?
Solved

Netgear WGR614 Firewall strength & network setup

Posted on 2008-06-10
6
Medium Priority
?
1,948 Views
Last Modified: 2008-11-02
I'm setting up a network for a small office w/ the following:
- Dell SC440 single NIC server with SBS 2003
(patient data will be stored on this server)
- 3 WinXP Pro desktops.

The internet connection will be verizon dsl modem w/ fixed ip - connected to a Netgear WGR614 v9, which is then connected to a Dell Powerconnect 2716 Switch (can be managed or unmanaged).  The switch connects each of the PC's above.

If I run this router with the firewalls enabled on the server and each desktop, how difficult is the system to breach? Is this secure?  I do plan to establish either Remote Web Workplace or VPN or both in the near future as well.

Also, given this setup, is it possible to assign the fixed IP to the server?  is this done on the Netgear router or on the Dell Switch?

Thanks.
0
Comment
Question by:erkwong
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
6 Comments
 
LVL 6

Accepted Solution

by:
evanmcnally earned 1000 total points
ID: 21754392
I think you'll find this answer helpful and very detailed:  http://www.experts-exchange.com/Networking/Misc/Q_21804033.html

In general terms your proposed setup can be very secure.  The most important thing is the configuration of your netgear router.  You will want to give the server a static IP address using the network control panel on the server, and then on the router you want to forward ports to the server's address.  For good security, you want to forward only ports required by services which will be remotely accessed.  So if you are not using a service, do not forward the port.  If your router has an option to make a machine on the network a DMZ host, you never ever want to use this feature.  

These are the ports used by SBS.

TCP port                                            Definition
25                                                  Email (SMTP)
80                                                   required for HTTP
requests for your site
443                                                 required for HTTPS
requests using SSL, which secures communications from your server and a Web
browser
444                                                Companyweb
4125                                               Remote Web Workplace
1723 (plus GRE Protocol 47)                VPN
3389                                               Terminal Services  
21                                                    FTP

Aside from network level security (firewalls, router), you need uptodate antivirus software on the server and PCs, and you should strongly consider setting all PCs and the server to automatically download and install updates from Microsoft.  Some people do not like automatic updating on servers because of the potential for something breaking.  If that's you, then perform regular manual updates without fail.
0
 

Author Comment

by:erkwong
ID: 21755792
Thanks for the reply -
Then with my setup, does my SBS server do the DHCP to the workstations, or does the router do all that work?  
I am reading SBS 2003 Unleashed, and I'm getting a bit confused on this issue, and now at the DNS config in chapter 5.  Is all this served by my sbs server, or by my ISP?  Apologies for the slew of newbie questions.
0
 
LVL 6

Expert Comment

by:evanmcnally
ID: 21755921
For remote desktop access to the PCs through SBS's remote desktop gateway, you need to let SBS do DHCP and turn off DHCP on the router.  Windows networks almost always work better when the server does DHCP, it's the best practice.

The server should also run DNS (required for it to be the SBS Domain Controller).  DNS is crucial for active directory.  All machines on your network including the server itself should use the SBS as their DNS server.  The PCs should get this setting as part of their DHCP configuration from the server, the server (with static IP address) needs to have it's own IP address for its primary DNS server in the network control panel (it points to itself for DNS, in other words).

Next, you configure the DNS service on your server to use forwarders.  Forwarders are just outside DNS servers and should usually be your ISP's DNS servers.  How to configure DNS can be a common pitfall, but the concept to keep in mind is that your SBS will handle all DNS lookups for the LAN.  If it knows of a host already (such as PC1 on your LAN looking for PC2) then it handles this kind of lookup internally.  If it does not know it already (like a user goes to an internet site), then it looks up what it needs from your ISP and returns this information to the PC.  

Hope this helps!
0
 

Author Comment

by:erkwong
ID: 21776213
I am kinda concerned with only having a off the shelf netgear router's firewall between me and all that is internet nastiness out there...

will this NIC install right into mt Dell Poweredge SC440 with minimal fuss?
D-Link Systems
DGE-530T GigaExpress 10/100/1000Mbps PCI Network Adapter
http://www.provantage.com/d-link-dge-530t~7DLNA00L.htm

If so, I would certainly think about adding this before configuring my system.  Thoughts?
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question