Firewalls

Our W2K Server is standalone and only hosts websites. The server is connected directly to a T-1 line. Is it advisable to have a fire wall between the T-1 and the server? If so any suggestions on which firewalls work well?

Consultant
Fri Jan 02 12:34:16 CST 2004

so this server is not connected to your internal network?

it is always recommended to have your servers connected to the internet to
be behind a firewall. there are many firewalls available, both hardware and
software, so it really depends on your budget.

"Curt Griggs" <prorally@earthlink.net> wrote in message
news:7C3431A1-1C79-41B9-AFC3-0F45D5E2AA77@microsoft.com...
> Our W2K Server is standalone and only hosts websites. The server is
connected directly to a T-1 line. Is it advisable to have a fire wall
between the T-1 and the server? If so any suggestions on which firewalls
work well?

anonymous
Fri Jan 02 13:01:18 CST 2004

Yes, the local network is also connected to the T-1 line, but through it's own Linksys Cable/DSL Router. My plan is to put the firewall between the T-1 and the first hub before the webserver and the local network router. Is this reasonable?

jcochran
Fri Jan 02 14:16:46 CST 2004

On Fri, 2 Jan 2004 10:26:11 -0800, "Curt Griggs"
<prorally@earthlink.net> wrote:

>Our W2K Server is standalone and only hosts websites. The server is connected directly to a T-1 line. Is it advisable to have a fire wall between the T-1 and the server?

Absolutely.

> If so any suggestions on which firewalls work well?

Hardware-based would be best, or at any rate a firewall separate from
the box that has your web server. If price is an issue, an old PC
running IP Cop would be fine.

Jeff

Sparky
Fri Jan 02 12:34:06 CST 2004


"Curt Griggs" <prorally@earthlink.net> wrote in message
news:7C3431A1-1C79-41B9-AFC3-0F45D5E2AA77@microsoft.com...
> Our W2K Server is standalone and only hosts websites. The server is
connected directly to a T-1 line. Is it advisable to have a fire wall
between the T-1 and the server? If so any suggestions on which firewalls
work well?

!! Holy crap, get that off of there! If you are not hacked already, you
will be soon.

Get yourself a firewall box like a Cisco PIX or something smaller
(WatchGuard makes some I think), or use an old PC and use the Linux distro
"Smoothwall" for the firewall.

What you are looking for is something that allows you to control per-port
connections to the computer.

Brett
Mon Jan 05 00:03:02 CST 2004

Well, the idea is to create as much seperation as
possible while serving your business needs. Ideally, your
web server is not on the same network as your private
network. You should have your T1 connected to the
firewall which then connects to the web
server. "Traditionally" your private network is connected
to another firewall (the back end) so that there are two
firewalls between your internal network and your public
network. However, there are lots of ways to do things.
Less secure, but easier to manage and common in smaller
comapanies is to have one firewall with two branches, one
for the IIS server and one for your private network. Many
ways to go. Only you can decide what you can afford in
terms of time for administration and money and tradeoffs
with the consequences of if you get breached and how.
-brett hill
iistraining.com



>-----Original Message-----
>Yes, the local network is also connected to the T-1
line, but through it's own Linksys Cable/DSL Router. My
plan is to put the firewall between the T-1 and the first
hub before the webserver and the local network router.
Is this reasonable?
>.
>