Solved

protecting servers from internal clients

Posted on 2006-11-26
4
222 Views
Last Modified: 2013-12-04
hi

i want to protect servers from internal clients i have nearly 15 servers to protect whats the best way to do

i have 2 domain controllers an exchange server and the remaining web servers with cisco 6509,4506,2950,switches.

is it possible  my clients to access only required ports
for logon authentication, dns,web access
i thought of implementing vlan but people told that having
same ip address scheme will not work on vlan my ip scheme is 145.17.3.1 to 145.17.10.254/16 servers,clients all comes under this scheme. does vlan wont work on same ip scheme.
what is the best way to prevent my severs from client
0
Comment
Question by:kvkvamsi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 13

Accepted Solution

by:
hstiles earned 100 total points
ID: 18020305
Your DCs and web servers have significantly different access requirements.

If it were me, I would move the 13 web servers to a secure subnet behind a firewall (DMZ) and configure access rules on the firewall to seriously restrict internal access to those machines.  Are they domain members or strandalone machines?

I would then use the SCW on Windows 2003 SP1 (assuming that's what you're running) to secure the web servers and DCs.


0
 
LVL 2

Assisted Solution

by:LanBuddha
LanBuddha earned 100 total points
ID: 18042393
I would invest some time learning IPSec on windows. You can created IPSec rules that will allow only certain ports to be used with certain clients.

http://www.microsoft.com/technet/network/ipsec/default.mspx

The security configuration wizard will help with some of this.
0
 
LVL 1

Expert Comment

by:Computer101
ID: 21101082
Forced accept.

Computer101
EE Admin
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Excel file "Document not saved" 8 145
Botnet detection help me please 21 150
Department of Defense formating 3 26
80072efd error while checking for updates. 20 48
This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question