 2003 SP1 (assuming that's what you're running) to secure the web servers and DCs.


0
 
LVL 2

Assisted Solution

by:LanBuddha
LanBuddha earned 100 total points
ID: 18042393
I would invest some time learning IPSec on windows. You can created IPSec rules that will allow only certain ports to be used with certain clients.

http://www.microsoft.com/technet/network/ipsec/default.mspx

The security configuration wizard will help with some of this.
0
 
LVL 1

Expert Comment

by:Computer101
ID: 21101082
Forced accept.

Computer101
EE Admin
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question