secure internet access for win2k networkLocked
I would like to set up secure internet access for a small network that is running under windows 2000 with XP clients. Because active directory is heavily dependant upon DNS I want to make sure that the domain controller does not access the internet at all. The security products I will try and use are: 1 X 3com firewall, 1 X WIN2K box running the anti virus gateway software. The client machines will have their preffered dns server set to the domain controller which will forward all dns queries to the win2k box with the anti-virus gateway software(please note:it will be slaved to this dns server therefore it cannot try to resolve dns queries on it’s own). The primary dns server for this other win2k box will be the firewall.
Therefore the first layer of security is the firewall that is doing the port blocking and stateful inspection. The second line is the other win2k box running the anti virus gateway software(this is also the admin pc that decides which users have internet access). Name resoultion should work as follows: 1.Client pc asks make a name request (e.g win2k.com)to pdc 2. pdc forwards request to win2k box with antivirus\gateway software 3. win2k box forwards the request to firewall onto dns servers on the internet. 4. the result follows the same path back.
To the AD and security experts out there does that seem like a valid configuration? If so what potential problems do you see with this setup? Are there any improvements that you think could be made?
Thanks very much