General discussion

Locked

Help Please

By brandx ·
Im takeing on the venture of Creating a network for a friend of mine for his buisness. He has a 23 - 26 Pc Setup, I plan on using Windows 2003 SBS With Exchange and ISA Server. I plan on having the users on NAT, I also plan on having 2 Server pc's. I will have a website on the second box, and i will also want to have the internet send email to the exchange sevrer. Here is my concern. With all thease servers visible to the internet, how can i prevent hacker activity?

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by ewgny In reply to Help Please

Your solution is to use ISA Server to publish the services that you require.
This way your web server and exchange server can remain secure within your internal network. The
You should look at
www.isaserver.org
and read about publishing. I also suggest that you pick up shinders books, as they are the best on the subject
www.isaserver.org/pages/books.asp
ISA Server and beyond will be able to assist you with designing the topology for your new network
Good Luck

Collapse -

by d'solve IT In reply to Help Please

Hi,

Do not recommend SBS as you are 1) limited to the number of users you can grow 2) limited to only one domain with no domain interoperability and 3) licensing issues.

Moreover, to provide a secure and workable solution, you need 3 to 5 servers depending on the services and level of security you wish to provide; Domain Controller - 1, Mail server - 1, Web Server - 1(see note later), Firewall/Proxy/Gateway - 1 or 2.

I recommend Windows 2003 with Active Directory as primary server for Domain logons. (this is a fast, reliable hardware with lots of memory (512 Mb min, 1Gb+ recommended).

You can setup linux (without xserver and GUI tools) as mail server (unless you can't do without Exchange - remember Exchange is a resource hog - a fast, reliable PC with sufficient disk space and 2Gb RAM to really work). Linux would gladly work on any old Pentium II PC with about 128 Mb of RAM and 40/80 Gb HDD - anything more, the penguin will dance in sheer ecstasy.

The Firewall/Proxy/Gateway(s) could be Linux boxes (similar to the Linux box mentioned above). You would need to put 2 of these boxes to create a DMZ and fully protect your internal network and allow controlled inwards access to the zone between these 2 (lookup DMZ to know more). Your mail server and/or webserver could be here. Only your outside NIC is visible to the world (and that too if you are using public IP. If you plan to connect through broadband/cable/ADSL/Dial-up then your will most probably be assigned a private IP from your ISP and you could do with only 1 firewall/proxy.

Note. If you are not planning to allow "outside" access to the webserver and predict only 23 - 26 internal clients, then consider your Windows 2003 server as a webserver.

It is not recommended having the domain controller and ISA residing on the same PC - nor having the Domain controller and Exchange on the same server.

I recommend Windows 2003 standard edition with about 25 - 30 CALs. This would 1) Keep your cost

Collapse -

by d'solve IT In reply to Help Please

Hi,

Do not recommend SBS as you are 1) limited to the number of users you can grow 2) limited to only one domain with no domain interoperability and 3) licensing issues.

Moreover, to provide a secure and workable solution, you need 3 to 5 servers depending on the services and level of security you wish to provide; Domain Controller - 1, Mail server - 1, Web Server - 1(see note later), Firewall/Proxy/Gateway - 1 or 2.

I recommend Windows 2003 with Active Directory as primary server for Domain logons. (this is a fast, reliable hardware with lots of memory (512 Mb min, 1Gb+ recommended).

You can setup linux (without xserver and GUI tools) as mail server (unless you can't do without Exchange - remember Exchange is a resource hog - a fast, reliable PC with sufficient disk space and 2Gb RAM to really work). Linux would gladly work on any old Pentium II PC with about 128 Mb of RAM and 40/80 Gb HDD - anything more, the penguin will dance in sheer ecstasy.

The Firewall/Proxy/Gateway(s) could be Linux boxes (similar to the Linux box mentioned above). You would need to put 2 of these boxes to create a DMZ and fully protect your internal network and allow controlled inwards access to the zone between these 2 (lookup DMZ to know more). Your mail server and/or webserver could be here. Only your outside NIC is visible to the world (and that too if you are using public IP. If you plan to connect through broadband/cable/ADSL/Dial-up then your will most probably be assigned a private IP from your ISP and you could do with only 1 firewall/proxy.

Note. If you are not planning to allow "outside" access to the webserver and predict only 23 - 26 internal clients, then consider your Windows 2003 server as a webserver.

It is not recommended having the domain controller and ISA residing on the same PC - nor having the Domain controller and Exchange on the same server.

I recommend Windows 2003 standard edition with about 25 - 30 CALs. This would 1) Keep your cost

Collapse -

by dgolic In reply to Help Please

OK, answer from ewgny@... is correct, also, answer from d'solve IT is true, but you should consider future growth. If there's no plan for growth for more than 50% (e.g. up to 50 computer accounts), you can freely buy Windows Small Business Server 2003 Premium, since it is much cheaper than buying products and hardware to accomplish the same functionality. You should have no problems with publishing servers (and websites) on ISA Server. The only thing you should consider is licensing: up to 50 clients-SBS 2003, more than 50 clients Windows Server 2003, and a separate boxes for domain controller and ISA Server. Count the licenses! Contact me for more help if needed.

Collapse -

by wdeklerk In reply to Help Please

I will use a Smoothwall express (Linux box) for the Proxy, DHCP, and firewall, (costs nothing)
NETMAX (linux box running Apache) (cost very little) for the web server, Both apps are very easy to configure (15 min for the firewall and 30 min for the web server) No need for ISA. If the web has to be public, set it outside of the firewall, if not also behind the firewall. Create a "virtual" path for the Exchange server thru the Firewall. Enable the snorter on the firewall.

Back to Windows Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums