Thinking of going Broadband

Thinking of going Broadband

Post by Rober » Sun, 18 Nov 2001 05:17:32



If your company is thinking of going to Broadband remember
that you need a firewall because your server will be open
to the internet. I can recommend Zonealarm Pro
 
 
 

Thinking of going Broadband

Post by Susan Bradley, aka » Sun, 18 Nov 2001 05:28:14


IMHO, I would recommend a hardware based firewall on the server,
software on traveling laptops.

In SBS2000 your firewall is ISA, in SBS 4.5 it's Proxy Server, so
sticking another software on the server [especially after blowing up
several things on my 4.5 server when I installed EnterNet 300] is
usually not recommended and it makes it harder to troubleshoot
problems.  Having both a hardware firewall and the internal protection
of the server makes me sleep easier at night.

I WOULD recommend though that any laptop that is taken out from behind
the server's protection and connected to the Internet have such a
software based firewall.  You have now extended your security parameters
to the hotel room .....thus any traveling laptop should be equipped with
software firewalls.

Susan


> If your company is thinking of going to Broadband remember
> that you need a firewall because your server will be open
> to the internet. I can recommend Zonealarm Pro


 
 
 

Thinking of going Broadband

Post by Paul C. Rentin » Sun, 18 Nov 2001 06:21:31


Quote:>I can recommend Zonealarm Pro

Why?
 
 
 

Thinking of going Broadband

Post by Dave Nickaso » Sun, 18 Nov 2001 06:56:47


Susan - are you using a hardware solution over and above your linksys?  If
so, what is it and how do you like it?

I was having a problem with security in 4.5 using the old dhcp on the second
nic trick, so I put in a linksys to be able to use static ip on the second
nic.  In the old configuration, I'd occasionally get open ports on the
grc.com test.  Not any more, though.  However, we're planning to enable vpn
access in the near future, and I want to make sure my security is as good as
it can be.



> IMHO, I would recommend a hardware based firewall on the server,
> software on traveling laptops.

> In SBS2000 your firewall is ISA, in SBS 4.5 it's Proxy Server, so
> sticking another software on the server [especially after blowing up
> several things on my 4.5 server when I installed EnterNet 300] is
> usually not recommended and it makes it harder to troubleshoot
> problems.  Having both a hardware firewall and the internal protection
> of the server makes me sleep easier at night.

> I WOULD recommend though that any laptop that is taken out from behind
> the server's protection and connected to the Internet have such a
> software based firewall.  You have now extended your security parameters
> to the hotel room .....thus any traveling laptop should be equipped with
> software firewalls.

> Susan


> > If your company is thinking of going to Broadband remember
> > that you need a firewall because your server will be open
> > to the internet. I can recommend Zonealarm Pro

 
 
 

Thinking of going Broadband

Post by Rober » Sun, 18 Nov 2001 08:12:40


Sorry should have said for small businesses, cheap and
very effective. It is also easily configured
Quote:>-----Original Message-----
>>I can recommend Zonealarm Pro

>Why?

>.

 
 
 

Thinking of going Broadband

Post by Rober » Sun, 18 Nov 2001 08:12:29


Sorry should have said for small businesses, cheap and
very effective. It is also easily configured
Quote:>-----Original Message-----
>>I can recommend Zonealarm Pro

>Why?

>.

 
 
 

Thinking of going Broadband

Post by Susan Bradley, aka » Sun, 18 Nov 2001 09:38:03


At the office I have upgraded myself to a Ugate Umax that has the dynamic IP to
static host name built in [the tzo.com setting]  honestly haven't gotten around
to setting that up yet...[that's after I get myself to an all Win2k office] .but
the router/firewall is much more solid than the Linksys.  Linksys you have to
plug and unplug every now and then.

Susan B.


> Susan - are you using a hardware solution over and above your linksys?  If
> so, what is it and how do you like it?

> I was having a problem with security in 4.5 using the old dhcp on the second
> nic trick, so I put in a linksys to be able to use static ip on the second
> nic.  In the old configuration, I'd occasionally get open ports on the
> grc.com test.  Not any more, though.  However, we're planning to enable vpn
> access in the near future, and I want to make sure my security is as good as
> it can be.



> > IMHO, I would recommend a hardware based firewall on the server,
> > software on traveling laptops.

> > In SBS2000 your firewall is ISA, in SBS 4.5 it's Proxy Server, so
> > sticking another software on the server [especially after blowing up
> > several things on my 4.5 server when I installed EnterNet 300] is
> > usually not recommended and it makes it harder to troubleshoot
> > problems.  Having both a hardware firewall and the internal protection
> > of the server makes me sleep easier at night.

> > I WOULD recommend though that any laptop that is taken out from behind
> > the server's protection and connected to the Internet have such a
> > software based firewall.  You have now extended your security parameters
> > to the hotel room .....thus any traveling laptop should be equipped with
> > software firewalls.

> > Susan


> > > If your company is thinking of going to Broadband remember
> > > that you need a firewall because your server will be open
> > > to the internet. I can recommend Zonealarm Pro

 
 
 

Thinking of going Broadband

Post by John Ba » Sun, 18 Nov 2001 20:52:08


My recommendation is a bit different in that I believe that notebook
computers are better off without 3rd party firewall software. It can
prove very troublesome when back in the office and confuses diagnosis
when supporting the employees in the field.

To improve Dial-up security just confirm that on the dial up
connection only TCP/IP is checked + do not bind Netbios to TCP/IP and
for VPN's make sure Use Default Gateway on remote network is checked.

