Re: Protecting Multiple Public IP Workstations

["Paul Kurczaba" <paul () myipis com>]

First of all, it's never a good idea to assign public IP's to workstations
on a networked environment (this type of environment is a hackers wish come
true). If you are not hosting services on all six IP's, you can buy a
$100-$150 firewall/router at compusa (I would recommend Linksys or Netgear).
Most have 4 or 8 ports. If the firewall/router you buy only has 4 ports,
also pick up a 4 port switch (it's about $50-$70). If you need all 6 IP's
(for hosting HTTP, FTP, SMTP, etc.), you should probably get a CheckPoint
FW-1 or a Cisco PIX. Also, if you havn't already bought the Win2k server, I
would suggest Server 2003 instead. It takes less than 10 seconds to boot,
the OS is faster, and more secure than 2000.

just my $0.02

-Paul Kurczaba
----- Original Message ----- 
From: "MATT GIBSON" <mattgibson () shaw ca>
To: <security-basics () securityfocus com>
Sent: Thursday, February 26, 2004 2:11 PM
Subject: Protecting Multiple Public IP Workstations


> Hey Everyone :)
>
> We've got a client who (for various reasons) has a network (that's
currently p2p), and all the workstations (6) have public IP addresses.  It's
a windows network (mixed 98 and 2000), and we're putting in a new server
(win2k) Just wondering how to best protect this network?
> My two thoughts are:
>
> 1) To use firewalls at the client level (don't like this idea)
> 2) To use RRAS on the server, and have the server route all the public
IP's through it first, and then run some sort of firewall on the server.
> Any suggestions?
>
> -Matt Gibson
>
>
> --------------------------------------------------------------------------
-
> --------------------------------------------------------------------------
--
>



---------------------------------------------------------------------------
----------------------------------------------------------------------------