RE: Protecting Multiple Public IP Workstations

["Duston Sickler" <dustons () charter net>]

Why on earth does the whole network need to be exposed to the Internet?  I
good router is in order!  If for nothing else than the limited protection of
N.A.T.

Will any of the resources for this new server be needed accessible from the
Internet? If then you should consider placing it in a DMZ.   I am not sure
what you would gain using the RRAS solution but I am a newbie.

Duston Sickler
CompTIA A+ Certified
"Cedo Nilli"

-----Original Message-----
From: MATT GIBSON [mailto:mattgibson () shaw ca]
Sent: Thursday, February 26, 2004 1:11 PM
To: security-basics () securityfocus com
Subject: Protecting Multiple Public IP Workstations

Hey Everyone :)

We've got a client who (for various reasons) has a network (that's currently
p2p), and all the workstations (6) have public IP addresses.  It's a windows
network (mixed 98 and 2000), and we're putting in a new server (win2k) Just
wondering how to best protect this network? 

My two thoughts are:

1) To use firewalls at the client level (don't like this idea)
2) To use RRAS on the server, and have the server route all the public IP's
through it first, and then run some sort of firewall on the server.

Any suggestions?

-Matt Gibson


---------------------------------------------------------------------------
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------