Server 2003 domain - Firewall best practices

Posted on 2010-01-04
Last Modified: 2013-11-22
Hi experts, Im looking for some advice on what is best practice with reagrds to software firewalls on a windows domain.

We currently have a Domain Controller, 2 x Terminal Servers, SQL Server, File Server and 50 work Stations. Everything sits behind a hardware firewall, and all the workstations have windows firewall switched on. so I wanted to check is it also nessary to turn on the internet connection firewall on the domain controller and or other servers aswell.

Question by:corecc
    LVL 4

    Expert Comment

    The internet Connection Firewall Basically is a PROXY for all your internal networked machines. It also prevents scanning of ports and resources (file and printer shares) from external sources.  If you want more control over your users internet content and access to resources then yes use it.  If it's not a huge issue to your organization then a simple hardware firewall when configured correctly can provide sufficient security from the outside world to your servers/computers.
    LVL 1

    Author Comment

    Thanks for your comments, I think we will use it then, the DC is running dns and dhcp services, so does it make sense just to enable the firewall on the DC or would you enable it on all servers?
    LVL 4

    Accepted Solution

    I think its a little more than just enabling it.  You have to plan it out....your services, ports, ect...

    Do a test run when you have time to see if it would work in your environment.  

    start here..

    LVL 1

    Author Closing Comment

    Many thanks, for pointing me in the right direction

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Join & Write a Comment

    These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
    A quick step-by-step overview of installing and configuring Carbonite Server Backup.
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    This video discusses moving either the default database or any database to a new volume.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now