You can goto one the security web self check sites to confirm your
setup..eg. www.g   ..forgotten it

In your Network Control Panel|Client for MS Networks, uncheck
the box for "Logon to Windows NT Domain".  You will still be
able to authenticate if your Windows username+password is the
same as your NT Domain username+password.  You may have to
manually map persistent network drives if you need drive letters
for applications/directories/shares.  This will prevent the
SBSlogon batch file from annoying your mobile user.

Also for mobile users on NT we would
Create a global group called "Desktop Admin", add the users that you
want to have full control of their workstations.  Then add the global
group "Desktop Admin" to the Administrator account on the local NT
machines.  Then they will have admin rights only to the workstations.

In SBS2000 from My Computer > Manage > ACTION > Connect to Another
Computer > pick the notebook > Local Users and Groups > then add the
Notebook user to the Local Administrators group.

Cheers
John



Sorry should have said for small businesses, cheap and
very effective. It is also easily configured

Quote:>-----Original Message-----
>>I can recommend Zonealarm Pro

>Why?

>.

                  _       ;--:-          __---------______________------ ____          
               c--U---^--''__[__ooo__]---| |_!_||_!_||_!_||_!_||_! [_][++|--|]    
     _--_     _|------------'_|,[______],|_________________|_|,|____|


 
 
 

Thinking of going Broadband

Post by Bob May » Tue, 20 Nov 2001 03:06:31


First, the web site is probably www.grc.com - Shields Up

Secondly, I've been using ZoneAlarm on my laptop, both in the office and
from home using VPN; I haven't had any problems with it.  It's been pretty
much like the ZoneAlarm set up claims - a lot of "Program xxxx want to do
yyy, Yes or No?" at first, but now it's settled down - maybe once a week or
less do I get the question.

    - Bob


> My recommendation is a bit different in that I believe that notebook
> computers are better off without 3rd party firewall software. It can
> prove very troublesome when back in the office and confuses diagnosis
> when supporting the employees in the field.

> To improve Dial-up security just confirm that on the dial up
> connection only TCP/IP is checked + do not bind Netbios to TCP/IP and
> for VPN's make sure Use Default Gateway on remote network is checked.

> You can goto one the security web self check sites to confirm your
> setup..eg. www.g   ..forgotten it

> In your Network Control Panel|Client for MS Networks, uncheck
> the box for "Logon to Windows NT Domain".  You will still be
> able to authenticate if your Windows username+password is the
> same as your NT Domain username+password.  You may have to
> manually map persistent network drives if you need drive letters
> for applications/directories/shares.  This will prevent the
> SBSlogon batch file from annoying your mobile user.

> Also for mobile users on NT we would
> Create a global group called "Desktop Admin", add the users that you
> want to have full control of their workstations.  Then add the global
> group "Desktop Admin" to the Administrator account on the local NT
> machines.  Then they will have admin rights only to the workstations.

> In SBS2000 from My Computer > Manage > ACTION > Connect to Another
> Computer > pick the notebook > Local Users and Groups > then add the
> Notebook user to the Local Administrators group.

> Cheers
> John



> Sorry should have said for small businesses, cheap and
> very effective. It is also easily configured
> >-----Original Message-----
> >>I can recommend Zonealarm Pro

> >Why?

> >.

>                   _       ;--:-          __---------______________------
____
>                c--U---^--''__[__ooo__]---| |_!_||_!_||_!_||_!_||_!
[_][++|--|]
>      _--_     _|------------'_|,[______],|_________________|_|,|____|



 
 
 

Thinking of going Broadband

Post by Don Man » Fri, 23 Nov 2001 03:11:22


I recommend a hardware firewall like Cisco's 827 or another with either the
IOS or PIX (spelling?) software with it if it is sitting on your LAN.

Programmed correctly, they are quite powerful!

Don


Quote:> If your company is thinking of going to Broadband remember
> that you need a firewall because your server will be open
> to the internet. I can recommend Zonealarm Pro

 
 
 

1. FYI - I think this is the longest I've gone without a Security bulletin

Subject:
          Revised: Microsoft Security Bulletin - MS02-069
     Date:
          Tue, 21 Jan 2003 16:31:19 -0500
     From:

 Reply-To:
          Windows NTBugtraq Mailing List

       To:

This bulletin has been revised.
V1.0 (December 11, 2002): Bulletin Created.
V1.1 (December 12, 2002): FAQ updated to provide additional references
regarding using the Windows Update Catalog.
V1.2 (January 17, 2003): FAQ updated to correct link errors.

Full bulletin details available at;
http://www.microsoft.com/technet/security/bulletin/MS02-069.asp

Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

Delivery co-sponsored by Prometric - More than testing, learning.
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

http://www.prometric.com

Prometric, part of The Thomson Corporation, is the leader in
technology-enabled testing and assessment services for information
technology certification, academic admissions, professional licensure
and
certifications, computer-based driver's licensing, and corporate
testing.

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

and this one is just a revision

2. CFP: "Distributed Shared Memory Systems" within PDPTA 2002, Las Vegas, USA

3. I think I'm going back to paper cups and string.....

4. Duplicate Contact checking

5. If you think I am going to buy anthing

6. What is a BIOS PARAMETER BLOCK?

7. Thinking about Going to SMS, Please advise me...

8. Debugger & G3

9. Web Proxy...going once, goince twice, gone !!!

10. Name goes on, long after session is gone!

11. SBS4.5 - Broadband via Gateway

12. SBS 45 - Broadband Web Access and Firewall Question

13. Full time/broadband connection - POP3 connector