Solved

Netgear WGR614 Firewall strength & network setup

Posted on 2008-06-10
6
1,939 Views
Last Modified: 2008-11-02
I'm setting up a network for a small office w/ the following:
- Dell SC440 single NIC server with SBS 2003
(patient data will be stored on this server)
- 3 WinXP Pro desktops.

The internet connection will be verizon dsl modem w/ fixed ip - connected to a Netgear WGR614 v9, which is then connected to a Dell Powerconnect 2716 Switch (can be managed or unmanaged).  The switch connects each of the PC's above.

If I run this router with the firewalls enabled on the server and each desktop, how difficult is the system to breach? Is this secure?  I do plan to establish either Remote Web Workplace or VPN or both in the near future as well.

Also, given this setup, is it possible to assign the fixed IP to the server?  is this done on the Netgear router or on the Dell Switch?

Thanks.
0
Comment
Question by:erkwong
  • 2
  • 2
6 Comments
 
LVL 6

Accepted Solution

by:
evanmcnally earned 250 total points
Comment Utility
I think you'll find this answer helpful and very detailed:  http://www.experts-exchange.com/Networking/Misc/Q_21804033.html

In general terms your proposed setup can be very secure.  The most important thing is the configuration of your netgear router.  You will want to give the server a static IP address using the network control panel on the server, and then on the router you want to forward ports to the server's address.  For good security, you want to forward only ports required by services which will be remotely accessed.  So if you are not using a service, do not forward the port.  If your router has an option to make a machine on the network a DMZ host, you never ever want to use this feature.  

These are the ports used by SBS.

TCP port                                            Definition
25                                                  Email (SMTP)
80                                                   required for HTTP
requests for your site
443                                                 required for HTTPS
requests using SSL, which secures communications from your server and a Web
browser
444                                                Companyweb
4125                                               Remote Web Workplace
1723 (plus GRE Protocol 47)                VPN
3389                                               Terminal Services  
21                                                    FTP

Aside from network level security (firewalls, router), you need uptodate antivirus software on the server and PCs, and you should strongly consider setting all PCs and the server to automatically download and install updates from Microsoft.  Some people do not like automatic updating on servers because of the potential for something breaking.  If that's you, then perform regular manual updates without fail.
0
 

Author Comment

by:erkwong
Comment Utility
Thanks for the reply -
Then with my setup, does my SBS server do the DHCP to the workstations, or does the router do all that work?  
I am reading SBS 2003 Unleashed, and I'm getting a bit confused on this issue, and now at the DNS config in chapter 5.  Is all this served by my sbs server, or by my ISP?  Apologies for the slew of newbie questions.
0
 
LVL 6

Expert Comment

by:evanmcnally
Comment Utility
For remote desktop access to the PCs through SBS's remote desktop gateway, you need to let SBS do DHCP and turn off DHCP on the router.  Windows networks almost always work better when the server does DHCP, it's the best practice.

The server should also run DNS (required for it to be the SBS Domain Controller).  DNS is crucial for active directory.  All machines on your network including the server itself should use the SBS as their DNS server.  The PCs should get this setting as part of their DHCP configuration from the server, the server (with static IP address) needs to have it's own IP address for its primary DNS server in the network control panel (it points to itself for DNS, in other words).

Next, you configure the DNS service on your server to use forwarders.  Forwarders are just outside DNS servers and should usually be your ISP's DNS servers.  How to configure DNS can be a common pitfall, but the concept to keep in mind is that your SBS will handle all DNS lookups for the LAN.  If it knows of a host already (such as PC1 on your LAN looking for PC2) then it handles this kind of lookup internally.  If it does not know it already (like a user goes to an internet site), then it looks up what it needs from your ISP and returns this information to the PC.  

Hope this helps!
0
 

Author Comment

by:erkwong
Comment Utility
I am kinda concerned with only having a off the shelf netgear router's firewall between me and all that is internet nastiness out there...

will this NIC install right into mt Dell Poweredge SC440 with minimal fuss?
D-Link Systems
DGE-530T GigaExpress 10/100/1000Mbps PCI Network Adapter
http://www.provantage.com/d-link-dge-530t~7DLNA00L.htm

If so, I would certainly think about adding this before configuring my system.  Thoughts?
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now