General discussion

Locked

Network security

By leon ·
I am responsible for lan with one NT server and about 20 clients(win 9x,NT4 & win2k). We are connected to the Internet via dsl behind a flowpoint 2200 router. Daily, I am experiencing at least 4-5 login attempts from sources outside our network. What can I do to prevent this constant intruder attempts?

Help!

This conversation is currently closed to new comments.

20 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Network security

by key In reply to Network security

You are in the passive role. One thing you can do is to enhance your network security and backup all important data regularly. You cannot stop the theif to try to steal your stuff, but you can prevent them from breaking in.
Good Luck!

Collapse -

Network security

by leon In reply to Network security

The question was auto-closed by TechRepublic

Collapse -

Network security

by erikdr In reply to Network security

Okay with 'enhance your network security'. A few tips:
* A firewall. As the router might not have these options, a separate one will be needed.
Could be a low-cost PC with Linux, a medium-cost black box solution similar to the router or a medium-cost Windows firewall. The latter might maybe be co-hosted on the NT Server, will depend on how much outbound traffic your clients have.
* Keep firewall configuration simple. Probably two segments, external and internal, might do - no complete DMZ (DeMilitarisedZone aka perimeter, this would be a 3rd segment).
* Did you already add NAT to the router or the NT Server? This could be a first step, now even without a firewall the intruders cannot access your internal IP adresses as easy as they cando now.

At your service,

<Erik> - The Netherlands

Collapse -

Network security

by leon In reply to Network security

The question was auto-closed by TechRepublic

Collapse -

Network security

by Zen37 In reply to Network security

Best option, get a firewall. You should not have an Internet connection without a firewall to protect your interests.

Low cost solution, have your router drop ports tcp/udp 137 to 139. This will prevent people on the outside to even "see" your server, much less connect to it.

But get a firewall anyways.

Good luck

Collapse -

Network security

by leon In reply to Network security

The question was auto-closed by TechRepublic

Collapse -

Network security

by PENGUINSRULE In reply to Network security

Yet another chance to plug OpenVMS - even though it's been going away for decades there are "No known penetrations", and ruled "UNHACKABLE" by DEFCON9

If it works, it works. I've been working with VMS since 1984, and I've never had a problem with this.

Collapse -

Network security

by leon In reply to Network security

The question was auto-closed by TechRepublic

Collapse -

Network security

by Charley In reply to Network security

Any flavor of UNIX will do the job you need. There are also add-on solutions for Windows to provide Network Address Translation (NAT).

I would, however, reccommend against using any of the Windows solutions as the NAT software is only as secure as the host environment. As another poster pointed out, some some flavors of UNIX are more secure than others. If, however, we assume that you do not have any services on your internal network which NEED to be visible from the Internet, then all you need to do is shut down ALL ports. This will, generally, provide all the security you need.

Your NAT server should be wired into your network between your DSL router and your internal network. Assuming you don't have any internal routing needs, your config might look something like this:

DSL -->[NAT] --> Office Switch

In a simple configuration, like this one, you don't even need a lot of hardware to do the job. I run a fairly high-traffic (Symmetric 768k DSL at ~70% load on average) office with a Pentium 120 w/128MB RAM and a pair of Intel EtherExpress Pro 100+ NICs. FreeBSD runs the show nicely. Given that I already had the hardware and the OS, which includes the NAT server software, is free, net layout was about 4 hours of my time (clean OS install) for a grand total of ~$120. That's it.

Collapse -

Network security

by leon In reply to Network security

The question was auto-closed by TechRepublic

Back to Security Forum
20 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums