• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 241
  • Last Modified:

Separating certain servers from primary LAN using firewall

I need to separate several of my servers from the primary LAN to be able to maintain certain restrictions on these servers without applying the same restrictions on every LAN computer.  (this is an attempt to suffice a PCI requirement)  What all will I need to allow on the firewall in order for these few servers to still access Active Directory, Exchange 2003, Internet, other subnetted networks at remote branches, Symantec BackupExec.  Also, what will need to be allowed to get to these servers to allow SQL, and Terminal Servers to access programs?
  • 2
1 Solution
You do it with a LAN Router,...not a firewall.
Configure ACLs on the LAN Router to control access.

Keep in mind that not all PCI auditing companies are created equal.  Some aren't worth a crap.  The "rules" that you have to comply to are not always a clearly defined as they should be and have room for "interpretation",...or worse yet,..."mis-interpretation".  

A machine or device can not be declared "secure" because someone slaps a firewall in front of it.  By the same token a machine or a device cannot [honestly] be declared "insecure" because there is no firewall in front of it.  A machine or a device can be perfectly secure with no firewall in front of it and can be secure even if no LAN Router with ACLs is in front of it,...it can be perfectly secure because someone has properly designed and secured the Application that runs on the machine and because they have properly heardened the OS of the machine or device.

Secureity does not "begin and end" at Layer3 & 4.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now