• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1955
  • Last Modified:

Netgear WGR614 Firewall strength & network setup

I'm setting up a network for a small office w/ the following:
- Dell SC440 single NIC server with SBS 2003
(patient data will be stored on this server)
- 3 WinXP Pro desktops.

The internet connection will be verizon dsl modem w/ fixed ip - connected to a Netgear WGR614 v9, which is then connected to a Dell Powerconnect 2716 Switch (can be managed or unmanaged).  The switch connects each of the PC's above.

If I run this router with the firewalls enabled on the server and each desktop, how difficult is the system to breach? Is this secure?  I do plan to establish either Remote Web Workplace or VPN or both in the near future as well.

Also, given this setup, is it possible to assign the fixed IP to the server?  is this done on the Netgear router or on the Dell Switch?

Thanks.
0
erkwong
Asked:
erkwong
  • 2
  • 2
1 Solution
 
evanmcnallyCommented:
I think you'll find this answer helpful and very detailed:  http://www.experts-exchange.com/Networking/Misc/Q_21804033.html

In general terms your proposed setup can be very secure.  The most important thing is the configuration of your netgear router.  You will want to give the server a static IP address using the network control panel on the server, and then on the router you want to forward ports to the server's address.  For good security, you want to forward only ports required by services which will be remotely accessed.  So if you are not using a service, do not forward the port.  If your router has an option to make a machine on the network a DMZ host, you never ever want to use this feature.  

These are the ports used by SBS.

TCP port                                            Definition
25                                                  Email (SMTP)
80                                                   required for HTTP
requests for your site
443                                                 required for HTTPS
requests using SSL, which secures communications from your server and a Web
browser
444                                                Companyweb
4125                                               Remote Web Workplace
1723 (plus GRE Protocol 47)                VPN
3389                                               Terminal Services  
21                                                    FTP

Aside from network level security (firewalls, router), you need uptodate antivirus software on the server and PCs, and you should strongly consider setting all PCs and the server to automatically download and install updates from Microsoft.  Some people do not like automatic updating on servers because of the potential for something breaking.  If that's you, then perform regular manual updates without fail.
0
 
erkwongAuthor Commented:
Thanks for the reply -
Then with my setup, does my SBS server do the DHCP to the workstations, or does the router do all that work?  
I am reading SBS 2003 Unleashed, and I'm getting a bit confused on this issue, and now at the DNS config in chapter 5.  Is all this served by my sbs server, or by my ISP?  Apologies for the slew of newbie questions.
0
 
evanmcnallyCommented:
For remote desktop access to the PCs through SBS's remote desktop gateway, you need to let SBS do DHCP and turn off DHCP on the router.  Windows networks almost always work better when the server does DHCP, it's the best practice.

The server should also run DNS (required for it to be the SBS Domain Controller).  DNS is crucial for active directory.  All machines on your network including the server itself should use the SBS as their DNS server.  The PCs should get this setting as part of their DHCP configuration from the server, the server (with static IP address) needs to have it's own IP address for its primary DNS server in the network control panel (it points to itself for DNS, in other words).

Next, you configure the DNS service on your server to use forwarders.  Forwarders are just outside DNS servers and should usually be your ISP's DNS servers.  How to configure DNS can be a common pitfall, but the concept to keep in mind is that your SBS will handle all DNS lookups for the LAN.  If it knows of a host already (such as PC1 on your LAN looking for PC2) then it handles this kind of lookup internally.  If it does not know it already (like a user goes to an internet site), then it looks up what it needs from your ISP and returns this information to the PC.  

Hope this helps!
0
 
erkwongAuthor Commented:
I am kinda concerned with only having a off the shelf netgear router's firewall between me and all that is internet nastiness out there...

will this NIC install right into mt Dell Poweredge SC440 with minimal fuss?
D-Link Systems
DGE-530T GigaExpress 10/100/1000Mbps PCI Network Adapter
http://www.provantage.com/d-link-dge-530t~7DLNA00L.htm

If so, I would certainly think about adding this before configuring my system.  Thoughts?
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now