Help me secure a small business network . [securing a small business network] [small business network]
Q: I need help create a small business network.
There systems are 6 (3 pcs mac u0026 3), a snap server and a Unix server. At present each a static IP address.
The UNIX server is running an SCO Unix using telnet app that the company manages inventory and accounts. Both users and the business side of business access it.
The snap server serves a dual function. The web part has a small static HTML page extranet (business directory). And the file server portion is used to store data and share files between Mac u0026 pcs.
I want a firewall to add. Normally I would just PCs and Macs use NAT u0026 dynamic IP and set the Unix box on the DMZ, but it creates a ripple snap server that plan . and I have a mac wrinkle.
The maintained by a guy in another country. It connects them through Timbuktu . I am not sure if the dynamic IP and NAT will interfere with Timbuktu or whatever. Or if there is a way to set this up, and still secure.
The firewall is the SonicWall Pro VX .
Can you give me any info or feedback on what I should do or what to watch?
Thanks.
Best Answer: Your application is a bit more heavyweight that most.
First, you should use a router to interface with with the ISP. You cannot use the household grade ones. With 5 static IP addresses and an FTP server, etc you need something more robust. Check out www.adtran.com for Adtran units. Feel free to contact their prepurchase support and they will help a lot.
I would use the router to interface with Verizon. I would dedicate one static IP for FTP and probably use a dedicated XP box for FTP (rather than risk hackers on my server). I would put the FTP server in the DMZ so the router should be DMZ capable.
I would have the router control the IPSec VPN at the router level as well.
Let the server address LAN DHCP; assign static IP to the router, the server, and probably to print servers and the FTP server.
The router can direct the public IP addresses appropriately but this is a configuration matter – part of the config you need to do. Adtran will help to a large degree.
Because this is heavyweight, you may wish to get technical support locally.
Re:<< route mode.. without NAT… which is what you wanted >>
Can someone explain this to me… or point me to a site or FAQ?
Thx
Re:<< Regardless of which firewall I use, what I need to know is how I should set this up.
Do I use private IPs for the pcs & macs?
Do I use static or dynamic addressing?
Say that we have a block of IPs in the 12.12.12.x range… is it possible to set up the systems behind the firewall with the 12.12.12.x IPs or do I have to use the private IPs like 10.1.1.x ?
>>
i don't think i'm disagreeing w/ any one above, but if it were me, with 6 machines i'd go static internal ip's.
Re:Regardless of which firewall I use, what I need to know is how I should set this up.
Do I use private IPs for the pcs & macs?
Do I use static or dynamic addressing?
Say that we have a block of IPs in the 12.12.12.x range… is it possible to set up the systems behind the firewall with the 12.12.12.x IPs or do I have to use the private IPs like 10.1.1.x ?
Private IPs for local workstations. You can route any subnet you'd like for private usage. Route the public addresses or route the private addresses it is really your choice.
Choice between static or dynamic. I'm always a fan of dynamically assigning ips in a local lan regardless of the size.
Re:sorry I didn't go into detail..
router -> firewall -> internal network
the firewall can do NAT mode which is 12.12.12 into the private as you mentioned..
or route mode.. without NAT… which is what you wanted..
you can actually do like 1-64 for static and 65+ dynamic.. thats what I did..
Re:Thanks for the replies…
Regardless of which firewall I use, what I need to know is how I should set this up.
Do I use private IPs for the pcs & macs?
Do I use static or dynamic addressing?
Say that we have a block of IPs in the 12.12.12.x range… is it possible to set up the systems behind the firewall with the 12.12.12.x IPs or do I have to use the private IPs like 10.1.1.x ?
Re:I went to netscreen instead of sonic wall.. given that you need to buy support.. but I setup the netscreen in about 25 min and fine tunning the policies took another half to 1 hour.. I'm moving towards a bigger unit soon but I think netscreen is a little bit better than sonic walls..
Re:WEll first off, good luck with Sonicwall…I have always heard great things…..
ANother option might be using a pc as the firewall, letting you achieve personalizeed security.
I recommend SuSe Firewall on a CD or Smoothwall.org's Enterprise Flavor…
AS for telnet, I would suggest you move to SSH. SSH is very secure(generations aboce telnet) and still allows you do preform many tasks.
Good Luck
Related posts
Tags: securing a small business network, small business network