General discussion

Locked

Network Security

By ashok_g ·
Hi

From my understanding, internal(reserved) IP address(e.g.10.0.0.0 network)are not seen in internet(If I am not wrong). How secure will be the network in following Scenario?

WAN part of router is internet IP address(given by ISP), internal interface(LAN) is reserved IP address of 10.0.0.1. Proxy(Mail) server has two NIC(10.0.0.2 and 10.0.1.1).10.0.0.2 is connected to router and 10.0.1.1 is connected to LAN. Router is configured in way that if anything comes in port 25, send to 10.0.0.2 and this is working fine(They use proxy server to browse internet). We going to host web sides in near future(we have option in router that any request in port 80 can be send to certain NIC). I know that I am allowing anything comes in port 25,80 to go to certain NIC(sort of opening port). From my understanding, if I want to have indirect connection to That nic I need to have three ports firewall(which is very expesive for our budget) and if we want to have two ports firwall than we have to connect directly to certain NIC and again it is doing as I am doing now.

Now I want to know, shall I buy firewall with two prots or wait for while and get three port firwall? but question is will our network be safe (considering above scenario)to stay without buying firewall? What sorts of risk that I will be facing?

I am looking at product call "Watchguard SOHO" for now(which has two port, in and out).

Thank you again

Regards
Ashok

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Network Security

by -Q-240248 In reply to Network Security

Your tranlated addresses in the 10.0 range will be safe. THe router will only forward SMTP traffic to a certain point. Safe again, although SMTP can be exposed. Firewall not necessary. If in doubt, do some tests from home.

Collapse -

Network Security

by ashok_g In reply to Network Security

Poster rated this answer

Collapse -

Network Security

by bowieb In reply to Network Security

You can do routing as you describe and get a fair amount of security, but keep in mind that all a router can do is track IP addresses and port numbers. A firewall will be able to keep track of logical network connections and provide security against far more types of attacks.

Even a 2-port firewall will provide more security than you have now. You can configure the firewall similar to how you have your router now, except just put everything into one subnet.

Ideally, you should have a 3-port firewall. That way you would have the Internet on one port, your Internet servers on another port, and your internal machines on the third port. You would be able to set security levels so that even if someone manages to get into one of your Internet servers, they would not have access to your internal network.

What I would recommend is that you purchase a 2-port firewall that can be upgraded to a 3-port later when you have the funds for it.

I don't know anything about the SOHO firewalls. We use a Cisco PIX firewall here that works very well.

Collapse -

Network Security

by ashok_g In reply to Network Security

Poster rated this answer

Collapse -

Network Security

by ashok_g In reply to Network Security

This question was closed by the author

Back to Security Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums