Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 226
  • Last Modified:

protecting servers from internal clients

hi

i want to protect servers from internal clients i have nearly 15 servers to protect whats the best way to do

i have 2 domain controllers an exchange server and the remaining web servers with cisco 6509,4506,2950,switches.

is it possible  my clients to access only required ports
for logon authentication, dns,web access
i thought of implementing vlan but people told that having
same ip address scheme will not work on vlan my ip scheme is 145.17.3.1 to 145.17.10.254/16 servers,clients all comes under this scheme. does vlan wont work on same ip scheme.
what is the best way to prevent my severs from client
0
kvkvamsi
Asked:
kvkvamsi
2 Solutions
 
hstilesCommented:
Your DCs and web servers have significantly different access requirements.

If it were me, I would move the 13 web servers to a secure subnet behind a firewall (DMZ) and configure access rules on the firewall to seriously restrict internal access to those machines.  Are they domain members or strandalone machines?

I would then use the SCW on Windows 2003 SP1 (assuming that's what you're running) to secure the web servers and DCs.


0
 
LanBuddhaCommented:
I would invest some time learning IPSec on windows. You can created IPSec rules that will allow only certain ports to be used with certain clients.

http://www.microsoft.com/technet/network/ipsec/default.mspx

The security configuration wizard will help with some of this.
0
 
Computer101Commented:
Forced accept.

Computer101
EE Admin
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now