Re: Protecting Multiple Public IP Workstations

[Kevan Olhausen <kevan () ipinc net>]

Hi Matt,

I'm making a few assumptions here:
1) Workstations need access to the server locally and from over the Internet
2) The Server is intended to be the fileserver/print server
3) With remote access you don't _REQUIRE_ the network to use Public Ips.

The RRAS idea is good but if you are going to use it as a security endpoint
for remote clients to connect to you may want to use some dedicated VPN box
that allows for remote connectivity and is a firewall for the internal
network only. The reason is that you don't want to have the server doing
more than you need it to because making your server a
firewall/router/RRAS/fileserver/print_server/etc can cause the whole
"firewall was defeated now everything compromised" kind of situation and if
the server fails so does EVERYTHING else.

I would get a dedicated firewall box with VPN ability to protect the
internet network. A lot of SOHO firewalls have VPN ability so that is
something to check out.

On 2/26/04 11:11 AM, "MATT GIBSON" <mattgibson () shaw ca> wrote:

> Hey Everyone :)
>
> We've got a client who (for various reasons) has a network (that's currently
> p2p), and all the workstations (6) have public IP addresses.  It's a windows
> network (mixed 98 and 2000), and we're putting in a new server (win2k) Just
> wondering how to best protect this network?
>
> My two thoughts are:
>
> 1) To use firewalls at the client level (don't like this idea)
> 2) To use RRAS on the server, and have the server route all the public IP's
> through it first, and then run some sort of firewall on the server.
>
> Any suggestions?
>
> -Matt Gibson
>
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------