Improve company productivity with a Business Account.Sign Up

x
?
Solved

protecting servers from internal clients

Posted on 2006-11-26
4
Medium Priority
?
230 Views
Last Modified: 2013-12-04
hi

i want to protect servers from internal clients i have nearly 15 servers to protect whats the best way to do

i have 2 domain controllers an exchange server and the remaining web servers with cisco 6509,4506,2950,switches.

is it possible  my clients to access only required ports
for logon authentication, dns,web access
i thought of implementing vlan but people told that having
same ip address scheme will not work on vlan my ip scheme is 145.17.3.1 to 145.17.10.254/16 servers,clients all comes under this scheme. does vlan wont work on same ip scheme.
what is the best way to prevent my severs from client
0
Comment
Question by:kvkvamsi
3 Comments
 
LVL 13

Accepted Solution

by:
hstiles earned 400 total points
ID: 18020305
Your DCs and web servers have significantly different access requirements.

If it were me, I would move the 13 web servers to a secure subnet behind a firewall (DMZ) and configure access rules on the firewall to seriously restrict internal access to those machines.  Are they domain members or strandalone machines?

I would then use the SCW on Windows 2003 SP1 (assuming that's what you're running) to secure the web servers and DCs.


0
 
LVL 2

Assisted Solution

by:LanBuddha
LanBuddha earned 400 total points
ID: 18042393
I would invest some time learning IPSec on windows. You can created IPSec rules that will allow only certain ports to be used with certain clients.

http://www.microsoft.com/technet/network/ipsec/default.mspx

The security configuration wizard will help with some of this.
0
 
LVL 1

Expert Comment

by:Computer101
ID: 21101082
Forced accept.

Computer101
EE Admin
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Watch the video to learn how one can deal with PST file corruption issue with an outstanding Kernel for Outlook PST Repair Tool easily. Using this tool, non-technical users can swiftly perform the repair process to restore their essential data witho…
Through the video, you can check the migration process of Outlook PST file to PDF. Kernel for Outlook to PDF tool can convert Outlook emails with all attributes like Subject, To, From, Cc, Bcc and other folders such as Inbox, Outbox, Sent Items, Jun…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question