Security, most often, is sorta limited by $$$. I feel that you cannot have too much security from a security stand point.....but from a userability standpoint, thats another issue.
As far as being redundant for adding extra steps.....security comes in layers. The more layers, the more secure your system/network. NO NO system or network is 100% secure...but the closer to the 100% you can get, the better off you will be!! Simply using MS's IPSec and a 2600 router and IceCap will keep out most script kiddies. It will NOT keep the strong willed or insiders from doing damage. I would suggest something more than just layer3 security. A proxy server would help! A picture perfect security model would (at minimum) protect all 7 layers. The justification question.....would you like to spend the time and $$$$ on implementing security now....or would you like to spend time and $$$$ later on the administrative headaches involved on getting your newtork back up and running???? Kenny Ansel, Sytex Group Network Security Instructor MCP+I, MCSE, CCNP 608-388-8801 -----Original Message----- From: Vernon [mailto:[EMAIL PROTECTED]] Sent: Sunday, March 24, 2002 9:06 AM To: [EMAIL PROTECTED] Subject: ISP Security Suggestions I have a Windows 2000 Advanced Server setup with a T1 and a Cisco Router 2600 that is managed by our T1 provider. I've also have deployed the latest version of IceCap (the network version of Black Ice) blocking all ports, other than those needed to support our email server, 25 and 110. Furthermore, I've blocked every port using Microsoft's IPSec, again excluding 25 and 110, and naturally we keep up-to-date with all the latest patches from Microsoft. My question is, as this machine is not setup using a Proxy server nor do I have a hardware firewall does anyone see a real need to purchase a hardware firewall? Or furthermore a proxy server? I understand that this would be the ideal situation and every ounce of effort you make a hacker go through limits their ability to hack into my network, but doesn't it seem a little redundant to add these extra steps? Does anyone feel that these extra steps, extra effort and added cost are justified? Any suggestions and or comments would be greatly appreciated. Thanks
