Re: Making a W2K with Internet Connection Sharing secure

["SFDC Admin" <postmaster () security-forums com>]

Sarbjit Singh Gill <ssgill () starhub net sg> randomly produced:

<snip>
::
:: I need somekind of proxy/NAT/firewalling  and URL
:: filtering capabilities on the W2K. They have to be
:: free. We are sourcing for some netscreen stuff but do
:: not know when it will come in.

Unless Microsoft is so kind as to donate a copy of ISA I can't see you
getting anything like this for free..

You could use something like Tiny Personal Firewall and secure the box as
much as possible (http://www.darknet.org.uk/content/files/securewin2k.txt),
but this wouldn't help with any kind of content filterting.

::
:: I can't use IP filtering in W2k as it affects all
:: adapters. The LAN PCs use the server as a DC for
:: policies and authentication.

I personally would dump W2k as it's not really suitable for this kind of job
when you had a 0 budget, I don't think it's suitable for this kind of job at
all, but's that's an entire debate on it's own.

IMHO you should use a Linux or BSD machine and something like dansguardian
(http://www.dansguardian.org/) which provides free content filtertering
using SQUID (a free proxy http://www.squid-cache.org/)

IPTables/IPF which are integral parts of *nix systems can accomplish the NAT
and firewalling very adequately.

You could keep the Win2k server inside this if you need a domain controller
as you can run this kind of setup on a very low spec box (133-266mhz).

::
:: Right now the W2K server is connected to the internet
:: with no security whatsoever.
::

Not a good thing to advertise :)

:: Thanks in advance.
::
:: Gill

Good luck

Shaolin

.: http://www.security-forums.com :.

         Share your knowledge
          It's a way to achieve
                Immortality.