Solved

Netgear WGR614 Firewall strength & network setup

Posted on 2008-06-10
6
1,941 Views
Last Modified: 2008-11-02
I'm setting up a network for a small office w/ the following:
- Dell SC440 single NIC server with SBS 2003
(patient data will be stored on this server)
- 3 WinXP Pro desktops.

The internet connection will be verizon dsl modem w/ fixed ip - connected to a Netgear WGR614 v9, which is then connected to a Dell Powerconnect 2716 Switch (can be managed or unmanaged).  The switch connects each of the PC's above.

If I run this router with the firewalls enabled on the server and each desktop, how difficult is the system to breach? Is this secure?  I do plan to establish either Remote Web Workplace or VPN or both in the near future as well.

Also, given this setup, is it possible to assign the fixed IP to the server?  is this done on the Netgear router or on the Dell Switch?

Thanks.
0
Comment
Question by:erkwong
  • 2
  • 2
6 Comments
 
LVL 6

Accepted Solution

by:
evanmcnally earned 250 total points
ID: 21754392
I think you'll find this answer helpful and very detailed:  http://www.experts-exchange.com/Networking/Misc/Q_21804033.html

In general terms your proposed setup can be very secure.  The most important thing is the configuration of your netgear router.  You will want to give the server a static IP address using the network control panel on the server, and then on the router you want to forward ports to the server's address.  For good security, you want to forward only ports required by services which will be remotely accessed.  So if you are not using a service, do not forward the port.  If your router has an option to make a machine on the network a DMZ host, you never ever want to use this feature.  

These are the ports used by SBS.

TCP port                                            Definition
25                                                  Email (SMTP)
80                                                   required for HTTP
requests for your site
443                                                 required for HTTPS
requests using SSL, which secures communications from your server and a Web
browser
444                                                Companyweb
4125                                               Remote Web Workplace
1723 (plus GRE Protocol 47)                VPN
3389                                               Terminal Services  
21                                                    FTP

Aside from network level security (firewalls, router), you need uptodate antivirus software on the server and PCs, and you should strongly consider setting all PCs and the server to automatically download and install updates from Microsoft.  Some people do not like automatic updating on servers because of the potential for something breaking.  If that's you, then perform regular manual updates without fail.
0
 

Author Comment

by:erkwong
ID: 21755792
Thanks for the reply -
Then with my setup, does my SBS server do the DHCP to the workstations, or does the router do all that work?  
I am reading SBS 2003 Unleashed, and I'm getting a bit confused on this issue, and now at the DNS config in chapter 5.  Is all this served by my sbs server, or by my ISP?  Apologies for the slew of newbie questions.
0
 
LVL 6

Expert Comment

by:evanmcnally
ID: 21755921
For remote desktop access to the PCs through SBS's remote desktop gateway, you need to let SBS do DHCP and turn off DHCP on the router.  Windows networks almost always work better when the server does DHCP, it's the best practice.

The server should also run DNS (required for it to be the SBS Domain Controller).  DNS is crucial for active directory.  All machines on your network including the server itself should use the SBS as their DNS server.  The PCs should get this setting as part of their DHCP configuration from the server, the server (with static IP address) needs to have it's own IP address for its primary DNS server in the network control panel (it points to itself for DNS, in other words).

Next, you configure the DNS service on your server to use forwarders.  Forwarders are just outside DNS servers and should usually be your ISP's DNS servers.  How to configure DNS can be a common pitfall, but the concept to keep in mind is that your SBS will handle all DNS lookups for the LAN.  If it knows of a host already (such as PC1 on your LAN looking for PC2) then it handles this kind of lookup internally.  If it does not know it already (like a user goes to an internet site), then it looks up what it needs from your ISP and returns this information to the PC.  

Hope this helps!
0
 

Author Comment

by:erkwong
ID: 21776213
I am kinda concerned with only having a off the shelf netgear router's firewall between me and all that is internet nastiness out there...

will this NIC install right into mt Dell Poweredge SC440 with minimal fuss?
D-Link Systems
DGE-530T GigaExpress 10/100/1000Mbps PCI Network Adapter
http://www.provantage.com/d-link-dge-530t~7DLNA00L.htm

If so, I would certainly think about adding this before configuring my system.  Thoughts?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now