RE: Protecting Multiple Public IP Workstations

["Josh Mills" <JMills () cnbwaco com>]

"if you havn't already bought the Win2k server, I would suggest
Server 2003 instead"

my 2k3 server takes almost 3 minutes just to load the OS, how in the hell did you get it to boot in 10 seconds????

-----Original Message-----
From: Lists [mailto:lists () sonicc net]
Sent: Monday, March 01, 2004 2:16 PM
To: 'Paul Kurczaba'; 'MATT GIBSON'; security-basics () securityfocus com
Subject: RE: Protecting Multiple Public IP Workstations


Hi, 

If You're looking for the most secure firewall, consider a Full
Application Layer Proxy firewall which will understand the protocols
being used rather than just open up port 80 for example regardles of the
actual packet contents flowing through that port.

Symantec has some appliances that may be of use to you.

Good Luck
K.

-----Original Message-----
From: Paul Kurczaba [mailto:paul () myipis com] 
Sent: Saturday, 28 February 2004 4:52 AM
To: MATT GIBSON; security-basics () securityfocus com
Subject: Re: Protecting Multiple Public IP Workstations


First of all, it's never a good idea to assign public IP's to
workstations on a networked environment (this type of environment is a
hackers wish come true). If you are not hosting services on all six
IP's, you can buy a $100-$150 firewall/router at compusa (I would
recommend Linksys or Netgear). Most have 4 or 8 ports. If the
firewall/router you buy only has 4 ports, also pick up a 4 port switch
(it's about $50-$70). If you need all 6 IP's (for hosting HTTP, FTP,
SMTP, etc.), you should probably get a CheckPoint FW-1 or a Cisco PIX.
Also, if you havn't already bought the Win2k server, I would suggest
Server 2003 instead. It takes less than 10 seconds to boot, the OS is
faster, and more secure than 2000.

just my $0.02

-Paul Kurczaba
----- Original Message ----- 
From: "MATT GIBSON" <mattgibson () shaw ca>
To: <security-basics () securityfocus com>
Sent: Thursday, February 26, 2004 2:11 PM
Subject: Protecting Multiple Public IP Workstations


> Hey Everyone :)
>
> We've got a client who (for various reasons) has a network (that's
currently p2p), and all the workstations (6) have public IP addresses.
It's a windows network (mixed 98 and 2000), and we're putting in a new
server
(win2k) Just wondering how to best protect this network?
> My two thoughts are:
>
> 1) To use firewalls at the client level (don't like this idea)
> 2) To use RRAS on the server, and have the server route all the public
IP's through it first, and then run some sort of firewall on the server.
> Any suggestions?
>
> -Matt Gibson
>
>
> ----------------------------------------------------------------------
> ----
-
> ----------------------------------------------------------------------
> ----
--
>



------------------------------------------------------------------------
---
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_security-basics_040301
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_security-basics_040301
----------------------------------------------------------------------------