Okay, first let me say I'm not a network guru, but I've got a Cisco instructor right in the next cube so I bounced some thoughts off him.
By having your own block of addresses, you can opt to put in a hardware firewall and still assign your IPs locally. I'm told that a Cisco Pix is a good option. Of course, the downside with Cisco is that configuration is rather cryptic. Everything is at a command line and you have to write the filters by hand. http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/ Still, a hardware firewall whether Cisco or not is still going to be the most secure option. The downside is that it makes your local IPs invisible to the outside world unless you open ports. Whether this works for you or not depends on the business needs. Does each and every person on the network need to run an smtp, http, nntp server that is visible to the world? Probably not. They probably don't even need shares that are open and visible to the world. But by configuring a firewall to open select ports, the services that do need to be available can be. It's also worth considering putting the server behind it's own firewall that might have different filters than the desktop clients need. If you want to get really secure then you would also probably want to not allow Remote Desktop from outside a firewall. Instead you would want to set up a VPN into the local network and then tunnel a Remote Desktop connection through that. The downside there is that you or the people using the network will obviously need VPN capable equipment outside the network. If a hardware option is too much, then a desktop-level softare option may work. My networking guy here actually likes the one built in to WindowsXP. This would let you configure each desktop for its unique needs. The downside though is that you have to configure it at each desktop. I'm told that if you set up a domain controller, you can use that to configure and control the MS firewall configuration for each machine in a centralized way. We haven't done that here though so I don't know how well it works. There are other software firewalls out there. I would caution you against the Norton firewall though. Good luck, -Kevin > -----Original Message----- > From: SMR [mailto:[EMAIL PROTECTED] > Sent: Monday, March 31, 2003 8:09 AM > To: CF-Community > Subject: Re: Firewall Info/Help - WorldCom > > > They were given a block, so we hard code them in when needed. > > ----- Original Message ----- > From: "Kevin Graeme" <[EMAIL PROTECTED]> > To: "CF-Community" <[EMAIL PROTECTED]> > Sent: Monday, March 31, 2003 8:57 AM > Subject: RE: Firewall Info/Help - WorldCom > > > > I think you're going to really need to run a firewall. If a > machine on the > > local network is able to be compromised like you describe, then they are > > open for some reason. Whether that's for easy file sharing or what, it > > doesn't really matter. Which firewall to use is the question. > > > > Quick question for you: how are the static IP's configured? Are > they being > > manually typed in to the settings on each machine, or are they granted > based > > on MAC? If you are just given a block of numbers and get to handle > > assignment yourself then you are in a much, much better position. > > > > -Kevin > > > > > -----Original Message----- > > > From: SMR [mailto:[EMAIL PROTECTED] > > > Sent: Monday, March 31, 2003 7:35 AM > > > To: CF-Community > > > Subject: Firewall Info/Help - WorldCom > > > > > > > > > I have a client who has DSL access through WorldCom. They have 6 > > > computers that each get static IP's through their setup. This is > > > not the ideal setup since they are wide open to the internet and > > > I don't believe their dsl router has any type of firewall built > > > in. One of the machines was hacked and a virus was left behind. > > > I would rather not set up a NAT in this case because then it will > > > be harder for me to do remote administration on their machines. > > > I'm looking for a solution of either putting a firewall on each > > > machine or changing out the DSL router with one that has firewall > > > built in. Anyone have any suggestions? Anyone with > > > knowledge/experience on a WorldCom setup ? I have Tiny Personal > > > Firewall running on the server temporarily to protect it until I > > > can figure out a better solution. > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=5 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=5 This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5
