Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Netgear WGR614 Firewall strength & network setup

Posted on 2008-06-10
6
1,943 Views
Last Modified: 2008-11-02
I'm setting up a network for a small office w/ the following:
- Dell SC440 single NIC server with SBS 2003
(patient data will be stored on this server)
- 3 WinXP Pro desktops.

The internet connection will be verizon dsl modem w/ fixed ip - connected to a Netgear WGR614 v9, which is then connected to a Dell Powerconnect 2716 Switch (can be managed or unmanaged).  The switch connects each of the PC's above.

If I run this router with the firewalls enabled on the server and each desktop, how difficult is the system to breach? Is this secure?  I do plan to establish either Remote Web Workplace or VPN or both in the near future as well.

Also, given this setup, is it possible to assign the fixed IP to the server?  is this done on the Netgear router or on the Dell Switch?

Thanks.
0
Comment
Question by:erkwong
  • 2
  • 2
6 Comments
 
LVL 6

Accepted Solution

by:
evanmcnally earned 250 total points
ID: 21754392
I think you'll find this answer helpful and very detailed:  http://www.experts-exchange.com/Networking/Misc/Q_21804033.html

In general terms your proposed setup can be very secure.  The most important thing is the configuration of your netgear router.  You will want to give the server a static IP address using the network control panel on the server, and then on the router you want to forward ports to the server's address.  For good security, you want to forward only ports required by services which will be remotely accessed.  So if you are not using a service, do not forward the port.  If your router has an option to make a machine on the network a DMZ host, you never ever want to use this feature.  

These are the ports used by SBS.

TCP port                                            Definition
25                                                  Email (SMTP)
80                                                   required for HTTP
requests for your site
443                                                 required for HTTPS
requests using SSL, which secures communications from your server and a Web
browser
444                                                Companyweb
4125                                               Remote Web Workplace
1723 (plus GRE Protocol 47)                VPN
3389                                               Terminal Services  
21                                                    FTP

Aside from network level security (firewalls, router), you need uptodate antivirus software on the server and PCs, and you should strongly consider setting all PCs and the server to automatically download and install updates from Microsoft.  Some people do not like automatic updating on servers because of the potential for something breaking.  If that's you, then perform regular manual updates without fail.
0
 

Author Comment

by:erkwong
ID: 21755792
Thanks for the reply -
Then with my setup, does my SBS server do the DHCP to the workstations, or does the router do all that work?  
I am reading SBS 2003 Unleashed, and I'm getting a bit confused on this issue, and now at the DNS config in chapter 5.  Is all this served by my sbs server, or by my ISP?  Apologies for the slew of newbie questions.
0
 
LVL 6

Expert Comment

by:evanmcnally
ID: 21755921
For remote desktop access to the PCs through SBS's remote desktop gateway, you need to let SBS do DHCP and turn off DHCP on the router.  Windows networks almost always work better when the server does DHCP, it's the best practice.

The server should also run DNS (required for it to be the SBS Domain Controller).  DNS is crucial for active directory.  All machines on your network including the server itself should use the SBS as their DNS server.  The PCs should get this setting as part of their DHCP configuration from the server, the server (with static IP address) needs to have it's own IP address for its primary DNS server in the network control panel (it points to itself for DNS, in other words).

Next, you configure the DNS service on your server to use forwarders.  Forwarders are just outside DNS servers and should usually be your ISP's DNS servers.  How to configure DNS can be a common pitfall, but the concept to keep in mind is that your SBS will handle all DNS lookups for the LAN.  If it knows of a host already (such as PC1 on your LAN looking for PC2) then it handles this kind of lookup internally.  If it does not know it already (like a user goes to an internet site), then it looks up what it needs from your ISP and returns this information to the PC.  

Hope this helps!
0
 

Author Comment

by:erkwong
ID: 21776213
I am kinda concerned with only having a off the shelf netgear router's firewall between me and all that is internet nastiness out there...

will this NIC install right into mt Dell Poweredge SC440 with minimal fuss?
D-Link Systems
DGE-530T GigaExpress 10/100/1000Mbps PCI Network Adapter
http://www.provantage.com/d-link-dge-530t~7DLNA00L.htm

If so, I would certainly think about adding this before configuring my system.  Thoughts?
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question