* This is the modus mailing list * Based upon your description, a good and easy solution would be to setup a hardware based firewall (I'm a fan of the PIX myself, not too familiar with Sonicwall) to protect your databases and other critical servers.
Some things to think about: * VLAN your critical components off your public IP network using private IP addresses. * Don't route your private IP addresses across your public routers. Once your devices are safely on the 'inside' of your network, you can either use NAT on the firewall, and setup ACLs to only allow access from the public servers that require access to the private network, or you can setup a second NIC in your servers, and add these interfaces to your inside network. You can also use VPN, but I would not use VPN personally. Going the NIC route should be ok in general, but you want to make sure your servers are not setup to route IP (like a router). Keep in mind, in any of these scenarios, if your public server becomes compromised, your inside network could be vulnerable to attack depending on a few factors. Another option is to put everything behind your firewall, and use NAT with ACLs for your public services. Depending on your bandwidth and throughput requirements, your costs on the firewall could vary. Also keep in mind you will have a weak link if you do not have some sort of dual firewall configuration with failover. Your Rodopi DB server definitely needs to be secured. My feelings on firewalling basic web hosting is a logistical pain the ass. I would go with a server-facing router and perform your high-touch services at the edge there. Regarding the Sonicwall Pro 230: I really do not think this is a 'service provider' class product. It seems to be mostly suited for content providers with a rack of servers somewhere, or designed for small/medium enterprise networks. I would recommend a more comprehensive assessment of your security needs before just sticking some appliance on your network and sticking everything behind it. David Bauman ANET Internet Solutions ----- Original Message ----- From: "Globalnet" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, February 08, 2004 10:16 AM Subject: [Modus] Firewall and Security > * This is the modus mailing list * > > We are looking for some info as in regards to security. > > We have been approached by a security advisor that recommends we place our > network behind a hardware firewall such as the Sonicwall Pro 230 > > > Our concerns is how does this effect the network, etc in the since as one > whom is a ISP, which all the various servers, network issues, etc, > Bandwidth? Just about every aspect? > > Basically here we are in the blind, we want to secure all of our servers, > Especially our sql nt machine running rodopi, mail server, running > Modusmail, and Web servers, and FTP Servers, and Radius Servers > > Is hardware the best to go or what does one recommend in this issue? > > Any insight here would be appreciated. > > > ** > To unsubscribe, send an Email to: [EMAIL PROTECTED] > with the word "UNSUBSCRIBE" in the body or subject line. ** To unsubscribe, send an Email to: [EMAIL PROTECTED] with the word "UNSUBSCRIBE" in the body or subject line.
