New company installing a server on my lan

  • Thread starter Thread starter Nicci
  • Start date Start date
N

Nicci

A division of our comapny is being sold, but as yet no
contract has been signed. They buyer wants to install a
server with two network cards. One connected to a dsl
link, and the other to our lan. They require telnet and
print services, but I don't want them to gain access to
any of our other resources. How do I go about this?
 
They require print services where - from the internet?? At bare minimum
install a firewall. Preferably one at the dsl connection that can controll
access to inbound ports from specific IP addresses instead of opening up the
ports to the world. Not all of the lower end NAT routers can do that. Try to
get someting like a Sonic Wall or Netcreen which have models starting as low
as $350. If they won't spring for that, put a personal firewall on that
server like Sygate. You can further protect your network from that computer
by using ipsec either permit/block filtering or negotiation for AH/ESP if in
a domain using kerberos for machine authentication. If you decide to try
ipsec read the KB link below on how domain controllers/domain members
interact with ipsec. Of course while any machine should be hardened, it is
critical for those exposed to inbound internet traffic with complex
passwords, antivirus protection, being current with critical updates, and
running only necessary services being a start. See links below for more
info. --- Steve

http://support.microsoft.com/?kbid=254949
http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp
http://securityadmin.info/faq.asp#harden from FAQ.
 
I should add that for firewall configuration by far the safest strategy is
to block all inbound and outbound traffic and then create exception rules
for only authorized traffic based on port, protocol, and IP addresses. ---
Steve
 
The DSL should come with a router that ontains a simple firewall. That should be good enough for port forwarding / blocking unless they will control that interface.
 
Thanks for that. You've helped a lot.
-----Original Message-----
I should add that for firewall configuration by far the safest strategy is
to block all inbound and outbound traffic and then create exception rules
for only authorized traffic based on port, protocol, and IP addresses. ---
Steve

instead of opening up
the routers can do that. Try
to models starting as
low network from that
computer negotiation for AH/ESP if
in


.
Click to expand...
 
Back
Top